From 725819a64f3c653375bb14e30ad9cc405859d8a7 Mon Sep 17 00:00:00 2001
From: Sergio Garcez <garcez.sergio@gmail.com>
Date: Tue, 12 Sep 2017 16:34:35 +0100
Subject: [PATCH] testing relaxinf of issuer comparison

---
 src/onelogin/saml2/response.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
index b8b9ef90..49a422ca 100644
--- a/src/onelogin/saml2/response.py
+++ b/src/onelogin/saml2/response.py
@@ -202,8 +202,16 @@ def is_valid(self, request_data, request_id=None, raise_exceptions=False):
 
                 # Checks the issuers
                 issuers = self.get_issuers()
+                if idp_entity_id.startswith('https://'):
+                    no_scheme_entity_id = idp_entity_id[:8]
+                else:
+                    no_scheme_entity_id = idp_entity_id[7:]
                 for issuer in issuers:
-                    if issuer is None or issuer != idp_entity_id:
+                    if issuer and issuer.startswith('https://'):
+                        no_scheme_issuer = issuer[:8]
+                    elif issuer and issuer.startswith('http://'):
+                        no_scheme_issuer = issuer[7:]
+                    if issuer is None or no_scheme_issuer != no_scheme_entity_id:
                         raise OneLogin_Saml2_ValidationError(
                             'Invalid issuer in the Assertion/Response',
                             OneLogin_Saml2_ValidationError.WRONG_ISSUER