Enforce final disposition of policy.

diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
index 97114a0..d1d6ef4 100644 (file)
--- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
@@ -56,7 +56,7 @@ Response* SAML1SOAPClient::receiveSAML()
             // Check for SAML Response.
             Response* response = dynamic_cast<Response*>(body->getUnknownXMLObjects().front());
             if (response) {
-                
+
                 // Check InResponseTo.
                 if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
                     throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
@@ -70,6 +70,10 @@ Response* SAML1SOAPClient::receiveSAML()
                 }
                 
                 m_soaper.getPolicy().evaluate(*response);
+                
+                if (!m_soaper.getPolicy().isSecure())
+                    throw BindingException("Security policy could not authenticate the message.");
+                
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body

diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
index 7ed6c1b..66189cc 100644 (file)
--- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
@@ -70,6 +70,9 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
                 }
                 
                 m_soaper.getPolicy().evaluate(*response);
+                if (!m_soaper.getPolicy().isSecure())
+                    throw BindingException("Security policy could not authenticate the message.");
+
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body