Fix bug with assertion signing, now using correct ID attribute of the assertion element

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@841 44740490-163a-0410-bde0-09ae8108e29a

Fix bug with assertion signing, now using correct ID attribute of the assertion element
2c7bd39d · Andreas Åkre Solberg · d6d38a3b · 2c7bd39d
Commit 2c7bd39d authored 16 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -97,16 +97,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 			$passphrase = NULL;
 		}

-		$signer = new SimpleSAML_XML_Signer(array(
-			'privatekey' => $idpmd['privatekey'],
-			'privatekey_pass' => $passphrase,
-			'certificate' => $idpmd['certificate'],
-			'id' => 'ResponseID',
-			));

-		if(array_key_exists('certificatechain', $idpmd)) {
-			$signer->addCertificate($idpmd['certificatechain']);
-		}
 		
 		$responsedom = new DOMDocument();
 		$responsedom->loadXML(str_replace ("\r", "", $response));
@@ -138,11 +129,19 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		}
 		
 		
-		
-		if(!$signResponse) {
-			$signer->sign($firstassertionroot, $firstassertionroot);
+		$signer = new SimpleSAML_XML_Signer(array(
+			'privatekey' => $idpmd['privatekey'],
+			'privatekey_pass' => $passphrase,
+			'certificate' => $idpmd['certificate'],
+			'id' => ($signResponse ? 'ResponseID' : 'AssertionID') ,
+			));
+
+
+		if(array_key_exists('certificatechain', $idpmd)) {
+			$signer->addCertificate($idpmd['certificatechain']);
 		}
 		
+		
 		if($signResponse) {
 			/* Sign the response - this must be done after encrypting the assertion. */

@@ -151,8 +150,15 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 			assert('count($statusElements) === 1');

 			$signer->sign($responseroot, $responseroot, $statusElements[0]);
+			
+		} else {
+			/* Sign the assertion */
+		
+			$signer->sign($firstassertionroot, $firstassertionroot);
 		}
 		
+
+		
 		$response = $responsedom->saveXML();