Merge pull request #196 from LukasReschke/add-more-logging-to-audience

Add test for invalid audience exception

Author: pitbulk

lib/Saml2/Response.php

@@ -243,9 +243,13 @@ public function isValid($requestId = null)
 
                 // Check audience
                 $validAudiences = $this->getAudiences();
-                if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences)) {
+                if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) {
                     throw new OneLogin_Saml2_ValidationError(
-                        "$spEntityId is not a valid audience for this Response",
+                        sprintf(
+                            "Invalid audience for this Response (expected '%s', got '%s')",
+                            $spEntityId,
+                            implode(',', $validAudiences)
+                        ),
                         OneLogin_Saml2_ValidationError::WRONG_AUDIENCE
                     );
                 }

tests/src/OneLogin/Saml2/ResponseTest.php

@@ -915,7 +915,7 @@ public function testIsInValidAudience()
         $response2 = new OneLogin_Saml2_Response($this->_settings, $message);
 
         $this->assertFalse($response2->isValid());
-        $this->assertContains('is not a valid audience for this Response', $response2->getError());
+        $this->assertSame('Invalid audience for this Response (expected \'http://stuff.com/endpoints/metadata.php\', got \'http://invalid.audience.com\')', $response2->getError());
     }
 
     /**