From b4183733647762ddb317869ef0473e2dedba1ebf Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Sat, 24 Feb 2007 21:50:17 +0000 Subject: [PATCH] Enforce final disposition of policy. --- saml/saml1/binding/impl/SAML1SOAPClient.cpp | 6 +++++- saml/saml2/binding/impl/SAML2SOAPClient.cpp | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 97114a0..d1d6ef4 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -56,7 +56,7 @@ Response* SAML1SOAPClient::receiveSAML() // Check for SAML Response. Response* response = dynamic_cast(body->getUnknownXMLObjects().front()); if (response) { - + // Check InResponseTo. if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo())) throw BindingException("InResponseTo attribute did not correlate with the Request ID."); @@ -70,6 +70,10 @@ Response* SAML1SOAPClient::receiveSAML() } m_soaper.getPolicy().evaluate(*response); + + if (!m_soaper.getPolicy().isSecure()) + throw BindingException("Security policy could not authenticate the message."); + env.release(); body->detach(); // frees Envelope response->detach(); // frees Body diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp index 7ed6c1b..66189cc 100644 --- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp @@ -70,6 +70,9 @@ StatusResponseType* SAML2SOAPClient::receiveSAML() } m_soaper.getPolicy().evaluate(*response); + if (!m_soaper.getPolicy().isSecure()) + throw BindingException("Security policy could not authenticate the message."); + env.release(); body->detach(); // frees Envelope response->detach(); // frees Body -- 2.1.4