Closed GoogleCodeExporter closed 8 years ago
I can supply a patch if this modification sounds reasonable.
Original comment by hege%pla...@gtempaccount.com
on 3 Aug 2010 at 9:54
This sounds reasonable to me. In the long term we will probably want to move
all of the logic out of the SAML2_Assertion class, but that will not happen in
the near future. If you can send a patch that moves the check for the
SubjectConfirmation method over to sspmod_saml_Message::processResponse, that
would be great.
Original comment by olavmrk@gmail.com
on 3 Aug 2010 at 10:34
There seem to be several aspects of response processing which need to be
extracted from processResponse:
- signature validation is not needed when transport security is present
- Assertion/Response Destination is empty when using SOAP transports with transport security
- SubjectConfirmation method should be specified
A pretty ugly solution would be to introduce two extra options to the
processResponse method: $transportSecurity and $requiredConfirmationMethod.
Original comment by hege%pla...@gtempaccount.com
on 3 Aug 2010 at 1:18
In r2554, I changed the Assertion class to return the entire
SubjectConfirmation element, instead of the parsed data. This should allow the
Assertion class to work with other SubjectConfirmation methods.
The processResponse method is tailored to the Web SSO profile of SAML 2, and I
don't think it is appropriate to add code for other profiles there. What we
could do is to extract those parts that are common to multiple profiles into
separate functions.
Original comment by olavmrk@gmail.com
on 20 Sep 2010 at 12:09
I've extracted several helper methods from the processResponse/processAssertion
methods and made them protected, so they could be called from subclasses.
Original comment by hege%pla...@gtempaccount.com
on 6 Jan 2011 at 2:01
Attachments:
i still get a 'Invalid Method on SubjectConfirmation' when the IdP gives me a
'sender-vouches' SubjectConfirmation. (1.11.0)
Backtrace:
0 /var/simplesamlphp/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Error validating SubjectConfirmation in
Assertion: Invalid Method on SubjectConfirmation:
'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'
Backtrace:
3 /var/simplesamlphp/modules/saml/lib/Message.php:694
(sspmod_saml_Message::processAssertion)
2 /var/simplesamlphp/modules/saml/lib/Message.php:528
(sspmod_saml_Message::processResponse)
1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:81 (require)
0 /var/simplesamlphp/www/module.php:135 (N/A)
Is a patch available?
Original comment by fefefan...@googlemail.com
on 21 Nov 2013 at 1:16
Original issue reported on code.google.com by
hege%pla...@gtempaccount.com
on 3 Aug 2010 at 9:53