simplesamlphp/saml2

HTTPArtifact receive not working

timuniwise opened this issue · 6 comments

When the receive method is called in HTTPArtifact.php and PHP error is thrown:

Argument 1 passed to SAML2\Message::setIssuer() must be an instance of SAML2\XML\saml\Issuer or null, string given, called in /app/src/ext/vendor/simplesamlphp/saml2/src/SAML2/HTTPArtifact.php on line 150

As the errormessage indicates, the problem is

$ar->setIssuer($this->spMetadata->getString('entityid'));

at line 150, where the ArtifactResolve->setIssuer expects an Issuer object or null, but a string is given.

Good catch @timuniwise !
We must have missed a spot when converting issuers from strings to actual Issuer-objects..
I've tagged a new release that should fix this..

This problem has not been solved. The Issuer object in tag 4.1.5 expects a DOMElement, but a string i given.

public function __construct(DOMElement $xml = null)

Therefor the following error is thrown:
Argument 1 passed to SAML2\XML\saml\Issuer::__construct() must be an instance of DOMElement or null, string given, called in vendor/simplesamlphp/saml2/src/SAML2/HTTPArtifact.php on line 134 vendor/simplesamlphp/saml2/src/SAML2/XML/saml/Issuer.php:45

I can see that the Issuer in the master branch can be provided a string.

Sorry, I don't know what I was thinking.. I've just released 4.1.6 that should fix the issue permanently.
Please let me know!

We have updated to version 4.1.6. I am just waiting for a deployment. I will let you know.

Hi @tvdijen

I have just testet 4.1.6 and it seems to have to have solved that problem. But there is another later in the process.

In SOAPClient.php line 42, the following is called:

$issuer = $msg->getIssuer();

Later in the metode, the following is called:

$options = [
     'uri' => $issuer,
     'location' => $msg->getDestination(),
     'stream_context' => $context,
];

$x = new \SoapClient(null, $options);

However the \SoapClient expects the uri to be a string, but an Issuer object is provided and therefor an exception is thrown.

The problem can be solved by changing the options to:

$options = [
     'uri' => $issuer->getValue(),
     'location' => $msg->getDestination(),
     'stream_context' => $context,
];

Jeez, I feel so stupid... And apparently you're the only one using artifact resolution..
Yet another release was tagged.. Thanks again for reporting this!