saml: Add support for SAML 1.1 IdP init SSO.

Some limitations apply. Specifically, no support for the Artifact
binding, and the TARGET parameter must be an absolute url.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2568 44740490-163a-0410-bde0-09ae8108e29a

modules/saml/www/sp/saml1-acs.php

@@ -20,16 +20,25 @@ $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP
 SimpleSAML_Logger::debug('Received SAML1 response');
 
 
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
-
-/* Check that the authentication source is correct. */
-assert('array_key_exists("saml:sp:AuthId", $state)');
-if ($state['saml:sp:AuthId'] !== $sourceId) {
-	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
-}
+$target = (string)$_REQUEST['TARGET'];
+if (preg_match('@^https?://@i', $target)) {
+	/* Unsolicited response. */
+	$state = array(
+		'saml:sp:isUnsoliced' => TRUE,
+		'saml:sp:AuthId' => $sourceId,
+		'saml:sp:RelayState' => $target,
+	);
+} else {
+	$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
 
-assert('isset($state["saml:idp"])');
+	/* Check that the authentication source is correct. */
+	assert('array_key_exists("saml:sp:AuthId", $state)');
+	if ($state['saml:sp:AuthId'] !== $sourceId) {
+		throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
+	}
 
+	assert('isset($state["saml:idp"])');
+}
 
 $spMetadata = $source->getMetadata();