Skip to content

Commit 21eba32

Browse files
thijskhthijskh
committed
Do not overwrite $request, initially the Symfony HTTP Request, with a SAML AuthnRequest halfway through the method
1 parent e973965 commit 21eba32

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

modules/saml/src/IdP/SAML2.php

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -411,17 +411,17 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
411411
$psrHttpFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
412412
$psrRequest = $psrHttpFactory->createRequest($request);
413413
$binding = Binding::getCurrentBinding($psrRequest);
414-
$request = $binding->receive($psrRequest);
414+
$authnRequest = $binding->receive($psrRequest);
415415

416-
if (!($request instanceof AuthnRequest)) {
416+
if (!($authnRequest instanceof AuthnRequest)) {
417417
throw new Error\BadRequest(
418418
"Message received on authentication request endpoint wasn't an authentication request."
419419
);
420420
}
421421

422422
$username = $request->get('username', null);
423423

424-
$issuer = $request->getIssuer();
424+
$issuer = $authnRequest->getIssuer();
425425
if ($issuer === null) {
426426
throw new Error\BadRequest(
427427
'Received message on authentication request endpoint without issuer.'
@@ -430,12 +430,12 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
430430
$spEntityId = $issuer->getContent();
431431
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
432432

433-
$authnRequestSigned = Message::validateMessage($spMetadata, $idpMetadata, $request);
433+
$authnRequestSigned = Message::validateMessage($spMetadata, $idpMetadata, $authnRequest);
434434

435-
$relayState = $request->getRelayState();
435+
$relayState = $authnRequest->getRelayState();
436436

437-
$requestId = $request->getId();
438-
$scoping = $request->getScoping();
437+
$requestId = $authnRequest->getId();
438+
$scoping = $authnRequest->getScoping();
439439

440440
$ProxyCount = $scoping?->getProxyCount();
441441
if ($ProxyCount !== null) {
@@ -457,15 +457,15 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
457457
}
458458
}
459459

460-
$forceAuthn = $request->getForceAuthn();
461-
$isPassive = $request->getIsPassive();
462-
$consumerURL = $request->getAssertionConsumerServiceURL();
463-
$protocolBinding = $request->getProtocolBinding();
464-
$consumerIndex = $request->getAssertionConsumerServiceIndex();
465-
$extensions = $request->getExtensions();
466-
$authnContext = $request->getRequestedAuthnContext();
460+
$forceAuthn = $authnRequest->getForceAuthn();
461+
$isPassive = $authnRequest->getIsPassive();
462+
$consumerURL = $authnRequest->getAssertionConsumerServiceURL();
463+
$protocolBinding = $authnRequest->getProtocolBinding();
464+
$consumerIndex = $authnRequest->getAssertionConsumerServiceIndex();
465+
$extensions = $authnRequest->getExtensions();
466+
$authnContext = $authnRequest->getRequestedAuthnContext();
467467

468-
$nameIdPolicy = $request->getNameIdPolicy();
468+
$nameIdPolicy = $authnRequest->getNameIdPolicy();
469469
$nameIDFormat = $nameIdPolicy?->getFormat();
470470
$allowCreate = $nameIdPolicy?->getAllowCreate() ?? false;
471471

0 commit comments

Comments
 (0)