Skip to content
Permalink
Browse files

RetrieveAssertionInfo(): indicate what elements have validated signat…

…ures
  • Loading branch information...
Paul Fraley
Paul Fraley committed Sep 7, 2017
1 parent 564985c commit 6b5458f8d691ed21571504d093e66124742160f6
Showing with 19 additions and 6 deletions.
  1. +9 −0 decode_response.go
  2. +1 −0 retrieve_assertion.go
  3. +7 −6 saml.go
  4. +2 −0 types/response.go
@@ -259,6 +259,7 @@ func (sp *SAMLServiceProvider) ValidateEncodedResponse(encodedResponse string) (
return nil, err
}

var assertionSignaturesValidated bool
if !sp.SkipSignatureValidation {
err = sp.validateAssertionSignatures(el)
if err == dsig.ErrMissingSignature {
@@ -267,6 +268,8 @@ func (sp *SAMLServiceProvider) ValidateEncodedResponse(encodedResponse string) (
}
} else if err != nil {
return nil, err
} else {
assertionSignaturesValidated = true
}
}

@@ -275,6 +278,12 @@ func (sp *SAMLServiceProvider) ValidateEncodedResponse(encodedResponse string) (
if err != nil {
return nil, fmt.Errorf("unable to unmarshal response: %v", err)
}
decodedResponse.SignatureValidated = responseSignatureValidated
if assertionSignaturesValidated {
for idx := 0; idx < len(decodedResponse.Assertions); idx++ {
decodedResponse.Assertions[idx].SignatureValidated = true
}
}

err = sp.Validate(decodedResponse)
if err != nil {
@@ -49,6 +49,7 @@ func (sp *SAMLServiceProvider) RetrieveAssertionInfo(encodedResponse string) (*A

assertion := response.Assertions[0]
assertionInfo.Assertions = response.Assertions
assertionInfo.ResponseSignatureValidated = response.SignatureValidated

warningInfo, err := sp.VerifyAssertionConditions(&assertion)
if err != nil {
13 saml.go
@@ -184,10 +184,11 @@ type WarningInfo struct {
}

type AssertionInfo struct {
NameID string
Values Values
WarningInfo *WarningInfo
AuthnInstant *time.Time
SessionNotOnOrAfter *time.Time
Assertions []types.Assertion
NameID string
Values Values
WarningInfo *WarningInfo
AuthnInstant *time.Time
SessionNotOnOrAfter *time.Time
Assertions []types.Assertion
ResponseSignatureValidated bool
}
@@ -16,6 +16,7 @@ type Response struct {
Issuer *Issuer `xml:"Issuer"`
Assertions []Assertion `xml:"Assertion"`
EncryptedAssertions []EncryptedAssertion `xml:"EncryptedAssertion"`
SignatureValidated bool `xml:"-"` // not read, not dumped
}

type Status struct {
@@ -48,6 +49,7 @@ type Assertion struct {
Conditions *Conditions `xml:"Conditions"`
AttributeStatement *AttributeStatement `xml:"AttributeStatement"`
AuthnStatement *AuthnStatement `xml:"AuthnStatement"`
SignatureValidated bool `xml:"-"` // not read, not dumped
}

type Subject struct {

0 comments on commit 6b5458f

Please sign in to comment.
You can’t perform that action at this time.