X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPClient.cpp;h=7f8b319f3070cc4ab3fb2b58c6762028da9fa6cd;hp=9a6527b8b28fcb65fe9bafa0841cd99afe4f719e;hb=5d7bff8c9b4a048d34dda50c40ed355cf4dd84de;hpb=a9ce2664cc6bd6071a4e0885ef1801c352fd7d8b diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 9a6527b..7f8b319 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -62,20 +62,13 @@ Response* SAML1SOAPClient::receiveSAML() throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID."); m_soaper.getPolicy().reset(true); - pair minor = response->getMinorVersion(); - m_soaper.getPolicy().evaluate( - *response, - NULL, - (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM - ); - - if (!m_soaper.getPolicy().isSecure()) { - SecurityPolicyException ex("Security policy could not authenticate the message."); - if (m_soaper.getPolicy().getIssuerMetadata()) - annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it - else - ex.raise(); - } + + // Extract Response details and run policy against it. + // We don't pull Issuer out of any assertions because some profiles may permit + // alternate issuers at that layer. + m_soaper.getPolicy().setMessageID(response->getResponseID()); + m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch()); + m_soaper.getPolicy().evaluate(*response); // Check Status. Status* status = response->getStatus();