a7a7ebb5618cb7fc3d6a8005d1f6f6de547cc62c,core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java,SamlResponse,queryAssertion,#String#,698

Before Change


		NodeList nodeList = query(signedAssertionQuery, null);
		if (nodeList.getLength() > 0) { // is the assertion signed
			Node assertionReferenceNode = nodeList.item(0);
			String assertionId = assertionReferenceNode.getAttributes().getNamedItem("URI").getNodeValue().substring(1);
			nameQuery = "/samlp:Response/" + assertionExpr + "[@ID='" + assertionId + "']";
		} else { // is the whole response signed?
			String signedMessageQuery = "/samlp:Response/" + signatureExpr;

After Change


            nodeList = query(signedMessageQuery, null);
            if (nodeList.getLength() > 0) {
                Node responseReferenceNode = nodeList.item(0);
                String responseId = responseReferenceNode.getAttributes().getNamedItem("URI").getNodeValue();
                if (responseId != null && !responseId.isEmpty()) {
                    responseId = responseId.substring(1);
                } else {
                    responseId = responseReferenceNode.getParentNode().getParentNode().getParentNode().getAttributes().getNamedItem("ID").getNodeValue();