5:13 a.m.
Hi,
Is it possible to add an client configuration option to include the <OneTimeUse>
condition in the SAMLResponse sent to a client? Currently this element is not included,
but I’ve clients that require the use of the OneTimeUse condition, as recommended in the
SAML security considerations in paragraph 6.4.4:
http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
I think the fix itself is an easy one ( add assertion.getConditions().addCondition(new
OneTimeUseType()); to SAML2LoginResponseBuilder) but it might be useful to make this
option configurable.
5:21 a.m.
Currently there's no support for OneTimeUse condition in SAML. Feel free to open
feature request JIRA.
--Hynek
On 02/01/2017 12:13 PM, Mark Pardijs wrote:
Hi,
Is it possible to add an client configuration option to include the <OneTimeUse>
condition in the SAMLResponse sent to a client? Currently this element is not included,
but I’ve clients that require the use of the OneTimeUse condition, as recommended in the
SAML security considerations in paragraph 6.4.4:
http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
I think the fix itself is an easy one ( add assertion.getConditions().addCondition(new
OneTimeUseType()); to SAML2LoginResponseBuilder) but it might be useful to make this
option configurable.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:35 a.m.
OK, I filed https://issues.jboss.org/browse/KEYCLOAK-4360 ;)
Op 1 feb. 2017, om 12:21 heeft Hynek Mlnarik
<hmlnarik(a)redhat.com> het volgende geschreven:
Currently there's no support for OneTimeUse condition in SAML. Feel free to open
feature request JIRA.
--Hynek
On 02/01/2017 12:13 PM, Mark Pardijs wrote:
> Hi,
>
> Is it possible to add an client configuration option to include the
<OneTimeUse> condition in the SAMLResponse sent to a client? Currently this element
is not included, but I’ve clients that require the use of the OneTimeUse condition, as
recommended in the SAML security considerations in paragraph 6.4.4:
>
> http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
>
> I think the fix itself is an easy one ( add
assertion.getConditions().addCondition(new OneTimeUseType()); to
SAML2LoginResponseBuilder) but it might be useful to make this option configurable.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
2885
days inactive
2885
days old
2 comments
2 participants
participants (2)
-
Hynek Mlnarik -
Mark Pardijs