From 226836bcab114a9ec82c3695b9b4ba469c4c0b6e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 3 Aug 2009 12:48:07 +0000
Subject: [PATCH] idp/SSOService: Use the SAML2 library for sending
 error-responses.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1610 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml2/lib/Message.php | 19 +++++++++++++++++++
 www/saml2/idp/SSOService.php  | 24 +++++++++++++++---------
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index b80a55a97..e8ea3b1f2 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -345,6 +345,25 @@ class sspmod_saml2_Message {
 	}
 
 
+	/**
+	 * Build a authentication response based on information in the metadata.
+	 *
+	 * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
+	 * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
+	 */
+	public static function buildResponse(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) {
+
+		$r = new SAML2_Response();
+
+		$r->setIssuer($srcMetadata->getString('entityid'));
+		$r->setDestination($dstMetadata->getString('AssertionConsumerService'));
+
+		self::addSign($srcMetadata, $dstMetadata, $r);
+
+		return $r;
+	}
+
+
 	/**
 	 * Process a response message.
 	 *
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index b8059f6c8..3ed7cc7db 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -67,17 +67,23 @@ function handleError(Exception $exception) {
 	$error->logWarning();
 
 	try {
+		$idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
+		$spMetadata = $metadata->getMetaDataConfig($issuer, 'saml20-sp-remote');
 
-		/* Generate an SAML 2.0 AuthNResponse message
-		 * With statusCode: urn:oasis:names:tc:SAML:2.0:status:NoPassive
-		 */
-		$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
-		$authnResponseXML = $ar->generate($idpentityid, $issuer, $requestID, NULL, NULL, $error, $config->getValue('session.duration', 3600) );
+		$ar = sspmod_saml2_Message::buildResponse($idpMetadata, $spMetadata);
+		$ar->setInResponseTo($requestID);
+		$ar->setRelayState($relayState);
+
+		$ar->setStatus(array(
+			'Code' => $error->getStatus(),
+			'SubCode' => $error->getSubStatus(),
+			'Message' => $error->getStatusMessage(),
+			));
+
+		$binding = new SAML2_HTTPPost();
+		$binding->setDestination(sspmod_SAML2_Message::getDebugDestination());
+		$binding->send($ar);
 
-		/* Sending the AuthNResponse using HTTP-Post SAML 2.0 binding. */
-		$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
-		$httppost->sendResponse($authnResponseXML, $idpentityid, $issuer, $relayState);
-		exit();
 	} catch(Exception $e) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATEAUTHNRESPONSE', $e);
 	}
-- 
GitLab