From 19fa6d26c3d6515f9556c1c70d59a86ea3a05ff4 Mon Sep 17 00:00:00 2001 From: cantor Date: Sat, 24 Feb 2007 21:50:17 +0000 Subject: [PATCH] Enforce final disposition of policy. git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@192 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0 --- saml/saml1/binding/impl/SAML1SOAPClient.cpp | 6 +++++- saml/saml2/binding/impl/SAML2SOAPClient.cpp | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 97114a0..d1d6ef4 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -56,7 +56,7 @@ Response* SAML1SOAPClient::receiveSAML() // Check for SAML Response. Response* response = dynamic_cast(body->getUnknownXMLObjects().front()); if (response) { - + // Check InResponseTo. if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo())) throw BindingException("InResponseTo attribute did not correlate with the Request ID."); @@ -70,6 +70,10 @@ Response* SAML1SOAPClient::receiveSAML() } m_soaper.getPolicy().evaluate(*response); + + if (!m_soaper.getPolicy().isSecure()) + throw BindingException("Security policy could not authenticate the message."); + env.release(); body->detach(); // frees Envelope response->detach(); // frees Body diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp index 7ed6c1b..66189cc 100644 --- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp @@ -70,6 +70,9 @@ StatusResponseType* SAML2SOAPClient::receiveSAML() } m_soaper.getPolicy().evaluate(*response); + if (!m_soaper.getPolicy().isSecure()) + throw BindingException("Security policy could not authenticate the message."); + env.release(); body->detach(); // frees Envelope response->detach(); // frees Body -- 2.1.4