From 2c7bd39d706fd2c573ca260be6caaafe9886b9ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no> Date: Wed, 27 Aug 2008 20:49:39 +0000 Subject: [PATCH] Fix bug with assertion signing, now using correct ID attribute of the assertion element git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@841 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 30 ++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index e6073b6b6..ef2f97eb9 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -97,16 +97,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { $passphrase = NULL; } - $signer = new SimpleSAML_XML_Signer(array( - 'privatekey' => $idpmd['privatekey'], - 'privatekey_pass' => $passphrase, - 'certificate' => $idpmd['certificate'], - 'id' => 'ResponseID', - )); - if(array_key_exists('certificatechain', $idpmd)) { - $signer->addCertificate($idpmd['certificatechain']); - } $responsedom = new DOMDocument(); $responsedom->loadXML(str_replace ("\r", "", $response)); @@ -138,11 +129,19 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { } - - if(!$signResponse) { - $signer->sign($firstassertionroot, $firstassertionroot); + $signer = new SimpleSAML_XML_Signer(array( + 'privatekey' => $idpmd['privatekey'], + 'privatekey_pass' => $passphrase, + 'certificate' => $idpmd['certificate'], + 'id' => ($signResponse ? 'ResponseID' : 'AssertionID') , + )); + + + if(array_key_exists('certificatechain', $idpmd)) { + $signer->addCertificate($idpmd['certificatechain']); } + if($signResponse) { /* Sign the response - this must be done after encrypting the assertion. */ @@ -151,8 +150,15 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { assert('count($statusElements) === 1'); $signer->sign($responseroot, $responseroot, $statusElements[0]); + + } else { + /* Sign the assertion */ + + $signer->sign($firstassertionroot, $firstassertionroot); } + + $response = $responsedom->saveXML(); -- GitLab