Tagging 2.4.2 release.

git-svn-id: https://svn.shibboleth.net/cpp-sp/tags/2.4.2@3406 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/doc/README.txt b/doc/README.txt
index 4b7a0eb..1c88f88 100644 (file)
--- a/doc/README.txt
+++ b/doc/README.txt
@@ -1,5 +1,3 @@
-Version 2.4.1
-
 Welcome to Internet2's Shibboleth
 
 Shibboleth is a federated web authentication and attribute exchange system

diff --git a/shibsp/handler/impl/AbstractHandler.cpp b/shibsp/handler/impl/AbstractHandler.cpp
index 967351b..4944e0c 100644 (file)
--- a/shibsp/handler/impl/AbstractHandler.cpp
+++ b/shibsp/handler/impl/AbstractHandler.cpp
@@ -118,7 +118,7 @@ namespace shibsp {
         const PropertySet* sessionProps = application.getPropertySet("Sessions");
         if (sessionProps) {
             pair<bool,const char*> relayStateLimit = sessionProps->getString("relayStateLimit");
-            if (relayStateLimit.first) {
+            if (relayStateLimit.first && strcmp(relayStateLimit.second, "none")) {
                 vector<string> whitelist;
                 if (!strcmp(relayStateLimit.second, "exact")) {
                     // Scheme and hostname have to match.
@@ -159,6 +159,10 @@ namespace shibsp {
                         }
                     }
                 }
+                else {
+                    log.warn("unrecognized relayStateLimit policy (%s), blocked redirect to (%s)", relayStateLimit.second, relayState);
+                    throw opensaml::SecurityPolicyException("Unrecognized relayStateLimit setting.");
+                }
 
                 for (vector<string>::const_iterator w = whitelist.begin(); w != whitelist.end(); ++w) {
                     if (XMLString::startsWithI(relayState, w->c_str())) {