]
Anil Saldhana updated JBID-133:
-------------------------------
Fix Version/s: IDFED-1.0.0.alpha5
HTTP/Redirect binding : signature validation results are ignored (at
the SP side as well as at the IDP side)
------------------------------------------------------------------------------------------------------------
Key: JBID-133
URL:
https://jira.jboss.org/jira/browse/JBID-133
Project: JBoss Identity
Issue Type: Bug
Components: Identity-Federation
Affects Versions: IDFED-1.0.0.alpha3
Reporter: Marcel Kolsteren
Assignee: Anil Saldhana
Fix For: IDFED-1.0.0.alpha5
When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead
to a negative authentication result.
This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes
have a validate method that is overridden by the signature-enabled subclass. In both
classes, the validate method is called, but the boolean result is ignored:
this.validate(request);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: