[jboss-identity-issues] [JBoss JIRA] Updated: (JBID-132) redirect binding computes incorrect signatures for SAML responses

Friday, 31 July 2009



     [
https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugi...
]

Anil Saldhana updated JBID-132:
-------------------------------

    Fix Version/s: IDFED-1.0.0.alpha5
                       (was: IDFED-1.0.0.beta1)


...
 redirect binding computes incorrect signatures for SAML responses
 -----------------------------------------------------------------

                 Key: JBID-132
                 URL: https://jira.jboss.org/jira/browse/JBID-132
             Project: JBoss Identity
          Issue Type: Bug
          Components: Identity-Federation
    Affects Versions: IDFED-1.0.0.alpha3
            Reporter: Marcel Kolsteren
            Assignee: Anil Saldhana
             Fix For: IDFED-1.0.0.alpha5

         Attachments: JBID-132.txt


 When using the HTTP/Redirect binding with signature support, the signatures for
SAMLResponse messages are incorrect. This is caused by the computeSignature method in the
RedirectBindingSignatureUtil. This method is called for requests as well as for responses,
but when it constructs the string that needs to be signed, it always uses
"SAMLRequest":
       sb.append("SAMLRequest=").append(urlEncodedRequest); 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[jboss-identity-issues] [JBoss JIRA] Updated: (JBID-132) redirect binding computes incorrect signatures for SAML responses