From c1029a0af0c1ce2d1bcf696597638044d034e0a5 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 26 Aug 2020 13:12:51 +0000
Subject: [PATCH] Fix unsolicited response with no RelayState.

This would otherwise terminate win an error because checkURLAllowed
does not accept a null parameter.
---
 modules/saml/www/sp/saml2-acs.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index ff80e3c3c..17528226d 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -126,15 +126,11 @@ if ($state) {
     }
 } else {
     // this is an unsolicited response
+    $relaystate = $spMetadata->getString('RelayState', $response->getRelayState());
     $state = [
         'saml:sp:isUnsolicited' => true,
         'saml:sp:AuthId'        => $sourceId,
-        'saml:sp:RelayState'    => Utils\HTTP::checkURLAllowed(
-            $spMetadata->getString(
-                'RelayState',
-                $response->getRelayState()
-            )
-        ),
+        'saml:sp:RelayState'    => $relaystate === null ? null : Utils\HTTP::checkURLAllowed($relaystate),
     ];
 }
 
-- 
GitLab