From 65859abdff8461a773c8420fe9b0a1a181a42782 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 8 Oct 2009 12:06:35 +0000
Subject: [PATCH] saml2/idp/SSOService: Log warning if the
 AssertionConsumerService in the request is invalid.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1831 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/idp/SSOService.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index e1d6920a8..3f2c45383 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -149,8 +149,16 @@ if (isset($_REQUEST['SAMLRequest'])) {
 		$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
 
 		$consumerURL = $authnrequest->getAssertionConsumerServiceURL();
-		$consumerArray = SimpleSAML_Utilities::arrayize($spmetadata['AssertionConsumerService']);
-		if (($consumerURL != NULL) && (array_search($consumerURL, $consumerArray) !== FALSE)) $requestcache['ConsumerURL'] = $consumerURL;
+		if ($consumerURL !== NULL) {
+			$consumerArray = SimpleSAML_Utilities::arrayize($spmetadata['AssertionConsumerService']);
+			if (in_array($consumerURL, $consumerArray, TRUE)) {
+				$requestcache['ConsumerURL'] = $consumerURL;
+			} else {
+				SimpleSAML_Logger::warning('Authentication request from ' . var_export($spentityid, TRUE) .
+					' contains invalid AssertionConsumerService URL. Was ' .
+					var_export($consumerURL, TRUE) . ', could be ' . var_export($consumerArray, TRUE) . '.');
+			}
+		}
 
 		$IDPList = $authnrequest->getIDPList();
 
-- 
GitLab