From 689289fdea804655b7c51c92470db475a0fc8e61 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Mon, 23 Jun 2008 10:57:07 +0000 Subject: [PATCH] SAML2: Sign the response if no assertion is present. It is possible to send an response without an assertion, such as in the case of IsPassive. In those cases we don't have an assertion to sign, and we should fall back to signing the response. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@693 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Bindings/SAML20/HTTPPost.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php index fb5d8fd4b..0eb55b7bc 100644 --- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php @@ -107,6 +107,11 @@ class SimpleSAML_Bindings_SAML20_HTTPPost { $signResponse = $this->configuration->getBoolean('saml20.signresponse', FALSE); } + /* Check if we have an assertion to sign. Force to sign the response if not. */ + if($firstassertionroot === NULL) { + $signResponse = TRUE; + } + if($signResponse) { /* Sign the response. */ -- GitLab