@@ -278,15 +278,19 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
278278 fingerprint = OneLogin_Saml2_Utils .format_finger_print (fingerprint )
279279 fingerprintalg = idp_data .get ('certFingerprintAlgorithm' , None )
280280
281+ multicerts = None
282+ if 'x509certMulti' in idp_data and 'signing' in idp_data ['x509certMulti' ] and idp_data ['x509certMulti' ]['signing' ]:
283+ multicerts = idp_data ['x509certMulti' ]['signing' ]
284+
281285 # If find a Signature on the Response, validates it checking the original response
282- if has_signed_response and not OneLogin_Saml2_Utils .validate_sign (self .document , cert , fingerprint , fingerprintalg , xpath = OneLogin_Saml2_Utils .RESPONSE_SIGNATURE_XPATH , raise_exceptions = False ):
286+ if has_signed_response and not OneLogin_Saml2_Utils .validate_sign (self .document , cert , fingerprint , fingerprintalg , xpath = OneLogin_Saml2_Utils .RESPONSE_SIGNATURE_XPATH , multicerts = multicerts , raise_exceptions = False ):
283287 raise OneLogin_Saml2_ValidationError (
284288 'Signature validation failed. SAML Response rejected' ,
285289 OneLogin_Saml2_ValidationError .INVALID_SIGNATURE
286290 )
287291
288292 document_check_assertion = self .decrypted_document if self .encrypted else self .document
289- if has_signed_assertion and not OneLogin_Saml2_Utils .validate_sign (document_check_assertion , cert , fingerprint , fingerprintalg , xpath = OneLogin_Saml2_Utils .ASSERTION_SIGNATURE_XPATH , raise_exceptions = False ):
293+ if has_signed_assertion and not OneLogin_Saml2_Utils .validate_sign (document_check_assertion , cert , fingerprint , fingerprintalg , xpath = OneLogin_Saml2_Utils .ASSERTION_SIGNATURE_XPATH , multicerts = multicerts , raise_exceptions = False ):
290294 raise OneLogin_Saml2_ValidationError (
291295 'Signature validation failed. SAML Response rejected' ,
292296 OneLogin_Saml2_ValidationError .INVALID_SIGNATURE
0 commit comments