From 4fed30ad1fcaeb4a88b26097f17f77d8e5e47316 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 27 Aug 2008 21:04:43 +0000
Subject: [PATCH] Adding support for Shibboleth 1.3 SP to validate signed
 assertion responses.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@842 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/Shib13/AuthnResponse.php |  2 +-
 lib/SimpleSAML/XML/Validator.php            | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index b3612f0e8..9b3a3fc53 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -34,7 +34,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		$dom = $this->getDOM();
 
 		/* Validate the signature. */
-		$this->validator = new SimpleSAML_XML_Validator($dom, 'ResponseID');
+		$this->validator = new SimpleSAML_XML_Validator($dom, array('ResponseID', 'AssertionID'));
 
 		// Get the issuer of the response.
 		$issuer = $this->getIssuer();
diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php
index 133136c86..d3fba0011 100644
--- a/lib/SimpleSAML/XML/Validator.php
+++ b/lib/SimpleSAML/XML/Validator.php
@@ -26,7 +26,8 @@ class SimpleSAML_XML_Validator {
 	 *
 	 * @param $xmlNode  The XML node which contains the Signature element.
 	 * @param $idAttribute  The ID attribute which is used in node references. If this attribute is
-	 *                      NULL (the default), then we will use whatever is the default ID.
+	 *                      NULL (the default), then we will use whatever is the default ID. Can be eigther
+	 *						a string with one value, or an array with multiple ID attrbute names.
 	 */
 	public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE) {
 		assert('$xmlNode instanceof DOMNode');
@@ -36,8 +37,12 @@ class SimpleSAML_XML_Validator {
 
 		/* Add the id attribute if the user passed in an id attribute. */
 		if($idAttribute !== NULL) {
-			assert('is_string($idAttribute)');
-			$objXMLSecDSig->idKeys[] = $idAttribute;
+			if (is_string($idAttribute)) {
+				$objXMLSecDSig->idKeys[] = $idAttribute;
+			} elseif (is_array($idAttribute)) {
+				foreach ($idAttribute AS $ida) 
+					$objXMLSecDSig->idKeys[] = $ida;
+			}
 		}
 
 		/* Locate the XMLDSig Signature element to be used. */
-- 
GitLab