From 1ed490e3df6788b95048a5291e608577f42adcd3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 23 Jun 2008 10:57:33 +0000
Subject: [PATCH] SAML2-SSOService: Fix IsPassive behaviour.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@695 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/idp/SSOService.php | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 4371f94c5..b9b621331 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -182,7 +182,27 @@ if($needAuth && !$isPassive) {
 		'AuthId' => $authId,
 		'protocol' => 'saml2',
 	));
-		
+
+} elseif($needAuth) {
+	/* We have a passive request, but need authentication. Send back a response indicating that
+	 * the user didn't have a valid session.
+	 */
+
+	try {
+
+		/* Generate an SAML 2.0 AuthNResponse message
+		 * With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
+		 */
+		$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
+		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], null, array(), 'NoPassive');
+
+		/* Sending the AuthNResponse using HTTP-Post SAML 2.0 binding. */
+		$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
+		$httppost->sendResponse($authnResponseXML, $idpentityid, $requestcache['Issuer'], $requestcache['RelayState']);
+	} catch(Exception $exception) {
+		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $exception);
+	}
+
 /**
  * We got an request, and we have a valid session. Then we send an AuthnResponse back to the
  * service.
@@ -202,19 +222,6 @@ if($needAuth && !$isPassive) {
 
 		SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to ' . $spentityid);
 		
-		if ($isPassive) {
-			/* Generate an SAML 2.0 AuthNResponse message
-			   With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
-			*/
-			$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
-			$authnResponseXML = $ar->generate($idpentityid, $spentityid, $requestcache['RequestID'], null, array(), 'NoPassive');
-		
-			// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
-			$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
-			$httppost->sendResponse($authnResponseXML, $idpentityid, $spentityid, $requestcache['RelayState']);
-			exit;
-		}
-		
 		/*
 		 * Attribute handling
 		 */
-- 
GitLab