From fcbad6114b2057fdfbeb9f63c6150d57f0b9a9bc Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 4 Oct 2010 13:37:02 +0000
Subject: [PATCH] saml: Add support for SAML 1.1 IdP init SSO.

Some limitations apply. Specifically, no support for the Artifact
binding, and the TARGET parameter must be an absolute url.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2568 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/www/sp/saml1-acs.php | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index b30128a6f..cc42502b8 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -20,16 +20,25 @@ $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP
 SimpleSAML_Logger::debug('Received SAML1 response');
 
 
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
-
-/* Check that the authentication source is correct. */
-assert('array_key_exists("saml:sp:AuthId", $state)');
-if ($state['saml:sp:AuthId'] !== $sourceId) {
-	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
-}
+$target = (string)$_REQUEST['TARGET'];
+if (preg_match('@^https?://@i', $target)) {
+	/* Unsolicited response. */
+	$state = array(
+		'saml:sp:isUnsoliced' => TRUE,
+		'saml:sp:AuthId' => $sourceId,
+		'saml:sp:RelayState' => $target,
+	);
+} else {
+	$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
 
-assert('isset($state["saml:idp"])');
+	/* Check that the authentication source is correct. */
+	assert('array_key_exists("saml:sp:AuthId", $state)');
+	if ($state['saml:sp:AuthId'] !== $sourceId) {
+		throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
+	}
 
+	assert('isset($state["saml:idp"])');
+}
 
 $spMetadata = $source->getMetadata();
 
-- 
GitLab