X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=saml%2Fbinding%2Fimpl%2FSecurityPolicy.cpp;h=371410e92b7632f1921a8d716fc6a07828b62772;hb=80118fcbdf5d121c495f4db3246c150275641f74;hp=2bae01d4e11bfafddff76643f4758e8712fcd1f2;hpb=da57a13a715c901bca24ce3402f53d1e117fd1b4;p=shibboleth%2Fopensaml2.git

diff --git a/saml/binding/impl/SecurityPolicy.cpp b/saml/binding/impl/SecurityPolicy.cpp
index 2bae01d..371410e 100644
--- a/saml/binding/impl/SecurityPolicy.cpp
+++ b/saml/binding/impl/SecurityPolicy.cpp
@@ -78,9 +78,11 @@ void SecurityPolicy::evaluate(const XMLObject& message, const GenericRequest* re
 void SecurityPolicy::setIssuer(const Issuer* issuer)
 {
     if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
-        throw SecurityPolicyException("A rule supplied an Issuer that conflicts with previous results.");
+        throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results.");
     
     if (!m_issuer) {
+        if (m_entityOnly && issuer->getFormat() && !XMLString::equals(issuer->getFormat(), NameIDType::ENTITY))
+            throw SecurityPolicyException("A non-entity Issuer was supplied, violating policy.");
         m_issuerRole = NULL;
         m_issuer=issuer->cloneIssuer();
     }
@@ -89,7 +91,7 @@ void SecurityPolicy::setIssuer(const Issuer* issuer)
 void SecurityPolicy::setIssuer(const XMLCh* issuer)
 {
     if (!getIssuerMatchingPolicy().issuerMatches(m_issuer, issuer))
-        throw SecurityPolicyException("A rule supplied an Issuer that conflicts with previous results.");
+        throw SecurityPolicyException("An Issuer was supplied that conflicts with previous results.");
     
     if (!m_issuer && issuer && *issuer) {
         m_issuerRole = NULL;