Hi Romain
I recall I was experimenting with this provider awhile back (as part of
our internal demo, at the RP side), and it worked. But it was awhile
since I looked at it.
The actual JwsUtils returns in this case a validated JWS sequence
(headers+payload).
Oh, I see, that is diff provider, I was ref to the one used on the RP
side, and you - to the session authenticity one. Might be a bug, will
check on Mon
Thanks, Sergey
On 13/01/17 18:11, Romain Manni-Bucau wrote:
In the mentionned method we have:
stateString = JwsUtils.verify(jws, stateString).getUnsignedEncodedSequence();
should we get:
stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload();
?
Otherwise i don't see how the round trip can work
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
