saml: Add support for SAML 1.1 IdP init SSO.

Some limitations apply. Specifically, no support for the Artifact binding, and the TARGET parameter must be an absolute url. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2568 44740490-163a-0410-bde0-09ae8108e29a

saml: Add support for SAML 1.1 IdP init SSO.
Some limitations apply. Specifically, no support for the Artifact binding, and the TARGET parameter must be an absolute url. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2568 44740490-163a-0410-bde0-09ae8108e29a
fcbad611 · Olav Morken · 90e5a8e2 · fcbad611
Commit fcbad611 authored 14 years ago by Olav Morken
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -20,16 +20,25 @@ $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP
 SimpleSAML_Logger::debug('Received SAML1 response');
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
+$target = (string)$_REQUEST['TARGET'];
+if (preg_match('@^https?://@i', $target)) {
-/* Check that the authentication source is correct. */
+	/* Unsolicited response. */
-assert('array_key_exists("saml:sp:AuthId", $state)');
+	$state = array(
-if ($state['saml:sp:AuthId'] !== $sourceId) {
+		'saml:sp:isUnsoliced' => TRUE,
-	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
+		'saml:sp:AuthId' => $sourceId,
-}
+		'saml:sp:RelayState' => $target,
+	);
+} else {
+	$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
-assert('isset($state["saml:idp"])');
+	/* Check that the authentication source is correct. */
+	assert('array_key_exists("saml:sp:AuthId", $state)');
+	if ($state['saml:sp:AuthId'] !== $sourceId) {
+		throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
+	}
+	assert('isset($state["saml:idp"])');
+}
 $spMetadata = $source->getMetadata();