projects / shibboleth / cpp-opensaml.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added MessageRoutingRule for destination checks.
[shibboleth/cpp-opensaml.git] / saml / saml2 / binding / impl / SAML2POSTDecoder.cpp
diff --git a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
index a7f1cda..3d4cb42 100644 (file)
--- a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
@@ -100,37 +100,16 @@ saml2::RootObject* SAML2POSTDecoder::decode(
     auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
     janitor.release();
 
-    saml2::RootObject* root = NULL;
-    StatusResponseType* response = NULL;
-    RequestAbstractType* request = dynamic_cast<RequestAbstractType*>(xmlObject.get());
-    if (!request) {
-        response = dynamic_cast<StatusResponseType*>(xmlObject.get());
-        if (!response)
-            throw BindingException("XML content for SAML 2.0 HTTP-POST Decoder must be a SAML 2.0 protocol message.");
-        root = static_cast<saml2::RootObject*>(response);
-    }
-    else {
-        root = static_cast<saml2::RootObject*>(request);
-    }
+    saml2::RootObject* root = dynamic_cast<saml2::RootObject*>(xmlObject.get());
+    if (!root)
+        throw BindingException("XML content for SAML 2.0 HTTP-POST Decoder must be a SAML 2.0 protocol message.");
     
     try {
         if (!m_validate)
             SchemaValidators.validate(xmlObject.get());
         
-        // Check destination URL.
-        auto_ptr_char dest(request ? request->getDestination() : response->getDestination());
-        const char* dest2 = httpRequest->getRequestURL();
-        if (root->getSignature() && !dest.get() || !*(dest.get())) {
-            log.error("signed SAML message missing Destination attribute");
-            throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
-        }
-        else if (dest.get() && (!dest2 || !*dest2 || strcmp(dest.get(),dest2))) {
-            log.error("POST targeted at (%s), but delivered to (%s)", dest.get(), dest2 ? dest2 : "none");
-            throw BindingException("SAML message delivered with POST to incorrect server URL.");
-        }
-        
         // Run through the policy.
-        policy.evaluate(genericRequest, *response);
+        policy.evaluate(genericRequest, *root);
     }
     catch (XMLToolingException& ex) {
         // This is just to maximize the likelihood of attaching a source to the message for support purposes.
@@ -140,7 +119,7 @@ saml2::RootObject* SAML2POSTDecoder::decode(
         const Issuer* claimedIssuer = root->getIssuer();
         if (!claimedIssuer) {
             // Check for assertions.
-            const Response* assbag = dynamic_cast<Response*>(response);
+            const Response* assbag = dynamic_cast<Response*>(root);
             if (assbag) {
                 const vector<Assertion*>& assertions=assbag->getAssertions();
                 if (!assertions.empty())
Unnamed repository; edit this file 'description' to name the repository.