From 3cec8eea561c6ee08e5b58f9f4273678ec30f484 Mon Sep 17 00:00:00 2001
From: Jaime Perez <jaime.perez@uninett.no>
Date: Tue, 4 Mar 2014 15:06:41 +0100
Subject: [PATCH] modules/saml: proper error message in SAML1.1/2.0 ACS when
 auth source ID is missing.

---
 modules/saml/www/sp/saml1-acs.php    | 4 ++++
 modules/saml/www/sp/saml2-acs.php    | 4 ++++
 modules/saml/www/sp/saml2-logout.php | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index 95cc91b58..fcfd5a073 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -8,6 +8,10 @@ if (!array_key_exists('TARGET', $_REQUEST)) {
 	throw new SimpleSAML_Error_BadRequest('Missing TARGET parameter.');
 }
 
+if (!array_key_exists('PATH_INFO', $_SERVER)) {
+    throw new SimpleSAML_Error_BadRequest('Missing authentication source ID in assertion consumer service URL');
+}
+
 $sourceId = $_SERVER['PATH_INFO'];
 $end = strpos($sourceId, '/', 1);
 if ($end === FALSE) {
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 1341095cb..b9fb760b1 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -4,6 +4,10 @@
  * Assertion consumer service handler for SAML 2.0 SP authentication client.
  */
 
+if (!array_key_exists('PATH_INFO', $_SERVER)) {
+    throw new SimpleSAML_Error_BadRequest('Missing authentication source ID in assertion consumer service URL');
+}
+
 $sourceId = substr($_SERVER['PATH_INFO'], 1);
 $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
 $spMetadata = $source->getMetadata();
diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index d8d04c5c1..b39f3bff0 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -7,7 +7,7 @@
  */
 
 if (!array_key_exists('PATH_INFO', $_SERVER)) {
-	throw new SimpleSAML_Error_BadRequest('Missing authentication source id in logout URL');
+	throw new SimpleSAML_Error_BadRequest('Missing authentication source ID in logout URL');
 }
 
 $sourceId = substr($_SERVER['PATH_INFO'], 1);
-- 
GitLab