It is now checked whether the Service Provider exists in metadata

ad118607 · haemmer · f3c67c01 · ad118607 · ad118607 · ad118607
Commit ad118607 authored Nov 18, 2010 by haemmer
Show whitespace changes
Inline Side-by-side

Showing with 31 additions and 22 deletions

WAYF WAYF +19 -7

functions.php functions.php +10 -15

languages.php languages.php +2 -0

No files found.
--- a/WAYF
+++ b/WAYF
@@ -90,6 +90,15 @@ if(isValidDSRequest()){
 		exit;
 	}
 	
+	if (isset($enableDSReturnParamCheck) && $enableDSReturnParamCheck){
+		// Check SP
+		if(!isset($SProviders[$_GET['entityID']])){
+			// Show error
+			$message = sprintf(getLocalString('unknown_sp'), htmlentities($_GET['entityID']));
+			printError($message);
+			exit;
+		}
+		
 		// Check return URL in DS request if checks are enabled
 		$returnURLOK = verifyReturnURL($_GET['entityID'], $returnURL);
 		if(!$returnURLOK){
@@ -98,6 +107,9 @@ if(isValidDSRequest()){
 			printError($message);
 			exit;
 		}
+	}
+	
+	
 }

 /*------------------------------------------------*/

--- a/functions.php
+++ b/functions.php
@@ -395,23 +395,11 @@ function getIPAdressHint() {
 	}
 	return '-';
 }
+
 /******************************************************************************/
 // Returns true if URL could be verified or if no check is necessary, false otherwise
 function verifyReturnURL($entityID, $returnURL) {
-	global $SProviders, $enableDSReturnParamCheck, $useACURLsForReturnParamCheck;
-	
-	// Skip check if is is deactivated
-	if (
-		   !isset($enableDSReturnParamCheck) 
-		|| !$enableDSReturnParamCheck
-	   ){
-		return true;
-	}
-	
-	// SP is unknown, therefore return false
-	if (!isset($SProviders[$entityID])){
-		return false;
-	}
+	global $SProviders, $useACURLsForReturnParamCheck;
 	
 	// If SP has a <idpdisc:DiscoveryResponse>, check return param
 	if (isset($SProviders[$entityID]['DSURL'])){
@@ -419,7 +407,14 @@ function verifyReturnURL($entityID, $returnURL) {
 	}
 	
 	// If fall back check is enabled, check return param
-	if ($useACURLsForReturnParamCheck){
+	if (isset($useACURLsForReturnParamCheck) && $useACURLsForReturnParamCheck){
+		
+		// Return true if no assertion consumer URL is defined to check against
+		// Should never happend
+		if (!isset($SProviders[$entityID]['ACURL'])){
+			return false;
+		}
+		
 		$returnURLHostName = getHostNameFromURI($returnURL);
 		foreach($SProviders[$entityID]['ACURL'] as $ACURL){
 			if (getHostNameFromURI($ACURL) == $returnURLHostName){

--- a/languages.php
+++ b/languages.php
@@ -45,6 +45,7 @@ $langStrings['en'] = array (
 'most_used' => 'Most often used Home Organisations',
 'invalid_return_url' => 'The return URL <tt>\'%s\'</tt> is not a valid URL.',
 'unverified_return_url' => 'The return URL <tt>\'%s\'</tt> could not be verified for Service Provider <tt>\'%s\'</tt>.',
+'unknown_sp' => 'The Service Provider <tt>\'%s\'</tt> could not be found in metadata and is therefore unknown.',
 );


@@ -88,6 +89,7 @@ $langStrings['de'] = array (
 'most_used' => 'Meist genutzte Home Organisationen',
 'invalid_return_url' => 'Die return URL <tt>\'%s\'</tt> ist keine g&uuml;tige URL.',
 'unverified_return_url' => 'Die return URL <tt>\'%s\'</tt> ist nicht g&uuml;tige f&uuml;r den Service Provider <tt>\'%s\'</tt>.',
+'unknown_sp' => 'Der Service Provider <tt>\'%s\'</tt> konnte nicht in den Metadaten gefunden werden und ist deshalb unbekannt.',
 );