[jira] [Created] (FEDIZ-157) SAMLResponse Handler uses URL instead of Realm name for issuer validation

Jan Bernhardt (JIRA) Wed, 02 Mar 2016 03:57:14 -0800

Jan Bernhardt created FEDIZ-157:
-----------------------------------

             Summary: SAMLResponse Handler uses URL instead of Realm name for 
issuer validation
                 Key: FEDIZ-157
                 URL: https://issues.apache.org/jira/browse/FEDIZ-157
             Project: CXF-Fediz
          Issue Type: Bug
          Components: IDP
    Affects Versions: 1.2.2
            Reporter: Jan Bernhardt
            Assignee: Jan Bernhardt
             Fix For: 1.3.0



The {{TrustedIdpSAMLProtocolHandler}} uses the {{SAMLSSOResponseValidator}} to 
validate the issuer name within the {{SAMLResponse}}.

For this validation the configured 3rd party URL is used. This is an error, 
because the redirect URL for the {{SAMLRequest}} does not need to be equal or 
even similar to the issuer name within the {{SAMLResponse}}.

The 3rd party realm name should be applicable instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (FEDIZ-157) SAMLResponse Handler uses URL instead of Realm name for issuer validation

Reply via email to