Add assertion to ensure binding matches idpdisco-specs

simplesamlphp · Oct 18, 2023 · 9287aa0 · 9287aa0
1 parent 8e5fb9b
commit 9287aa0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/src/SAML2/Constants.php b/src/SAML2/Constants.php
@@ -61,6 +61,11 @@ class Constants extends \SimpleSAML\XMLSecurity\Constants
  */
  public const BINDING_HTTP_REDIRECT_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';
 
+ /*
+ * The URN for the IdP Discovery Protocol binding
+ */
+ public const BINDING_IDPDISC = 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol';
+
  /**
  * The URN for the PAOS binding.
  */

diff --git a/src/SAML2/XML/idpdisc/DiscoveryResponse.php b/src/SAML2/XML/idpdisc/DiscoveryResponse.php
@@ -6,6 +6,7 @@
 
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\SAML2\XML\md\AbstractIndexedEndpointType;
 
 /**
@@ -48,10 +49,11 @@ public function __construct(
  array $attributes = [],
  array $children = [],
  ) {
+ Assert::same($binding, C::BINDING_IDPDISC, ProtocolViolationException::class);
  Assert::null(
  $unused,
  'The \'ResponseLocation\' attribute must be omitted for idpdisc:DiscoveryResponse.',
  );
- parent::__construct($index, $binding, $location, $isDefault, null, $attributes, $children);
+ parent::__construct($index, C::BINDING_IDPDISC, $location, $isDefault, null, $attributes, $children);
  }
 }