[JBoss JIRA] (SRAMP-436) Overlord SSO (IDP/SP) needs to have SAML assertion sigs enabled by default

Thursday, 15 May 2014

    [
https://issues.jboss.org/browse/SRAMP-436?page=com.atlassian.jira.plugin....
] 

Eric Wittmann commented on SRAMP-436:
-------------------------------------

Note:  the saml bearer token auth technique *is* signing the assertions by default.  But
the SSO doesn't sign its assertion prior to returning it to the SP.  And the SP
doesn't check for a sig.  Both of these need to be fixed.  I anticipate that a
resulting challenge will be how to configure the path to the keystore.  Perhaps we can
have custom versions of the servlet filters which can do platform-specific searching for
it.

...
 Overlord SSO (IDP/SP) needs to have SAML assertion sigs enabled by
default
 --------------------------------------------------------------------------

                 Key: SRAMP-436
                 URL: https://issues.jboss.org/browse/SRAMP-436
             Project: S-RAMP
          Issue Type: Enhancement
      Security Level: Public(Everyone can see) 
            Reporter: Eric Wittmann
            Assignee: Eric Wittmann
             Fix For: 0.5.0 - API Management

 Currently we're not signing the saml assertions.  We need to do that. 

--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008