diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index b08ed9a1e3750c29e9120d5bace55121c249bd7e..508ad15b8b561369ac50519041061d56fb7467ea 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -10,7 +10,6 @@ use SAML2\Constants; use SAML2\Exception\Protocol\NoAvailableIDPException; use SAML2\Exception\Protocol\NoPassiveException; use SAML2\Exception\Protocol\NoSupportedIDPException; -use SAML2\Exception\ProtocolViolationException; use SAML2\LogoutRequest; use SAML2\XML\saml\NameID; use SimpleSAML\Assert\Assert; @@ -1143,8 +1142,8 @@ class SP extends \SimpleSAML\Auth\Source Assert::true( $allowUnsolicited, - 'Received an unsolicited response, which is against SAML2INT specification.', - ProtocolViolationException::class, + 'Unsolicited responsed are denied by configuration.', + Error\BadRequest::class, ); if (isset($state['saml:sp:isUnsolicited']) && (bool) $state['saml:sp:isUnsolicited']) { diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php index 7001c3a887a7156a2c070d08029860149ab174e9..097463cf98f54751c0875159a3f99ac05a274b54 100644 --- a/modules/saml/www/sp/saml2-acs.php +++ b/modules/saml/www/sp/saml2-acs.php @@ -7,7 +7,6 @@ use SAML2\Binding; use SAML2\Assertion; use SAML2\Exception\Protocol\UnsupportedBindingException; -use SAML2\Exception\ProtocolViolationException; use SAML2\HTTPArtifact; use SAML2\Response; use SimpleSAML\Assert\Assert; @@ -109,8 +108,8 @@ $allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', true); Assert::true( $allowUnsolicited, - 'Received an unsolicited response, which is against SAML2INT specification.', - ProtocolViolationException::class, + 'Unsolicited responses are denied by configuration.', + Error\BadRequest::class, ); if ($state) {