Add test for invalid audience exception

Makes debugging issues far easier, also I adjusted the code in the `in_array` here to use a strict comparison.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Author: LukasReschke

lib/Saml2/Response.php

@@ -243,12 +243,16 @@ public function isValid($requestId = null)
 
                 // Check audience
                 $validAudiences = $this->getAudiences();
-                if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences)) {
-                    throw new OneLogin_Saml2_ValidationError(
-                        "$spEntityId is not a valid audience for this Response",
-                        OneLogin_Saml2_ValidationError::WRONG_AUDIENCE
-                    );
-                }
+				if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) {
+					throw new OneLogin_Saml2_ValidationError(
+						sprintf(
+							"Invalid audience for this Response (expected '%s', got '%s')",
+							$spEntityId,
+							implode(',', $validAudiences)
+						),
+						OneLogin_Saml2_ValidationError::WRONG_AUDIENCE
+					);
+				}
 
                 // Check the issuers
                 $issuers = $this->getIssuers();

tests/src/OneLogin/Saml2/ResponseTest.php

@@ -915,7 +915,7 @@ public function testIsInValidAudience()
         $response2 = new OneLogin_Saml2_Response($this->_settings, $message);
 
         $this->assertFalse($response2->isValid());
-        $this->assertContains('is not a valid audience for this Response', $response2->getError());
+        $this->assertSame('Invalid audience for this Response (expected \'http://stuff.com/endpoints/metadata.php\', got \'http://invalid.audience.com\')', $response2->getError());
     }
 
     /**