X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPClient.cpp;h=7f8b319f3070cc4ab3fb2b58c6762028da9fa6cd;hb=5d7bff8c9b4a048d34dda50c40ed355cf4dd84de;hp=07e4121a2f7972a0777d73137436de241f950ba2;hpb=9fddf9054c76de6239295b98a559fcc75453effc;p=shibboleth%2Fopensaml2.git

diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
index 07e4121..7f8b319 100644
--- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
@@ -37,13 +37,13 @@ using namespace xmltooling::logging;
 using namespace xmltooling;
 using namespace std;
 
-void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
+void SAML1SOAPClient::sendSAML(Request* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
 {
     auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
     Body* body = BodyBuilder::buildBody();
     env->setBody(body);
     body->getUnknownXMLObjects().push_back(request);
-    m_soaper.send(*env.get(), peer, endpoint);
+    m_soaper.send(*env.get(), from, to, endpoint);
     m_correlate = XMLString::replicate(request->getRequestID());
 }
 
@@ -61,16 +61,15 @@ Response* SAML1SOAPClient::receiveSAML()
                 if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
                     throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
                 
+                m_soaper.getPolicy().reset(true);
+
+                // Extract Response details and run policy against it.
+                // We don't pull Issuer out of any assertions because some profiles may permit
+                // alternate issuers at that layer.
+                m_soaper.getPolicy().setMessageID(response->getResponseID());
+                m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch());
                 m_soaper.getPolicy().evaluate(*response);
                 
-                if (!m_soaper.getPolicy().isSecure()) {
-                    SecurityPolicyException ex("Security policy could not authenticate the message.");
-                    if (m_soaper.getPolicy().getIssuerMetadata())
-                        annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
-                    else
-                        ex.raise();
-                }
-                
                 // Check Status.
                 Status* status = response->getStatus();
                 if (status) {