Skip to content
Snippets Groups Projects
Commit 5056ab30 authored by Olav Morken's avatar Olav Morken
Browse files

saml: Verify destination of logout messages to SP. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2505 44740490-163a-0410-bde0-09ae8108e29a
parent 66e503b2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/www/sp/saml2-logout.php
+ 5
0
View file @ 5056ab30
...@@ -37,6 +37,11 @@ $spMetadata = $source->getMetadata(); ...@@ -37,6 +37,11 @@ $spMetadata = $source->getMetadata();
sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message); sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message);
$destination = $message->getDestination();
if ($destination !== NULL && $destination !== SimpleSAML_Utilities::selfURLNoQuery()) {
throw new SimpleSAML_Error_Exception('Destination in logout message is wrong.');
}
if ($message instanceof SAML2_LogoutResponse) { if ($message instanceof SAML2_LogoutResponse) {
$relayState = $message->getRelayState(); $relayState = $message->getRelayState();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment