diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index b3612f0e88564c28d9b51f219ae49fe8ff61cc81..9b3a3fc53aa0a90509791e0beea40a8fd5cf573e 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -34,7 +34,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$dom = $this->getDOM();
/* Validate the signature. */
- $this->validator = new SimpleSAML_XML_Validator($dom, 'ResponseID');
+ $this->validator = new SimpleSAML_XML_Validator($dom, array('ResponseID', 'AssertionID'));
// Get the issuer of the response.
$issuer = $this->getIssuer();
diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php
index 133136c86ba9cd1dec86e5f990b82dc77a54b8fc..d3fba00114dce38b0456db80bda5abe3828904cd 100644
--- a/lib/SimpleSAML/XML/Validator.php
+++ b/lib/SimpleSAML/XML/Validator.php
@@ -26,7 +26,8 @@ class SimpleSAML_XML_Validator {
*
* @param $xmlNode The XML node which contains the Signature element.
* @param $idAttribute The ID attribute which is used in node references. If this attribute is
- * NULL (the default), then we will use whatever is the default ID.
+ * NULL (the default), then we will use whatever is the default ID. Can be eigther
+ * a string with one value, or an array with multiple ID attrbute names.
*/
public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE) {
assert('$xmlNode instanceof DOMNode');
@@ -36,8 +37,12 @@ class SimpleSAML_XML_Validator {
/* Add the id attribute if the user passed in an id attribute. */
if($idAttribute !== NULL) {
- assert('is_string($idAttribute)');
- $objXMLSecDSig->idKeys[] = $idAttribute;
+ if (is_string($idAttribute)) {
+ $objXMLSecDSig->idKeys[] = $idAttribute;
+ } elseif (is_array($idAttribute)) {
+ foreach ($idAttribute AS $ida)
+ $objXMLSecDSig->idKeys[] = $ida;
+ }
}
/* Locate the XMLDSig Signature element to be used. */