diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php index 66a20bcf439732272c97375099e33d3e1c1acde9..31898338c437c3bf8f3bdd063e35111fd33a31e9 100644 --- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php @@ -123,7 +123,7 @@ class SimpleSAML_Bindings_SAML20_HTTPPost { // 'http://www.w3.org/2001/10/xml-exc-c14n#')); $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, - array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID')); #$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1); diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index e57968c569e83647f05f0693b05eed1870841b07..f842e74607a7c8644d0a77e53470f0686f24de44 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -113,10 +113,21 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { #$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID'); + /* + + Removed 2008-01-10 after a tips from Rob Richards.. + + $objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('id_name' => 'ResponseID')); + */ + + $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, + array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), + array('id_name' => 'ResponseID')); + // TODO: Add option to sign assertion versus response #$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',