saml_Message: Allow multiple assertions in response.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2556 44740490-163a-0410-bde0-09ae8108e29a

saml_Message: Allow multiple assertions in response.
7c0e42f3 · Olav Morken · 8bf34b75 · 7c0e42f3 · 7c0e42f3 · 7c0e42f3
Commit 7c0e42f3 authored 14 years ago by Olav Morken
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -453,7 +453,7 @@ class sspmod_saml_Message {
 	 * @param SimpleSAML_Configuration $spMetadata  The metadata of the service provider.
 	 * @param SimpleSAML_Configuration $idpMetadata  The metadata of the identity provider.
 	 * @param SAML2_Response $response  The response.
-	 * @return SAML2_Assertion  The assertion in the response, if it is valid.
+	 * @return array  Array with SAML2_Assertion objects, containing valid assertions from the response.
 	 */
 	public static function processResponse(
 		SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
@@ -482,12 +482,14 @@ class sspmod_saml_Message {
 		$assertion = $response->getAssertions();
 		if (empty($assertion)) {
 			throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
-		} elseif (count($assertion) > 1) {
-			throw new SimpleSAML_Error_Exception('More than one assertion found in response from IdP.');
 		}
-		$assertion = $assertion[0];
-		return self::processAssertion($spMetadata, $idpMetadata, $response, $assertion, $responseSigned);
+		$ret = array();
+		foreach ($assertion as $a) {
+			$ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
+		}
+		return $ret;
 	}

--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -48,6 +48,10 @@ $idpMetadata = $source->getIdPmetadata($idp);
 try {
 	$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+	if (count($assertion) > 1) {
+		throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+	}
+	$assertion = $assertion[0];
 } catch (sspmod_saml_Error $e) {
 	/* The status of the response wasn't "success". */
 	$e = $e->toException();

--- a/www/example-simple/attributequery.php
+++ b/www/example-simple/attributequery.php
@@ -47,6 +47,10 @@ function handleResponse() {
 	$spMetadata =  $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
 	$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+	if (count($assertion) > 1) {
+		throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+	}
+	$assertion = $assertion[0];
 	$dataId = $response->getRelayState();
 	if ($dataId === NULL) {

--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -105,6 +105,10 @@ try {
 	try {
 		$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+		if (count($assertion) > 1) {
+			throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+		}
+		$assertion = $assertion[0];
 	} catch (sspmod_saml_Error $e) {
 		/* The status of the response wasn't "success". */