From 7facb172a4c63c5b307d0f2bb012f5fe57d62cda Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 26 Oct 2009 13:18:56 +0000
Subject: [PATCH] saml: Make it possible to go back to the discovery service
 page after starting SSO.

Fixes issue 230

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1900 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/Auth/Source/SP.php | 6 +++---
 modules/saml/www/sp/discoresp.php   | 2 +-
 modules/saml/www/sp/saml1-acs.php   | 8 +++++++-
 modules/saml/www/sp/saml2-acs.php   | 2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 12fb37aea..3c4921be8 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -146,7 +146,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
 		$ar->setIssuer($this->entityId);
 
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 		$ar->setRelayState($id);
 
 		$useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
@@ -185,7 +185,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 			$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
 		}
 
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 		$ar->setId($id);
 
 		$b = new SAML2_HTTPRedirect();
@@ -229,7 +229,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 	 */
 	private function startDisco(array $state) {
 
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:disco');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 
 		$config = SimpleSAML_Configuration::getInstance();
 
diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php
index 940d47bf1..6d9af381e 100644
--- a/modules/saml/www/sp/discoresp.php
+++ b/modules/saml/www/sp/discoresp.php
@@ -12,7 +12,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
 	throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler');
 }
 
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:disco');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:sp:sso');
 
 /* Find authentication source. */
 assert('array_key_exists("saml:sp:AuthId", $state)');
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index 1568f06c2..11bbd1b32 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -18,7 +18,7 @@ $sourceId = substr($sourceId, 1, $end - 1);
 $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
 
 
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
 
 /* Check that the authentication source is correct. */
 assert('array_key_exists("saml:sp:AuthId", $state)');
@@ -26,6 +26,12 @@ if ($state['saml:sp:AuthId'] !== $sourceId) {
 	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
 }
 
+if (!isset($state['saml:idp'])) {
+	/* We seem to have received a response without sending a request. */
+	throw new SimpleSAML_Error_Exception('SAML 1 response received before SAML 1 request.');
+}
+
+
 $spMetadata = $source->getMetadata();
 
 $idpEntityId = $state['saml:idp'];
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7e7440036..1cd68509c 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -16,7 +16,7 @@ if (!($response instanceof SAML2_Response)) {
 $stateId = $response->getInResponseTo();
 if (!empty($stateId)) {
 	/* This is a response to a request we sent earlier. */
-	$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:ssosent-saml2');
+	$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso');
 
 	/* Check that the authentication source is correct. */
 	assert('array_key_exists("saml:sp:AuthId", $state)');
-- 
GitLab