From 5de0cc62eb443501e43608917c493ff7ad6f6c46 Mon Sep 17 00:00:00 2001
From: Chris Andrews <chrisandrews@venda.com>
Date: Nov 22 2010 20:42:53 +0000
Subject: Add a horrendous hack to work around OpenSSO.


Expects a specific order to elements in an ArtifactResolve message.

---

diff --git a/lib/Net/SAML2/Binding/SOAP.pm b/lib/Net/SAML2/Binding/SOAP.pm
index ab922ba..edffe4b 100644
--- a/lib/Net/SAML2/Binding/SOAP.pm
+++ b/lib/Net/SAML2/Binding/SOAP.pm
@@ -147,6 +147,23 @@ sub create_soap_envelope {
 	});
         my $signed_message = $sig->sign($message);
 	
+	# OpenSSO ArtifactResolve hack
+	#
+	# OpenSSO's ArtifactResolve parser is completely hateful. It demands that 
+	# the order of child elements in an ArtifactResolve message be:
+	#
+	# 1: saml:Issuer
+	# 2: dsig:Signature
+	# 3: samlp:Artifact
+	#
+	# Really.
+	#
+	if ($signed_message =~ /ArtifactResolve/) {
+		$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
+		my $signature = $1;
+		$signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
+	}
+
 	# test verify
         my $ret = $sig->verify($signed_message);
         die "failed to sign" unless $ret;