diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 99827f59c17eb476b19607afdf4c3121b94a5154..468f5f8f4bcc99e2afe2afcc683f8777b931cd5d 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -392,11 +392,17 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
if (empty($intersection)) { // all requested IdPs are unknown
- throw new SimpleSAML\Error\NoSupportedIDP('None of the IdPs requested are supported by this proxy.');
+ throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
+ \SAML2\Constants::STATUS_REQUESTER,
+ 'None of the IdPs requested are supported by this proxy.'
+ );
}
if (!is_null($idp) && !in_array($idp, $intersection)) { // the IdP is enforced but not in the IDPList
- throw new SimpleSAML\Error\NoAvailableIDP('None of the IdPs requested are available to this proxy.');
+ throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
+ \SAML2\Constants::STATUS_REQUESTER,
+ 'None of the IdPs requested are available to this proxy.'
+ );
}
if (is_null($idp) && sizeof($intersection) === 1) { // only one IdP requested or valid
@@ -447,7 +453,10 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$intersection = array_intersect($state['saml:IDPList'], array_keys($known_idps));
if (empty($intersection)) { // all requested IdPs are unknown
- throw new SimpleSAML\Error\NoSupportedIDP('None of the IdPs requested are supported by this proxy.');
+ throw new SimpleSAML\Module\saml\Error\NoSupportedIDP(
+ \SAML2\Constants::STATUS_REQUESTER,
+ 'None of the IdPs requested are supported by this proxy.'
+ );
}
/*
@@ -455,7 +464,10 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
* see if this proxy enforces the use of one single IdP.
*/
if (!is_null($this->idp) && !in_array($this->idp, $intersection)) { // an IdP is enforced but not requested
- throw new SimpleSAML\Error\NoAvailableIDP('None of the IdPs requested are available to this proxy.');
+ throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
+ \SAML2\Constants::STATUS_REQUESTER,
+ 'None of the IdPs requested are available to this proxy.'
+ );
}
/*
diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php
index 8cf0fb15ff2d68dad44ab7b9071c82eaf3163835..0fe40639047faf1e054542c7859df78febc42df0 100644
--- a/modules/saml/lib/Error.php
+++ b/modules/saml/lib/Error.php
@@ -118,20 +118,6 @@ class sspmod_saml_Error extends SimpleSAML_Error_Exception {
$exception->getMessage(),
$exception
);
- } elseif ($exception instanceof SimpleSAML\Error\NoAvailableIDP) {
- $e = new self(
- \SAML2\Constants::STATUS_RESPONDER,
- \SAML2\Constants::STATUS_NO_AVAILABLE_IDP,
- $exception->getMessage(),
- $exception
- );
- } elseif ($exception instanceof SimpleSAML\Error\NoSupportedIDP) {
- $e = new self(
- \SAML2\Constants::STATUS_RESPONDER,
- \SAML2\Constants::STATUS_NO_SUPPORTED_IDP,
- $exception->getMessage(),
- $exception
- );
} else {
$e = new self(
\SAML2\Constants::STATUS_RESPONDER,
diff --git a/modules/saml/www/proxy/invalid_session.php b/modules/saml/www/proxy/invalid_session.php
index 5369ace8a3bc68a0f92c6b1396fe3802397f7db2..f110f8beb6d60572e16fcbe8848cda5976f836f0 100644
--- a/modules/saml/www/proxy/invalid_session.php
+++ b/modules/saml/www/proxy/invalid_session.php
@@ -28,8 +28,13 @@ try {
if (isset($_POST['cancel'])) {
// the user does not want to logout, cancel login
- $e = new \SimpleSAML\Error\NoAvailableIDP('User refused to reauthenticate with any of the IdPs requested.');
- SimpleSAML_Auth_State::throwException($state, $e);
+ SimpleSAML_Auth_State::throwException(
+ $state,
+ new \SimpleSAML\Module\saml\Error\NoAvailableIDP(
+ \SAML2\Constants::STATUS_RESPONDER,
+ 'User refused to reauthenticate with any of the IdPs requested.'
+ )
+ );
}
if (isset($_POST['continue'])) {