[JBoss JIRA] Updated: (JBID-133) HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)

Thursday, 23 July 2009

     [
https://jira.jboss.org/jira/browse/JBID-133?page=com.atlassian.jira.plugi...
]

Anil Saldhana updated JBID-133:
-------------------------------

    Summary: HTTP/Redirect binding : signature validation results are ignored (at the SP
side as well as at the IDP side)  (was: in the HTTP/Redirect binding, signature validation
results are ignored (at the SP side as well as at the IDP side))

...
 HTTP/Redirect binding : signature validation results are ignored (at
the SP side as well as at the IDP side)

------------------------------------------------------------------------------------------------------------

                 Key: JBID-133
                 URL: https://jira.jboss.org/jira/browse/JBID-133
             Project: JBoss Identity
          Issue Type: Bug
          Components: Identity-Federation
    Affects Versions: IDFED-1.0.0.alpha3
            Reporter: Marcel Kolsteren
            Assignee: Anil Saldhana

 When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead
to a negative authentication result.
 This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes
have a validate method that is overridden by the signature-enabled subclass. In both
classes, the validate method is called, but the boolean result is ignored:
          this.validate(request); 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009