Improved inResponse validation on Responses

pitbulk · pitbulk · commit 367d6dc64e3c · 2016-12-02T01:27:47.000+01:00
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -108,7 +108,7 @@ def is_valid(self, request_data, request_id=None):
 
                 # Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided
                 in_response_to = self.document.get('InResponseTo', None)
-                if in_response_to and request_id:
+                if in_response_to is not None and request_id is not None:
                     if in_response_to != request_id:
                         raise Exception('The InResponseTo of the Response: %s, does not match the ID of the AuthNRequest sent by the SP: %s' % (in_response_to, request_id))
 
