[keycloak-dev] Keycloak SAML response 'Destination' Element is always validated.
Arulkumar Ponnusamy
parul.com at gmail.com
Thu Jan 28 05:31:08 EST 2016
As per OASIS/SAML spec recommendation, If the message is signed, the
Destination XML attribute in the root SAML element of the protocol message
MUST contain the URL to which the sender has instructed the user agent to
deliver the message. The recipient MUST then verify that the value matches
the location at which the message has been received.
However, in keycloak, always validate the 'Destination' on saml response.
irrespective of response is signed or not.
is not a defect?
Thanks,
Arul kumar P.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160128/78be02a9/attachment-0001.html
More information about the keycloak-dev
mailing list