From ace246edc5cc1b4b2984f07c60612a7fbda5a701 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Wed, 18 Oct 2023 23:26:56 +0200 Subject: [PATCH] Add assertion to ensure binding matches idpdisco-specs --- src/SAML2/Constants.php | 5 +++++ src/SAML2/XML/idpdisc/DiscoveryResponse.php | 4 +++- tests/SAML2/XML/idpdisc/DiscoveryResponseTest.php | 8 +++++++- tests/SAML2/XML/md/IndexedEndpointTypeTest.php | 3 ++- tests/resources/xml/idpdisc_DiscoveryResponse.xml | 2 +- 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/SAML2/Constants.php b/src/SAML2/Constants.php index 5dca7fe7d..bcadd712f 100644 --- a/src/SAML2/Constants.php +++ b/src/SAML2/Constants.php @@ -61,6 +61,11 @@ class Constants extends \SimpleSAML\XMLSecurity\Constants */ public const BINDING_HTTP_REDIRECT_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'; + /* + * The URN for the IdP Discovery Protocol binding + */ + public const BINDING_IDPDISC = 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'; + /** * The URN for the PAOS binding. */ diff --git a/src/SAML2/XML/idpdisc/DiscoveryResponse.php b/src/SAML2/XML/idpdisc/DiscoveryResponse.php index 2671173b4..08e78af1b 100644 --- a/src/SAML2/XML/idpdisc/DiscoveryResponse.php +++ b/src/SAML2/XML/idpdisc/DiscoveryResponse.php @@ -6,6 +6,7 @@ use SimpleSAML\Assert\Assert; use SimpleSAML\SAML2\Constants as C; +use SimpleSAML\SAML2\Exception\ProtocolViolationException; use SimpleSAML\SAML2\XML\md\AbstractIndexedEndpointType; /** @@ -48,10 +49,11 @@ public function __construct( array $attributes = [], array $children = [], ) { + Assert::same($binding, C::BINDING_IDPDISC, ProtocolViolationException::class); Assert::null( $unused, 'The \'ResponseLocation\' attribute must be omitted for idpdisc:DiscoveryResponse.', ); - parent::__construct($index, $binding, $location, $isDefault, null, $attributes, $children); + parent::__construct($index, C::BINDING_IDPDISC, $location, $isDefault, null, $attributes, $children); } } diff --git a/tests/SAML2/XML/idpdisc/DiscoveryResponseTest.php b/tests/SAML2/XML/idpdisc/DiscoveryResponseTest.php index fd81597ca..47acd1abd 100644 --- a/tests/SAML2/XML/idpdisc/DiscoveryResponseTest.php +++ b/tests/SAML2/XML/idpdisc/DiscoveryResponseTest.php @@ -106,7 +106,13 @@ public function testMarshallingWithResponseLocation(): void $this->expectExceptionMessage( 'The \'ResponseLocation\' attribute must be omitted for idpdisc:DiscoveryResponse.', ); - new DiscoveryResponse(42, C::BINDING_HTTP_ARTIFACT, C::LOCATION_A, false, 'https://response.location/'); + new DiscoveryResponse( + 42, + C::BINDING_IDPDISC, + C::LOCATION_A, + false, + 'https://response.location/', + ); } diff --git a/tests/SAML2/XML/md/IndexedEndpointTypeTest.php b/tests/SAML2/XML/md/IndexedEndpointTypeTest.php index 43e63a7a6..f9ae52cab 100644 --- a/tests/SAML2/XML/md/IndexedEndpointTypeTest.php +++ b/tests/SAML2/XML/md/IndexedEndpointTypeTest.php @@ -51,7 +51,8 @@ public static function setUpBeforeClass(): void */ public function testMarshallingWithoutIsDefault(string $class): void { - $idxep = new $class(42, C::BINDING_HTTP_POST, C::LOCATION_A); + $binding = ($class === DiscoveryResponse::class) ? C::BINDING_IDPDISCO : C::BINDING_HTTP_POST; + $idxep = new $class(42, $binding, C::LOCATION_A); $this->assertNull($idxep->getIsDefault()); } diff --git a/tests/resources/xml/idpdisc_DiscoveryResponse.xml b/tests/resources/xml/idpdisc_DiscoveryResponse.xml index 71757cb9d..7c71dd9c9 100644 --- a/tests/resources/xml/idpdisc_DiscoveryResponse.xml +++ b/tests/resources/xml/idpdisc_DiscoveryResponse.xml @@ -1,3 +1,3 @@ - + SomeExtension