syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: SAML RelayState length
Date Thu, 31 Aug 2017 09:33:10 GMT
On Thu, Aug 31, 2017 at 7:51 AM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:

>
> Anyway, I see several SAML 2.0 implementations out there not enforcing the
> 80 chars limit: would removing all but the AuthnRequestID from the current
> JWT-based Relay State be an acceptable compromise?
>

Yeah, let's just leave it for now. We can always revisit if becomes a
problem. +1 on removing the deflate encoding switch from the token. I'm not
sure about removing the expiration, it's probably a good idea to reject
stale RelayStates.

Colm.



> Regards.
>
> [1] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/
>> logic/src/main/java/org/apache/syncope/core/logic/SAML
>> 2SPLogic.java#L327-L329
>> [2] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/
>> logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java#L408
>>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message