fixing introduced issue

SAML-Toolkits · Sep 19, 2020 · 52868c4 · 52868c4
1 parent c3d0b71
commit 52868c4
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb
@@ -863,8 +863,12 @@ def validate_signature
           valid = false
           expired = false
           idp_certs[:signing].each do |idp_cert|
-            valid = doc.validate_document_with_cert(idp_cert, @soft)
+            valid = doc.validate_document_with_cert(idp_cert, true)
             if valid
+              # required to reset errors as there could be issues with previous certificates
+              doc.reset_errors!
+              reset_errors!
+
               if settings.security[:check_idp_cert_expiration]
                 if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
                   expired = true