Hi Xavier,
# Load session data into object
if ($data) {
+ if ( $self->kind ) {
+ unless ( $data->{_session_kind} eq $self->kind ) {
+ $self->error("Session kind mistmatch");
+ return undef;
+ }
+ }
Doesn't that break CDA in 1.9.7-3+deb9u1? At least I'm no longer able
to access a protected application under domains other than the portal.
Error output shows occurrences of “Session kind mistmatch” instead, and
further debugging suggests that $data->{_session_kind} is "CDA" while
$self->kind is "SSO" in the execution flow that yields access denial.
--
Guilhem.
signature.asc
Description: PGP signature
