void AssertionConsumerService::checkAddress(const Application& application, const HTTPRequest& httpRequest, const char* issuedTo) const
{
+ if (!issuedTo || !*issuedTo)
+ return;
+
const PropertySet* props=application.getPropertySet("Sessions");
pair<bool,bool> checkAddress = props ? props->getBool("checkAddress") : make_pair(false,true);
if (!checkAddress.first)
policy.setMessageID(assertion.getID());
policy.setIssueInstant(assertion.getIssueInstantEpoch());
- if (XMLString::equals(assertion.getElementQName().getNamespaceURI(), samlconstants::SAML20P_NS)) {
+ if (XMLString::equals(assertion.getElementQName().getNamespaceURI(), samlconstants::SAML20_NS)) {
const saml2::Assertion* a2 = dynamic_cast<const saml2::Assertion*>(&assertion);
if (a2) {
m_log.debug("extracting issuer from SAML 2.0 assertion");
}
if (policy.getIssuer() && !policy.getIssuerMetadata() && policy.getMetadataProvider()) {
+ if (policy.getIssuer()->getFormat() && !XMLString::equals(policy.getIssuer()->getFormat(), saml2::NameIDType::ENTITY)) {
+ m_log.warn("non-system entity issuer, skipping metadata lookup");
+ return;
+ }
m_log.debug("searching metadata for assertion issuer...");
MetadataProvider::Criteria mc(policy.getIssuer()->getName(), &IDPSSODescriptor::ELEMENT_QNAME, protocol);
pair<const EntityDescriptor*,const RoleDescriptor*> entity = policy.getMetadataProvider()->getEntityDescriptor(mc);