From f0ee479936a25750dc926ea304778c17b57559b6 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 20 Aug 2009 14:09:21 +0000
Subject: [PATCH] SAML2: Allow either <saml:AuthnContextClassRef> or
 <saml:AuthnContextDeclRef> in <saml:AuthnContext>.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1702 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/Assertion.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/SAML2/Assertion.php b/lib/SAML2/Assertion.php
index 327e104a0..43c6f3139 100644
--- a/lib/SAML2/Assertion.php
+++ b/lib/SAML2/Assertion.php
@@ -382,13 +382,18 @@ class SAML2_Assertion implements SAML2_SignedElement {
 
 		$accr = SAML2_Utils::xpQuery($ac, './saml:AuthnContextClassRef');
 		if (empty($accr)) {
-			throw new Exception('Missing almost-required <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
+			$acdr = SAML2_Utils::xpQuery($ac, './saml:AuthnContextDeclRef');
+			if (empty($acdr)) {
+				throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.');
+			} elseif (count($accr) > 1) {
+				throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.');
+			}
+			$this->authnContext = trim($acdr[0]->textContent);
 		} elseif (count($accr) > 1) {
 			throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
+		} else {
+			$this->authnContext = trim($accr[0]->textContent);
 		}
-		$accr = $accr[0];
-
-		$this->authnContext = trim($accr->textContent);
 	}
 
 
-- 
GitLab