https://issues.shibboleth.net/jira/browse/SSPCPP-351

[shibboleth/cpp-sp.git] / shibsp / handler / impl / Shib1SessionInitiator.cpp

diff --git a/shibsp/handler/impl/Shib1SessionInitiator.cpp b/shibsp/handler/impl/Shib1SessionInitiator.cpp
index 6242c66..5ed0c11 100644 (file)
--- a/shibsp/handler/impl/Shib1SessionInitiator.cpp
+++ b/shibsp/handler/impl/Shib1SessionInitiator.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2010 Internet2
+ *  Copyright 2001-2011 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -139,6 +139,7 @@ pair<bool,long> Shib1SessionInitiator::run(SPRequest& request, string& entityID,
         // Since we're passing the ACS by value, we need to compute the return URL,
         // so we'll need the target resource for real.
         recoverRelayState(app, request, request, target, false);
+        limitRelayState(m_log, app, request, target.c_str());
     }
     else {
         // Check for a hardwired target value in the map or handler.
@@ -158,7 +159,8 @@ pair<bool,long> Shib1SessionInitiator::run(SPRequest& request, string& entityID,
 
     // If we picked by index, validate the ACS for use with this protocol.
     if (!ACS || !XMLString::equals(getProtocolFamily(), ACS->getProtocolFamily())) {
-        request.log(SPRequest::SPWarn, "invalid acsIndex property, or non-SAML 1.x ACS, using default SAML 1.x ACS");
+        if (ACS)
+            request.log(SPRequest::SPWarn, "invalid acsIndex property, or non-SAML 1.x ACS, using default SAML 1.x ACS");
         ACS = app.getAssertionConsumerServiceByProtocol(getProtocolFamily());
         if (!ACS)
             throw ConfigurationException("Unable to locate a SAML 1.x ACS endpoint to use for response.");