[jira] [Commented] (SYNCOPE-1651) Invalid users can be specified in X-Syncope-Delegated-By

Thu, 09 Dec 2021 21:19:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SYNCOPE-1651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17456889#comment-17456889
 ] 

ASF subversion and git services commented on SYNCOPE-1651:
----------------------------------------------------------

Commit 2fa7e28874acfeca8b6124ffec94d7f0a2d0d9ba in syncope's branch 
refs/heads/master from Misagh Moayyed
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=2fa7e28 ]

Switch CAS to use 6.5.x / Spring Boot 2.6.x (#296)

* switch cas to use 6.5 rc2

* resume with boot 2.6 upgrade

* update spring cloud gateway

* upgrade to boot 2.6

* Upgrading Groovy

* Fix test cases; make sure exceptions are caught in SAML2 metadata generation 
process

* assign a name to the syncope authn handler matching master-content and 
auth-module

* Upgrading Tomcat

* Upgrading Spring Boot

* Upgrading Payara

* Upgrading Wildfly

* Getting Started Guide: reviewed for 3.0

* [SYNCOPE-1651] Reviewing delegation validation logic

* Upgrading gmavenplus-plugin

* Reference Guide reviewed and compelted for 3.0 up to Customization

* Typos in Reference Guide 3.0

* [SYNCOPE-1654] Allowing to search realm by key or full path

* Upgrading Swagger UI and Checkstyle

* Upgrading Bouncycastle

* Upgrading Wicket

* upgrade to spring boot 2.6; fixes build issues

* fix checkstyle

* restore spring cloud contract wiremock version

* update pac4j to match latest CAS 6.5 SNAPSHOT

Co-authored-by: Francesco Chicchiriccò <[email protected]>

> Invalid users can be specified in X-Syncope-Delegated-By
> --------------------------------------------------------
>
>                 Key: SYNCOPE-1651
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1651
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.1.10
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>            Priority: Major
>             Fix For: 2.1.11, 3.0.0
>
>
> {{X-Syncope-Delegated-By}} header values like {code}user_not_found{code} 
> (where {{user_not_found}} does not match any exiting user) do not throw any 
> processing exceptions and result into values like {code}user_found delegated 
> by user_not_found{code} (where {{user_found}} is the authenticating user) for 
> Audit and metadata.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to