From a6cadad81df2b44a99ca452ea1737abf1fa7d3e8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 10 Mar 2016 12:31:38 +0100
Subject: add additional PVP response validation

---
 .../auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-modules-federated_authentication')

diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index d5c5354c0..01163efd6 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -347,7 +347,10 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		// check SAML2 response status-code
 		if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {				
 			//validate PVP 2.1 assertion
-			samlVerificationEngine.validateAssertion(samlResp, true, credentialProvider.getIDPAssertionEncryptionCredential());
+			samlVerificationEngine.validateAssertion(samlResp, true, 
+					credentialProvider.getIDPAssertionEncryptionCredential(),
+					pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA,
+					FederatedAuthConstants.MODULE_NAME_FOR_LOGGING);
 
 			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
 			return msg;
-- 
cgit v1.2.3