+ throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+
+ m_soaper.getPolicy().reset(true);
+
+ // Extract Response details and run policy against it.
+ // We don't pull Issuer out of any assertions because some profiles may permit
+ // alternate issuers at that layer.
+ m_soaper.getPolicy().setMessageID(response->getResponseID());
+ m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch());
+ m_soaper.getPolicy().evaluate(*response);