Add a RP-based key name to credential lookup.

[shibboleth/sp.git] / shibsp / handler / impl / SAML2SessionInitiator.cpp

diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index 57ee0e5..c904614 100644 (file)
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -491,6 +491,9 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
             // Fill in criteria to use.
             MetadataCredentialCriteria mcc(*role);
             mcc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+            pair<bool,const char*> keyName = relyingParty->getString("keyName");
+            if (keyName.first)
+                mcc.getKeyNames().insert(keyName.second);
             pair<bool,const XMLCh*> sigalg = relyingParty->getXMLString("signatureAlg");
             if (sigalg.first)
                 mcc.setXMLAlgorithm(sigalg.second);