cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michal Sabo (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-7039) JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
Date Mon, 05 Sep 2016 10:50:21 GMT

     [ https://issues.apache.org/jira/browse/CXF-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michal Sabo updated CXF-7039:
-----------------------------
    Description: 
During the SAML web SSO processing, the RequestAssertionConsumerService validates the request
using org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator using a wrong assertionConsumerURL.

The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with the serviceURL
(taken as the org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
property), however the org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped
with the following consumer URL:

ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());

This particularly makes a problem when serving the application behind a reverse proxy.

  was:
During the SAML web SSO processing, the RequestAssertionConsumerService validates the request
using org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator and uses a wrong assertionConsumerURL.

The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with the serviceURL
(taken as the org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
property), however the org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped
with the following consumer URL:

ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());

This particularly makes a problem when serving the application behind a reverse proxy.


> JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse
proxy
> -------------------------------------------------------------------------------------------------
>
>                 Key: CXF-7039
>                 URL: https://issues.apache.org/jira/browse/CXF-7039
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.0.9
>         Environment: JRE 1.8.0_101-b13
>            Reporter: Michal Sabo
>
> During the SAML web SSO processing, the RequestAssertionConsumerService validates the
request using org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator using a wrong assertionConsumerURL.
> The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with the serviceURL
(taken as the org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
property), however the org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped
with the following consumer URL:
> ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());
> This particularly makes a problem when serving the application behind a reverse proxy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message