[
https://issues.apache.org/jira/browse/CXF-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15464724#comment-15464724
]
Michal Sabo commented on CXF-7039:
----------------------------------
Sorry, I was just cloning a random issue just to set the issue details
correctly.
> JAX-RS Security SAML web SSO consumer service can not validate SAML response
> behind reverse proxy
> -------------------------------------------------------------------------------------------------
>
> Key: CXF-7039
> URL: https://issues.apache.org/jira/browse/CXF-7039
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.9
> Environment: JRE 1.8.0_101-b13
> Reporter: Michal Sabo
>
> During the SAML web SSO processing, the RequestAssertionConsumerService
> validates the request using
> org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator and uses a wrong
> assertionConsumerURL.
> The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with
> the serviceURL (taken as the
> org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
> property), however the
> org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped
> with the following consumer URL:
> ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());
> This particularly makes a problem when serving the application behind a
> reverse proxy.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
