From 7c0e42f37f40afe3ca2d0f75eec90a7673a49c9b Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 20 Sep 2010 08:40:12 +0000
Subject: [PATCH] saml_Message: Allow multiple assertions in response.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2556 44740490-163a-0410-bde0-09ae8108e29a
---
modules/saml/lib/Message.php | 12 +++++++-----
modules/saml/www/sp/saml2-acs.php | 4 ++++
www/example-simple/attributequery.php | 4 ++++
www/saml2/sp/AssertionConsumerService.php | 4 ++++
4 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 6bacfd73e..3f73f6db9 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -453,7 +453,7 @@ class sspmod_saml_Message {
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
* @param SAML2_Response $response The response.
- * @return SAML2_Assertion The assertion in the response, if it is valid.
+ * @return array Array with SAML2_Assertion objects, containing valid assertions from the response.
*/
public static function processResponse(
SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
@@ -482,12 +482,14 @@ class sspmod_saml_Message {
$assertion = $response->getAssertions();
if (empty($assertion)) {
throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
- } elseif (count($assertion) > 1) {
- throw new SimpleSAML_Error_Exception('More than one assertion found in response from IdP.');
}
- $assertion = $assertion[0];
- return self::processAssertion($spMetadata, $idpMetadata, $response, $assertion, $responseSigned);
+ $ret = array();
+ foreach ($assertion as $a) {
+ $ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
+ }
+
+ return $ret;
}
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 5379676e5..35fc6f60f 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -48,6 +48,10 @@ $idpMetadata = $source->getIdPmetadata($idp);
try {
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+ if (count($assertion) > 1) {
+ throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+ }
+ $assertion = $assertion[0];
} catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */
$e = $e->toException();
diff --git a/www/example-simple/attributequery.php b/www/example-simple/attributequery.php
index aecff87db..8ec2fc614 100644
--- a/www/example-simple/attributequery.php
+++ b/www/example-simple/attributequery.php
@@ -47,6 +47,10 @@ function handleResponse() {
$spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+ if (count($assertion) > 1) {
+ throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+ }
+ $assertion = $assertion[0];
$dataId = $response->getRelayState();
if ($dataId === NULL) {
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 7065f049c..3e36f9616 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -105,6 +105,10 @@ try {
try {
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+ if (count($assertion) > 1) {
+ throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+ }
+ $assertion = $assertion[0];
} catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */
--
GitLab