saml: Check that the responder is the same as the one the request was sent to.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1753 44740490-163a-0410-bde0-09ae8108e29a

saml: Check that the responder is the same as the one the request was sent to.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1753 44740490-163a-0410-bde0-09ae8108e29a
7870f388 · Olav Morken · d9399abf · 7870f388 · 7870f388
Commit 7870f388 authored 15 years ago by Olav Morken
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -141,6 +141,8 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$idpEntityId = $idpMetadata->getString('entityid');
+		$state['saml:idp'] = $idpEntityId;
 		$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
 		$ar->setIssuer($this->entityId);

--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -23,6 +23,8 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
 	throw new SimpleSAML_Error_Exception('Source type changed?');
 }
+$idpEntityId = $state['saml:idp'];
+$idpMetadata = $source->getIdPMetadata($idpEntityId);
 $responseXML = $_REQUEST['SAMLResponse'];
 $responseXML = base64_decode($responseXML);
@@ -32,15 +34,19 @@ $response->setXML($responseXML);
 $response->validate();
-$idp = $response->getIssuer();
+$responseIssuer = $response->getIssuer();
 $attributes = $response->getAttributes();
+if ($responseIssuer !== $idpEntityId) {
+	throw new SimpleSAML_Error_Exception('The issuer of the response wasn\'t the destination of the request.');
+}
 $logoutState = array(
 	'saml:logout:Type' => 'saml1'
 	);
 $state['LogoutState'] = $logoutState;
-$source->handleResponse($state, $idp, $attributes);
+$source->handleResponse($state, $idpEntityId, $attributes);
 assert('FALSE');
 ?>
\ No newline at end of file