Skip to content
Snippets Groups Projects
Commit 305f5b69 authored by Olav Morken's avatar Olav Morken
Browse files

saml: Verify that we have at least one AuthnStatement in the response. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2728 44740490-163a-0410-bde0-09ae8108e29a
parent d4129426
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
modules/saml/www/sp/saml2-acs.php
+ 11
0
View file @ 305f5b69
...@@ -60,6 +60,7 @@ $nameId = NULL; ...@@ -60,6 +60,7 @@ $nameId = NULL;
$sessionIndex = NULL; $sessionIndex = NULL;
$expire = NULL; $expire = NULL;
$attributes = array(); $attributes = array();
$foundAuthnStatement = FALSE;
foreach ($assertions as $assertion) { foreach ($assertions as $assertion) {
/* Check for duplicate assertion (replay attack). */ /* Check for duplicate assertion (replay attack). */
...@@ -96,6 +97,16 @@ foreach ($assertions as $assertion) { ...@@ -96,6 +97,16 @@ foreach ($assertions as $assertion) {
} }
$attributes = array_merge($attributes, $assertion->getAttributes()); $attributes = array_merge($attributes, $assertion->getAttributes());
if ($assertion->getAuthnInstant() !== NULL) {
/* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */
$foundAuthnStatement = TRUE;
}
}
if (!$foundAuthnStatement) {
$e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).');
SimpleSAML_Auth_State::throwException($state, $e);
} }
if ($expire === NULL) { if ($expire === NULL) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment