[jboss-identity-issues] [JBoss JIRA] Resolved: (JBID-132) redirect binding computes incorrect signatures for SAML responses

Monday, 20 July 2009

     [
https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugi...
]

Marcel Kolsteren resolved JBID-132.
-----------------------------------

    Fix Version/s: IDFED-1.0.0.alpha4
       Resolution: Done

Fixed by svn revision 654.

...
 redirect binding computes incorrect signatures for SAML responses
 -----------------------------------------------------------------

                 Key: JBID-132
                 URL: https://jira.jboss.org/jira/browse/JBID-132
             Project: JBoss Identity
          Issue Type: Bug
          Components: Identity-Federation
    Affects Versions: IDFED-1.0.0.alpha3
            Reporter: Marcel Kolsteren
            Assignee: Anil Saldhana
             Fix For: IDFED-1.0.0.alpha4

         Attachments: JBID-132.txt

 When using the HTTP/Redirect binding with signature support, the signatures for
SAMLResponse messages are incorrect. This is caused by the computeSignature method in the
RedirectBindingSignatureUtil. This method is called for requests as well as for responses,
but when it constructs the string that needs to be signed, it always uses
"SAMLRequest":
       sb.append("SAMLRequest=").append(urlEncodedRequest); 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[jboss-identity-issues] [JBoss JIRA] Resolved: (JBID-132) redirect binding computes incorrect signatures for SAML responses