July 2009 - jboss-identity-issues

[JBoss JIRA] Updated: (JBID-133) HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)

by Anil Saldhana (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-133?page=com.atlassian.jira.plugi... ] Anil Saldhana updated JBID-133: ------------------------------- Fix Version/s: IDFED-1.0.0.alpha5 > HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side) > ------------------------------------------------------------------------------------------------------------ > > Key: JBID-133 > URL: https://jira.jboss.org/jira/browse/JBID-133 > Project: JBoss Identity > Issue Type: Bug > Components: Identity-Federation > Affects Versions: IDFED-1.0.0.alpha3 > Reporter: Marcel Kolsteren > Assignee: Anil Saldhana > Fix For: IDFED-1.0.0.alpha5 > > > When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead to a negative authentication result. > This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes have a validate method that is overridden by the signature-enabled subclass. In both classes, the validate method is called, but the boolean result is ignored: > this.validate(request); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Work started: (JBID-133) HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)

by Anil Saldhana (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-133?page=com.atlassian.jira.plugi... ] Work on JBID-133 started by Anil Saldhana. > HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side) > ------------------------------------------------------------------------------------------------------------ > > Key: JBID-133 > URL: https://jira.jboss.org/jira/browse/JBID-133 > Project: JBoss Identity > Issue Type: Bug > Components: Identity-Federation > Affects Versions: IDFED-1.0.0.alpha3 > Reporter: Marcel Kolsteren > Assignee: Anil Saldhana > > When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead to a negative authentication result. > This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes have a validate method that is overridden by the signature-enabled subclass. In both classes, the validate method is called, but the boolean result is ignored: > this.validate(request); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Updated: (JBID-133) HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)

by Anil Saldhana (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-133?page=com.atlassian.jira.plugi... ] Anil Saldhana updated JBID-133: ------------------------------- Summary: HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side) (was: in the HTTP/Redirect binding, signature validation results are ignored (at the SP side as well as at the IDP side)) > HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side) > ------------------------------------------------------------------------------------------------------------ > > Key: JBID-133 > URL: https://jira.jboss.org/jira/browse/JBID-133 > Project: JBoss Identity > Issue Type: Bug > Components: Identity-Federation > Affects Versions: IDFED-1.0.0.alpha3 > Reporter: Marcel Kolsteren > Assignee: Anil Saldhana > > When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead to a negative authentication result. > This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes have a validate method that is overridden by the signature-enabled subclass. In both classes, the validate method is called, but the boolean result is ignored: > this.validate(request); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Created: (JBID-131) OpenID Integration

by Anil Saldhana (JIRA)

OpenID Integration ------------------ Key: JBID-131 URL: https://jira.jboss.org/jira/browse/JBID-131 Project: JBoss Identity Issue Type: Feature Request Components: Identity-Federation Reporter: Anil Saldhana Assignee: Anil Saldhana Fix For: IDFED-1.0.0.beta1 Integrate Openid4Java which is ASL 2 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
2
0 / 0

[JBoss JIRA] Updated: (JBID-132) redirect binding computes incorrect signatures for SAML responses

by Anil Saldhana (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugi... ] Anil Saldhana updated JBID-132: ------------------------------- Fix Version/s: IDFED-1.0.0.beta1 (was: IDFED-1.0.0.alpha4) > redirect binding computes incorrect signatures for SAML responses > ----------------------------------------------------------------- > > Key: JBID-132 > URL: https://jira.jboss.org/jira/browse/JBID-132 > Project: JBoss Identity > Issue Type: Bug > Components: Identity-Federation > Affects Versions: IDFED-1.0.0.alpha3 > Reporter: Marcel Kolsteren > Assignee: Anil Saldhana > Fix For: IDFED-1.0.0.beta1 > > Attachments: JBID-132.txt > > > When using the HTTP/Redirect binding with signature support, the signatures for SAMLResponse messages are incorrect. This is caused by the computeSignature method in the RedirectBindingSignatureUtil. This method is called for requests as well as for responses, but when it constructs the string that needs to be signed, it always uses "SAMLRequest": > sb.append("SAMLRequest=").append(urlEncodedRequest); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Resolved: (JBID-132) redirect binding computes incorrect signatures for SAML responses

by Marcel Kolsteren (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugi... ] Marcel Kolsteren resolved JBID-132. ----------------------------------- Fix Version/s: IDFED-1.0.0.alpha4 Resolution: Done Fixed by svn revision 654. > redirect binding computes incorrect signatures for SAML responses > ----------------------------------------------------------------- > > Key: JBID-132 > URL: https://jira.jboss.org/jira/browse/JBID-132 > Project: JBoss Identity > Issue Type: Bug > Components: Identity-Federation > Affects Versions: IDFED-1.0.0.alpha3 > Reporter: Marcel Kolsteren > Assignee: Anil Saldhana > Fix For: IDFED-1.0.0.alpha4 > > Attachments: JBID-132.txt > > > When using the HTTP/Redirect binding with signature support, the signatures for SAMLResponse messages are incorrect. This is caused by the computeSignature method in the RedirectBindingSignatureUtil. This method is called for requests as well as for responses, but when it constructs the string that needs to be signed, it always uses "SAMLRequest": > sb.append("SAMLRequest=").append(urlEncodedRequest); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Deleted: (JBID-83) Implement token encryption (symmetric and public key)

by Stefan Guilhen (JIRA)

[ https://jira.jboss.org/jira/browse/JBID-83?page=com.atlassian.jira.plugin... ] Stefan Guilhen deleted JBID-83: ------------------------------- > Implement token encryption (symmetric and public key) > ----------------------------------------------------- > > Key: JBID-83 > URL: https://jira.jboss.org/jira/browse/JBID-83 > Project: JBoss Identity > Issue Type: Task > Reporter: Stefan Guilhen > Assignee: Stefan Guilhen > > The request handler must encrypt the tokens generated by the security token provider when needed. We may use the XML Sec API to encrypt the returned tokens. > Need to look for the XML Signature/Encryption utility for this. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
0
0 / 0

[JBoss JIRA] Created: (JBID-135) Release JBossIdentity 1.0.0.alpha4 consolidated stack

by Anil Saldhana (JIRA)

Release JBossIdentity 1.0.0.alpha4 consolidated stack ----------------------------------------------------- Key: JBID-135 URL: https://jira.jboss.org/jira/browse/JBID-135 Project: JBoss Identity Issue Type: Release Reporter: Anil Saldhana Assignee: Anil Saldhana -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
4
0 / 0

[JBoss JIRA] Created: (JBID-134) Release JBoss Identity Federation Stack 1.0.0.alpha4

by Anil Saldhana (JIRA)

Release JBoss Identity Federation Stack 1.0.0.alpha4 ---------------------------------------------------- Key: JBID-134 URL: https://jira.jboss.org/jira/browse/JBID-134 Project: JBoss Identity Issue Type: Release Components: Identity-Federation Reporter: Anil Saldhana Assignee: Anil Saldhana With the OpenID integration. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 5 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

jboss-identity-issues July 2009