- m_soaper.getPolicy().reset(true);
- m_soaper.getPolicy().evaluate(*response, NULL, samlconstants::SAML20P_NS);
- if (!m_soaper.getPolicy().isSecure()) {
- SecurityPolicyException ex("Security policy could not authenticate the message.");
- annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata(), response->getStatus()); // throws it
- }
+ SecurityPolicy& policy = m_soaper.getPolicy();
+ policy.reset(true);
+
+ // Extract Response details.
+ policy.setMessageID(response->getID());
+ policy.setIssueInstant(response->getIssueInstantEpoch());
+
+ // Extract and re-verify Issuer if present.
+ const Issuer* issuer = response->getIssuer();
+ if (issuer)
+ policy.setIssuer(issuer); // This will throw if it conflicts with the known peer identity.
+
+ // Now run the policy.
+ policy.evaluate(*response);