[jboss-jira] [JBoss JIRA] Updated: (JBID-133) HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Jul 23 15:31:42 EDT 2009
[ https://jira.jboss.org/jira/browse/JBID-133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana updated JBID-133:
-------------------------------
Summary: HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side) (was: in the HTTP/Redirect binding, signature validation results are ignored (at the SP side as well as at the IDP side))
> HTTP/Redirect binding : signature validation results are ignored (at the SP side as well as at the IDP side)
> ------------------------------------------------------------------------------------------------------------
>
> Key: JBID-133
> URL: https://jira.jboss.org/jira/browse/JBID-133
> Project: JBoss Identity
> Issue Type: Bug
> Components: Identity-Federation
> Affects Versions: IDFED-1.0.0.alpha3
> Reporter: Marcel Kolsteren
> Assignee: Anil Saldhana
>
> When using signatures in the HTTP/Redirect binding, incorrect signatures don't lead to a negative authentication result.
> This is caused by the IDPRedirectValve and the SPRedirectFormAuthenticator. Both classes have a validate method that is overridden by the signature-enabled subclass. In both classes, the validate method is called, but the boolean result is ignored:
> this.validate(request);
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list