[jboss-jira] [JBoss JIRA] Resolved: (JBID-132) redirect binding computes incorrect signatures for SAML responses
Marcel Kolsteren (JIRA)
jira-events at lists.jboss.org
Mon Jul 20 17:55:29 EDT 2009
[ https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcel Kolsteren resolved JBID-132.
-----------------------------------
Fix Version/s: IDFED-1.0.0.alpha4
Resolution: Done
Fixed by svn revision 654.
> redirect binding computes incorrect signatures for SAML responses
> -----------------------------------------------------------------
>
> Key: JBID-132
> URL: https://jira.jboss.org/jira/browse/JBID-132
> Project: JBoss Identity
> Issue Type: Bug
> Components: Identity-Federation
> Affects Versions: IDFED-1.0.0.alpha3
> Reporter: Marcel Kolsteren
> Assignee: Anil Saldhana
> Fix For: IDFED-1.0.0.alpha4
>
> Attachments: JBID-132.txt
>
>
> When using the HTTP/Redirect binding with signature support, the signatures for SAMLResponse messages are incorrect. This is caused by the computeSignature method in the RedirectBindingSignatureUtil. This method is called for requests as well as for responses, but when it constructs the string that needs to be signed, it always uses "SAMLRequest":
> sb.append("SAMLRequest=").append(urlEncodedRequest);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list