From 6304f238f421a26455e1278131e69b1b471a8d45 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Wed, 21 Jan 2015 02:31:10 +0000 Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-632 --- shibsp/handler/impl/SAML2Consumer.cpp | 4 ++++ shibsp/impl/StorageServiceSessionCache.cpp | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp index ec62384..be2397c 100644 --- a/shibsp/handler/impl/SAML2Consumer.cpp +++ b/shibsp/handler/impl/SAML2Consumer.cpp @@ -44,6 +44,7 @@ # include # include # include +# include using namespace opensaml::saml2; using namespace opensaml::saml2p; using namespace opensaml::saml2md; @@ -312,6 +313,9 @@ void SAML2Consumer::implementProtocol( if (!decrypted->getSignature() && requireSignedAssertions.first && requireSignedAssertions.second) throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy."); + // Run the schema validators against the assertion, since it was hidden by encryption. + SchemaValidators.validate(decrypted.get()); + // We clear the security flag, so we can tell whether the token was secured on its own. policy.setAuthenticated(false); policy.reset(true); diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp index 9e5d48d..b816624 100644 --- a/shibsp/impl/StorageServiceSessionCache.cpp +++ b/shibsp/impl/StorageServiceSessionCache.cpp @@ -1233,7 +1233,8 @@ void SSCache::insert( throw FatalProfileException("Attempted to create a session with a duplicate key."); // Store the reverse mapping for logout. - if (nameid && m_reverseIndex && (m_excludedNames.size() == 0 || m_excludedNames.count(nameid->getName()) == 0)) { + if (name.get() && *name.get() && m_reverseIndex + && (m_excludedNames.size() == 0 || m_excludedNames.count(nameid->getName()) == 0)) { try { insert(key.get(), expires, name.get(), index.get()); } -- 2.1.4