Skip to content

Commit

Permalink
Don't fail if signature provided in query string, but not in the message
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexanderzobnin
alexanderzobnin committed Feb 3, 2023
1 parent b75d97a commit 8197ae7
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions service_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1531,11 +1531,13 @@ func (sp *ServiceProvider) ValidateLogoutResponseRedirect(query url.Values) erro
return err
}

hasValidSignature := false
if query.Get("Signature") != "" && query.Get("SigAlg") != "" {
if err := sp.validateQuerySig(query); err != nil {
retErr.PrivateErr = err
return retErr
}
hasValidSignature = true
}

doc := etree.NewDocument()
Expand All @@ -1545,8 +1547,10 @@ func (sp *ServiceProvider) ValidateLogoutResponseRedirect(query url.Values) erro
}

if err := sp.validateSignature(doc.Root()); err != nil {
retErr.PrivateErr = err
return retErr
if err != errSignatureElementNotPresent && !hasValidSignature {
retErr.PrivateErr = err
return retErr
}
}

var resp LogoutResponse
Expand Down

0 comments on commit 8197ae7

Please sign in to comment.