From 2c7bd39d706fd2c573ca260be6caaafe9886b9ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 27 Aug 2008 20:49:39 +0000
Subject: [PATCH] Fix bug with assertion signing, now using correct ID
 attribute of the assertion element

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@841 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 30 ++++++++++++---------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index e6073b6b6..ef2f97eb9 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -97,16 +97,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 			$passphrase = NULL;
 		}
 
-		$signer = new SimpleSAML_XML_Signer(array(
-			'privatekey' => $idpmd['privatekey'],
-			'privatekey_pass' => $passphrase,
-			'certificate' => $idpmd['certificate'],
-			'id' => 'ResponseID',
-			));
 
-		if(array_key_exists('certificatechain', $idpmd)) {
-			$signer->addCertificate($idpmd['certificatechain']);
-		}
 		
 		$responsedom = new DOMDocument();
 		$responsedom->loadXML(str_replace ("\r", "", $response));
@@ -138,11 +129,19 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		}
 		
 		
-		
-		if(!$signResponse) {
-			$signer->sign($firstassertionroot, $firstassertionroot);
+		$signer = new SimpleSAML_XML_Signer(array(
+			'privatekey' => $idpmd['privatekey'],
+			'privatekey_pass' => $passphrase,
+			'certificate' => $idpmd['certificate'],
+			'id' => ($signResponse ? 'ResponseID' : 'AssertionID') ,
+			));
+
+
+		if(array_key_exists('certificatechain', $idpmd)) {
+			$signer->addCertificate($idpmd['certificatechain']);
 		}
 		
+		
 		if($signResponse) {
 			/* Sign the response - this must be done after encrypting the assertion. */
 
@@ -151,8 +150,15 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 			assert('count($statusElements) === 1');
 
 			$signer->sign($responseroot, $responseroot, $statusElements[0]);
+			
+		} else {
+			/* Sign the assertion */
+		
+			$signer->sign($firstassertionroot, $firstassertionroot);
 		}
 		
+
+		
 		$response = $responsedom->saveXML();
 		
 		
-- 
GitLab