Commit 891aafb2 authored by Peter Loer's avatar Peter Loer
Browse files

Merge pull request #131 from timoruppell/timoruppell-fix-subject-deref

Fix Subject dereference bug
parents f8b6837b 2b5abbaa
...@@ -684,30 +684,30 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb ...@@ -684,30 +684,30 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb
profile.spNameQualifier = nameID[0].$.SPNameQualifier; profile.spNameQualifier = nameID[0].$.SPNameQualifier;
} }
} }
}
var subjectConfirmation = subject[0].SubjectConfirmation ? var subjectConfirmation = subject[0].SubjectConfirmation ?
subject[0].SubjectConfirmation[0] : null; subject[0].SubjectConfirmation[0] : null;
var confirmData = subjectConfirmation && subjectConfirmation.SubjectConfirmationData ? var confirmData = subjectConfirmation && subjectConfirmation.SubjectConfirmationData ?
subjectConfirmation.SubjectConfirmationData[0] : null; subjectConfirmation.SubjectConfirmationData[0] : null;
if (subject[0].SubjectConfirmation && subject[0].SubjectConfirmation.length > 1) { if (subject[0].SubjectConfirmation && subject[0].SubjectConfirmation.length > 1) {
msg = 'Unable to process multiple SubjectConfirmations in SAML assertion'; msg = 'Unable to process multiple SubjectConfirmations in SAML assertion';
throw new Error(msg); throw new Error(msg);
} }
if (subjectConfirmation) { if (subjectConfirmation) {
if (confirmData && confirmData.$) { if (confirmData && confirmData.$) {
var subjectNotBefore = confirmData.$.NotBefore; var subjectNotBefore = confirmData.$.NotBefore;
var subjectNotOnOrAfter = confirmData.$.NotOnOrAfter; var subjectNotOnOrAfter = confirmData.$.NotOnOrAfter;
var subjErr = self.checkTimestampsValidityError( var subjErr = self.checkTimestampsValidityError(
nowMs, subjectNotBefore, subjectNotOnOrAfter); nowMs, subjectNotBefore, subjectNotOnOrAfter);
if (subjErr) { if (subjErr) {
throw subjErr; throw subjErr;
}
} }
} }
} }
// Test to see that if we have a SubjectConfirmation InResponseTo that it matches // Test to see that if we have a SubjectConfirmation InResponseTo that it matches
// the 'InResponseTo' attribute set in the Response // the 'InResponseTo' attribute set in the Response
if (self.options.validateInResponseTo) { if (self.options.validateInResponseTo) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment