Skip to content
Snippets Groups Projects
Commit c24875d5 authored by Olav Morken's avatar Olav Morken
Browse files

saml_Message: Add specific check for response destination. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2553 44740490-163a-0410-bde0-09ae8108e29a
parent b752e927
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/lib/Message.php
+ 6
6
View file @ c24875d5
...@@ -497,12 +497,13 @@ class sspmod_saml_Message { ...@@ -497,12 +497,13 @@ class sspmod_saml_Message {
} }
} }
$asrtDestination = $assertion->getDestination(); /* Validate Response-element destination. */
$currentURL = SimpleSAML_Utilities::selfURLNoQuery();
$msgDestination = $response->getDestination(); $msgDestination = $response->getDestination();
if ($asrtDestination !== NULL && $msgDestination !== NULL) { if ($msgDestination !== $currentURL) {
if ($asrtDestination !== $msgDestination) { throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' .
throw new SimpleSAML_Error_Exception('Destination in assertion did not match Destination in message.'); $msgDestination . '", current URL is "' . $currentURL . '".');
}
} }
...@@ -524,7 +525,6 @@ class sspmod_saml_Message { ...@@ -524,7 +525,6 @@ class sspmod_saml_Message {
} }
$destination = $assertion->getDestination(); $destination = $assertion->getDestination();
$currentURL = SimpleSAML_Utilities::selfURLNoQuery();
if ($destination !== $currentURL) { if ($destination !== $currentURL) {
throw new Exception('Recipient in assertion doesn\'t match the current URL. Recipient is "' . throw new Exception('Recipient in assertion doesn\'t match the current URL. Recipient is "' .
$destination . '", current URL is "' . $currentURL . '".'); $destination . '", current URL is "' . $currentURL . '".');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment