From d6ccc32f67ac677ef70c68eae04df98f823ab3ab Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 31 Jan 2022 13:01:40 +0100
Subject: [PATCH] Change exception
---
modules/saml/lib/Auth/Source/SP.php | 5 ++---
modules/saml/www/sp/saml2-acs.php | 5 ++---
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index b08ed9a1e..508ad15b8 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -10,7 +10,6 @@ use SAML2\Constants;
use SAML2\Exception\Protocol\NoAvailableIDPException;
use SAML2\Exception\Protocol\NoPassiveException;
use SAML2\Exception\Protocol\NoSupportedIDPException;
-use SAML2\Exception\ProtocolViolationException;
use SAML2\LogoutRequest;
use SAML2\XML\saml\NameID;
use SimpleSAML\Assert\Assert;
@@ -1143,8 +1142,8 @@ class SP extends \SimpleSAML\Auth\Source
Assert::true(
$allowUnsolicited,
- 'Received an unsolicited response, which is against SAML2INT specification.',
- ProtocolViolationException::class,
+ 'Unsolicited responsed are denied by configuration.',
+ Error\BadRequest::class,
);
if (isset($state['saml:sp:isUnsolicited']) && (bool) $state['saml:sp:isUnsolicited']) {
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7001c3a88..097463cf9 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -7,7 +7,6 @@
use SAML2\Binding;
use SAML2\Assertion;
use SAML2\Exception\Protocol\UnsupportedBindingException;
-use SAML2\Exception\ProtocolViolationException;
use SAML2\HTTPArtifact;
use SAML2\Response;
use SimpleSAML\Assert\Assert;
@@ -109,8 +108,8 @@ $allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', true);
Assert::true(
$allowUnsolicited,
- 'Received an unsolicited response, which is against SAML2INT specification.',
- ProtocolViolationException::class,
+ 'Unsolicited responses are denied by configuration.',
+ Error\BadRequest::class,
);
if ($state) {
--
GitLab