Make the Issuer on the Response Optional

Author: pitbulk

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -649,13 +649,15 @@ public List<String> getIssuers() throws XPathExpressionException, ValidationErro
 		List<String> issuers = new ArrayList<String>();
 		String value;
 		NodeList responseIssuer = Util.query(samlResponseDocument, "/samlp:Response/saml:Issuer");
-		if (responseIssuer.getLength() == 1) {
-			value = responseIssuer.item(0).getTextContent();
-			if (!issuers.contains(value)) {
-				issuers.add(value);
+		if (responseIssuer.getLength() > 1) {
+			if (responseIssuer.getLength() == 1) {
+				value = responseIssuer.item(0).getTextContent();
+				if (!issuers.contains(value)) {
+					issuers.add(value);
+				}
+			} else {
+				throw new ValidationError("Issuer of the Response is multiple.", ValidationError.ISSUER_MULTIPLE_IN_RESPONSE);
 			}
-		} else {
-			throw new ValidationError("Issuer of the Response not found or multiple.", ValidationError.ISSUER_NOT_FOUND_IN_RESPONSE);
 		}
 
 		NodeList assertionIssuer = this.queryAssertion("/saml:Issuer");

core/src/main/java/com/onelogin/saml2/exception/ValidationError.java

@@ -31,7 +31,7 @@ public class ValidationError extends Exception {
 	public static final int WRONG_DESTINATION = 24;
 	public static final int EMPTY_DESTINATION = 25;
 	public static final int WRONG_AUDIENCE = 26;
-	public static final int ISSUER_NOT_FOUND_IN_RESPONSE = 27;
+	public static final int ISSUER_MULTIPLE_IN_RESPONSE = 27;
 	public static final int ISSUER_NOT_FOUND_IN_ASSERTION = 28;
 	public static final int WRONG_ISSUER = 29;
 	public static final int SESSION_EXPIRED = 30;

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -716,31 +716,12 @@ public void testGetIssuers() throws IOException, Error, XPathExpressionException
 		samlResponseEncoded = Util.getFileAsString("data/responses/signed_assertion_response.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
-	}
-
-	/**
-	 * Tests the getIssuers method of SamlResponse
-	 * Case: Issuer of the response not found
-	 *
-	 * @throws Error
-	 * @throws IOException
-	 * @throws ValidationError
-	 * @throws SettingsException
-	 * @throws SAXException
-	 * @throws ParserConfigurationException
-	 * @throws XPathExpressionException
-	 *
-	 * @see com.onelogin.saml2.authn.SamlResponse#getIssuers
-	 */
-	@Test
-	public void testGetIssuersNoInResponse() throws IOException, Error, XPathExpressionException, ParserConfigurationException, SAXException, SettingsException, ValidationError {
-		expectedEx.expect(ValidationError.class);
-		expectedEx.expectMessage("Issuer of the Response not found or multiple.");
 
-		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
-		String samlResponseEncoded = Util.getFileAsString("data/responses/invalids/no_issuer_response.xml.base64");
-		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
-		List<String> issuers = samlResponse.getIssuers();
+		expectedIssuers = new ArrayList<String>();
+		expectedIssuers.add("https://app.onelogin.com/saml/metadata/13590");
+		samlResponseEncoded = Util.getFileAsString("data/responses/invalids/no_issuer_response.xml.base64");
+		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuers, samlResponse.getIssuers());
 	}
 
 	/**
@@ -1630,7 +1611,7 @@ public void testIsInValidIssuer() throws IOException, Error, XPathExpressionExce
 		settings.setStrict(true);
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
 		assertFalse(samlResponse.isValid());
-		assertEquals("Invalid issuer in the Assertion/Response", samlResponse.getError());
+		assertEquals("No Signature found. SAML Response rejected", samlResponse.getError());
 
 	}