Issue Type: Bug Bug
Assignee: Anil Saldhana
Components: Federation
Created: 26/Mar/14 11:25 AM
Description:

The AbstractIDPBrowserValve is decoding the relaystate.
According to
Per 5.1.2 of the SAML spec: "If the IdP received a RelayState value from the SP, it must return it unmodified to the SP in a hidden form control named RelayState."
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline

The relevant code change is in method:
populateSessionWithSAMLParameters()

if (isNotNull(relayState))

{ relayState = RedirectBindingUtil.urlDecode(relayState); }
Fix Versions: PLINK_2.6.0.CR2
Project: PicketLink
Priority: Major Major
Reporter: Anil Saldhana
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira