- if (issuer && trustEngine && response->getSignature()) {
- issuerTrusted = static_cast<const TrustEngine*>(trustEngine)->validate(
- *(response->getSignature()), *issuer, metadataProvider->getKeyResolver()
+ if (issuer) {
+ if (trustEngine && response->getSignature()) {
+ issuerTrusted = static_cast<const TrustEngine*>(trustEngine)->validate(
+ *(response->getSignature()), *issuer, metadataProvider->getKeyResolver()
+ );
+ if (!issuerTrusted)
+ log.error("unable to verify signature on message with supplied trust engine");
+ }
+ else {
+ log.warn("unable to verify integrity of the message, leaving untrusted");
+ }
+ }
+ else {
+ log.warn(
+ "unable to find compatible SAML 1.%d role (%s) in metadata",
+ (minor.first && minor.second==0) ? 0 : 1,
+ role->toString().c_str()