Skip to content
Snippets Groups Projects
Commit 7c0e42f3 authored by Olav Morken's avatar Olav Morken
Browse files

saml_Message: Allow multiple assertions in response.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2556 44740490-163a-0410-bde0-09ae8108e29a
parent 8bf34b75
No related branches found
No related tags found
No related merge requests found
...@@ -453,7 +453,7 @@ class sspmod_saml_Message { ...@@ -453,7 +453,7 @@ class sspmod_saml_Message {
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
* @param SAML2_Response $response The response. * @param SAML2_Response $response The response.
* @return SAML2_Assertion The assertion in the response, if it is valid. * @return array Array with SAML2_Assertion objects, containing valid assertions from the response.
*/ */
public static function processResponse( public static function processResponse(
SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
...@@ -482,12 +482,14 @@ class sspmod_saml_Message { ...@@ -482,12 +482,14 @@ class sspmod_saml_Message {
$assertion = $response->getAssertions(); $assertion = $response->getAssertions();
if (empty($assertion)) { if (empty($assertion)) {
throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.'); throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
} elseif (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion found in response from IdP.');
} }
$assertion = $assertion[0];
return self::processAssertion($spMetadata, $idpMetadata, $response, $assertion, $responseSigned); $ret = array();
foreach ($assertion as $a) {
$ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
}
return $ret;
} }
......
...@@ -48,6 +48,10 @@ $idpMetadata = $source->getIdPmetadata($idp); ...@@ -48,6 +48,10 @@ $idpMetadata = $source->getIdPmetadata($idp);
try { try {
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
} catch (sspmod_saml_Error $e) { } catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */ /* The status of the response wasn't "success". */
$e = $e->toException(); $e = $e->toException();
......
...@@ -47,6 +47,10 @@ function handleResponse() { ...@@ -47,6 +47,10 @@ function handleResponse() {
$spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted'); $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
$dataId = $response->getRelayState(); $dataId = $response->getRelayState();
if ($dataId === NULL) { if ($dataId === NULL) {
......
...@@ -105,6 +105,10 @@ try { ...@@ -105,6 +105,10 @@ try {
try { try {
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
} catch (sspmod_saml_Error $e) { } catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */ /* The status of the response wasn't "success". */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment