projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix address checking if none supplied.
[shibboleth/sp.git] / shibsp / handler / impl / AssertionConsumerService.cpp
diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp
index 9e25a2c..02c7f97 100644 (file)
--- a/shibsp/handler/impl/AssertionConsumerService.cpp
+++ b/shibsp/handler/impl/AssertionConsumerService.cpp
@@ -179,6 +179,9 @@ pair<bool,long> AssertionConsumerService::processMessage(
 
 void AssertionConsumerService::checkAddress(const Application& application, const HTTPRequest& httpRequest, const char* issuedTo) const
 {
+    if (!issuedTo || !*issuedTo)
+        return;
+    
     const PropertySet* props=application.getPropertySet("Sessions");
     pair<bool,bool> checkAddress = props ? props->getBool("checkAddress") : make_pair(false,true);
     if (!checkAddress.first)
@@ -377,7 +380,7 @@ void AssertionConsumerService::extractMessageDetails(const Assertion& assertion,
     policy.setMessageID(assertion.getID());
     policy.setIssueInstant(assertion.getIssueInstantEpoch());
 
-    if (XMLString::equals(assertion.getElementQName().getNamespaceURI(), samlconstants::SAML20P_NS)) {
+    if (XMLString::equals(assertion.getElementQName().getNamespaceURI(), samlconstants::SAML20_NS)) {
         const saml2::Assertion* a2 = dynamic_cast<const saml2::Assertion*>(&assertion);
         if (a2) {
             m_log.debug("extracting issuer from SAML 2.0 assertion");
@@ -393,6 +396,10 @@ void AssertionConsumerService::extractMessageDetails(const Assertion& assertion,
     }
 
     if (policy.getIssuer() && !policy.getIssuerMetadata() && policy.getMetadataProvider()) {
+        if (policy.getIssuer()->getFormat() && !XMLString::equals(policy.getIssuer()->getFormat(), saml2::NameIDType::ENTITY)) {
+            m_log.warn("non-system entity issuer, skipping metadata lookup");
+            return;
+        }
         m_log.debug("searching metadata for assertion issuer...");
         MetadataProvider::Criteria mc(policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
         pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);
Shibboleth SP