From 689289fdea804655b7c51c92470db475a0fc8e61 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 23 Jun 2008 10:57:07 +0000
Subject: [PATCH] SAML2: Sign the response if no assertion is present.

It is possible to send an response without an assertion, such as in the case
of IsPassive. In those cases we don't have an assertion to sign, and we should
fall back to signing the response.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@693 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/SAML20/HTTPPost.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index fb5d8fd4b..0eb55b7bc 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -107,6 +107,11 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
 			$signResponse = $this->configuration->getBoolean('saml20.signresponse', FALSE);
 		}
 
+		/* Check if we have an assertion to sign. Force to sign the response if not. */
+		if($firstassertionroot === NULL) {
+			$signResponse = TRUE;
+		}
+
 		if($signResponse) {
 			/* Sign the response. */
 
-- 
GitLab