[jboss-jira] [JBoss JIRA] Updated: (JBID-132) redirect binding computes incorrect signatures for SAML responses
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Jul 20 18:06:29 EDT 2009
[ https://jira.jboss.org/jira/browse/JBID-132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana updated JBID-132:
-------------------------------
Fix Version/s: IDFED-1.0.0.beta1
(was: IDFED-1.0.0.alpha4)
> redirect binding computes incorrect signatures for SAML responses
> -----------------------------------------------------------------
>
> Key: JBID-132
> URL: https://jira.jboss.org/jira/browse/JBID-132
> Project: JBoss Identity
> Issue Type: Bug
> Components: Identity-Federation
> Affects Versions: IDFED-1.0.0.alpha3
> Reporter: Marcel Kolsteren
> Assignee: Anil Saldhana
> Fix For: IDFED-1.0.0.beta1
>
> Attachments: JBID-132.txt
>
>
> When using the HTTP/Redirect binding with signature support, the signatures for SAMLResponse messages are incorrect. This is caused by the computeSignature method in the RedirectBindingSignatureUtil. This method is called for requests as well as for responses, but when it constructs the string that needs to be signed, it always uses "SAMLRequest":
> sb.append("SAMLRequest=").append(urlEncodedRequest);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list