https://issues.shibboleth.net/jira/browse/SSPCPP-346

[shibboleth/cpp-sp.git] / shibsp / handler / impl / WAYFSessionInitiator.cpp

diff --git a/shibsp/handler/impl/WAYFSessionInitiator.cpp b/shibsp/handler/impl/WAYFSessionInitiator.cpp
index 160000d..8d6bd90 100644 (file)
--- a/shibsp/handler/impl/WAYFSessionInitiator.cpp
+++ b/shibsp/handler/impl/WAYFSessionInitiator.cpp
@@ -63,6 +63,10 @@ namespace shibsp {
         
         pair<bool,long> run(SPRequest& request, string& entityID, bool isHandler=true) const;
 
+        const XMLCh* getProtocolFamily() const {
+            return samlconstants::SAML11_PROTOCOL_ENUM;
+        }
+
     private:
         const char* m_url;
     };
@@ -122,31 +126,30 @@ pair<bool,long> WAYFSessionInitiator::run(SPRequest& request, string& entityID,
         discoveryURL = request.getRequestSettings().first->getString("discoveryURL");
     }
     
-    // Since we're not passing by index, we need to fully compute the return URL.
     if (!ACS) {
+        // Try fixed index property.
         pair<bool,unsigned int> index = getUnsignedInt("acsIndex", request, HANDLER_PROPERTY_MAP|HANDLER_PROPERTY_FIXED);
-        if (index.first) {
+        if (index.first)
             ACS = app.getAssertionConsumerServiceByIndex(index.second);
-            if (!ACS)
-                request.log(SPRequest::SPWarn, "invalid acsIndex property, using default ACS location");
-        }
-        if (!ACS)
-            ACS = app.getDefaultAssertionConsumerService();
     }
 
-    // Validate the ACS for use with this protocol.
-    if (ACS && !XMLString::equals(samlconstants::SAML11_PROTOCOL_ENUM, ACS->getProtocolFamily())) {
-        m_log.error("configured or requested ACS has non-SAML 1.x binding");
-        throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACS->getString("Binding").second));
+    // If we picked by index, validate the ACS for use with this protocol.
+    if (!ACS || !XMLString::equals(samlconstants::SAML11_PROTOCOL_ENUM, ACS->getProtocolFamily())) {
+        if (ACS)
+            request.log(SPRequest::SPWarn, "invalid acsIndex property, or non-SAML 1.x ACS, using default SAML 1.x ACS");
+        ACS = app.getAssertionConsumerServiceByProtocol(getProtocolFamily());
+        if (!ACS)
+            throw ConfigurationException("Unable to locate a SAML 1.x ACS endpoint to use for response.");
     }
 
     if (!discoveryURL.first)
         discoveryURL.second = m_url;
     m_log.debug("sending request to WAYF (%s)", discoveryURL.second);
 
+    // Since we're not passing by index, we need to fully compute the return URL.
     // Compute the ACS URL. We add the ACS location to the base handlerURL.
     string ACSloc = request.getHandlerURL(target.c_str());
-    prop = ACS ? ACS->getString("Location") : pair<bool,const char*>(false,nullptr);
+    prop = ACS->getString("Location");
     if (prop.first)
         ACSloc += prop.second;