]
Darran Lofthouse updated SECURITY-815:
--------------------------------------
Fix Version/s: Negotiation_2_2_8
NegotiationAuthenticator loses post data
----------------------------------------
Key: SECURITY-815
URL:
https://issues.jboss.org/browse/SECURITY-815
Project: PicketBox
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2_2_5
Reporter: Derek Horton
Assignee: Darran Lofthouse
Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
The NegotiationAuthenticator loses post data.
A customer is attempting to use Negotiation along with PicketLink at the IDP. This works
fine as long as the SP is using HTTP-Redirect SAML binding.
If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed
along through the redirects on the URL.
If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the
SAMLRequest post parameter. This means that after a user is successfully authenticated,
the IDP will not know where to redirect the user to. As a result, the user will be left
at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: