+
+ // Check destination URL.
+ auto_ptr_char dest(response->getDestination());
+ const char* dest2 = httpRequest->getRequestURL();
+ const char* delim = strchr(dest2, '?');
+ if (response->getSignature() && (!dest.get() || !*(dest.get()))) {
+ log.error("signed SAML message missing Destination attribute");
+ throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
+ }
+ else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) {
+ log.error("PAOS response targeted at (%s), but delivered to (%s)", dest.get(), dest2);
+ throw BindingException("SAML message delivered with PAOS to incorrect server URL.");
+ }
+