From b8d5fc7d05ececf913620e555510e1e9f93ed87b Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 1 Jul 2008 11:33:22 +0000
Subject: [PATCH] SAML2: Sign Response-element after encrypting the
Assertion-element.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@735 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Bindings/SAML20/HTTPPost.php | 24 ++++++++++++---------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index 1ee9ca12d..95792d757 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -116,16 +116,8 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
$signResponse = TRUE;
}
- if($signResponse) {
- /* Sign the response. */
-
- /* We insert the signature before the saml2p:Status element. */
- $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml2p');
- assert('count($statusElements) === 1');
-
- $signer->sign($responseroot, $responseroot, $statusElements[0]);
- } else {
- /* Sign the assertion. */
+ if(!$signResponse) {
+ /* Sign the assertion - this must be done before encrypting the assertion. */
/* We insert the signature before the saml2:Subject element. */
$subjectElements = SimpleSAML_Utilities::getDOMChildren(
@@ -172,6 +164,18 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
$encNode = $enc->encryptNode($objKey); # replacing the unencrypted node
}
+
+ if($signResponse) {
+ /* Sign the response - this must be done after encrypting the assertion. */
+
+ /* We insert the signature before the saml2p:Status element. */
+ $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml2p');
+ assert('count($statusElements) === 1');
+
+ $signer->sign($responseroot, $responseroot, $statusElements[0]);
+ }
+
+
$response = $responsedom->saveXML();
SimpleSAML_Utilities::validateXMLDocument($response, 'saml20');
--
GitLab