# include <xmltooling/XMLToolingConfig.h>
# include <xmltooling/io/HTTPRequest.h>
# include <xmltooling/util/DateTime.h>
+# include <xmltooling/validation/ValidatorSuite.h>
using namespace opensaml::saml2;
using namespace opensaml::saml2p;
using namespace opensaml::saml2md;
if (!decrypted->getSignature() && requireSignedAssertions.first && requireSignedAssertions.second)
throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
+ // Run the schema validators against the assertion, since it was hidden by encryption.
+ SchemaValidators.validate(decrypted.get());
+
// We clear the security flag, so we can tell whether the token was secured on its own.
policy.setAuthenticated(false);
policy.reset(true);
throw FatalProfileException("Attempted to create a session with a duplicate key.");
// Store the reverse mapping for logout.
- if (nameid && m_reverseIndex && (m_excludedNames.size() == 0 || m_excludedNames.count(nameid->getName()) == 0)) {
+ if (name.get() && *name.get() && m_reverseIndex
+ && (m_excludedNames.size() == 0 || m_excludedNames.count(nameid->getName()) == 0)) {
try {
insert(key.get(), expires, name.get(), index.get());
}