From 29dd1d1577605004fcb817f2920ee81428ddd2c1 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Wed, 17 Feb 2010 08:30:36 +0000
Subject: [PATCH] fix: swap the order of metadata parameters in verifying
 signatures on incoming messages, so the correct certificate from the SP(!)
 metadata is used to check the signature instead of the IDP one

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2185 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/IdP/SAML2.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 6638eb373..42c8a54f0 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -377,7 +377,7 @@ class sspmod_saml_IdP_SAML2 {
 		$idpMetadata = $idp->getConfig();
 		$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
 
-		sspmod_saml2_Message::validateMessage($idpMetadata, $spMetadata, $message);
+		sspmod_saml2_Message::validateMessage($spMetadata, $idpMetadata, $message);
 
 		if ($message instanceof SAML2_LogoutResponse) {
 
-- 
GitLab