cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FEDIZ-157) SAMLResponse Handler uses URL instead of Realm name for issuer validation
Date Wed, 02 Mar 2016 11:56:18 GMT
Jan Bernhardt created FEDIZ-157:
-----------------------------------

             Summary: SAMLResponse Handler uses URL instead of Realm name for issuer validation
                 Key: FEDIZ-157
                 URL: https://issues.apache.org/jira/browse/FEDIZ-157
             Project: CXF-Fediz
          Issue Type: Bug
          Components: IDP
    Affects Versions: 1.2.2
            Reporter: Jan Bernhardt
            Assignee: Jan Bernhardt
             Fix For: 1.3.0


The {{TrustedIdpSAMLProtocolHandler}} uses the {{SAMLSSOResponseValidator}} to validate the
issuer name within the {{SAMLResponse}}.

For this validation the configured 3rd party URL is used. This is an error, because the redirect
URL for the {{SAMLRequest}} does not need to be equal or even similar to the issuer name within
the {{SAMLResponse}}.

The 3rd party realm name should be applicable instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message