Adding support for Shibboleth 1.3 SP to validate signed assertion responses.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@842 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/XML/Shib13/AuthnResponse.php

@@ -34,7 +34,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		$dom = $this->getDOM();
 
 		/* Validate the signature. */
-		$this->validator = new SimpleSAML_XML_Validator($dom, 'ResponseID');
+		$this->validator = new SimpleSAML_XML_Validator($dom, array('ResponseID', 'AssertionID'));
 
 		// Get the issuer of the response.
 		$issuer = $this->getIssuer();

lib/SimpleSAML/XML/Validator.php

@@ -26,7 +26,8 @@ class SimpleSAML_XML_Validator {
 	 *
 	 * @param $xmlNode  The XML node which contains the Signature element.
 	 * @param $idAttribute  The ID attribute which is used in node references. If this attribute is
-	 *                      NULL (the default), then we will use whatever is the default ID.
+	 *                      NULL (the default), then we will use whatever is the default ID. Can be eigther
+	 *						a string with one value, or an array with multiple ID attrbute names.
 	 */
 	public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE) {
 		assert('$xmlNode instanceof DOMNode');
@@ -36,8 +37,12 @@ class SimpleSAML_XML_Validator {
 
 		/* Add the id attribute if the user passed in an id attribute. */
 		if($idAttribute !== NULL) {
-			assert('is_string($idAttribute)');
-			$objXMLSecDSig->idKeys[] = $idAttribute;
+			if (is_string($idAttribute)) {
+				$objXMLSecDSig->idKeys[] = $idAttribute;
+			} elseif (is_array($idAttribute)) {
+				foreach ($idAttribute AS $ida) 
+					$objXMLSecDSig->idKeys[] = $ida;
+			}
 		}
 
 		/* Locate the XMLDSig Signature element to be used. */