[jboss-jira] [JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
Derek Horton (JIRA)
issues at jboss.org
Tue Apr 1 13:47:14 EDT 2014
Derek Horton created SECURITY-815:
-------------------------------------
Summary: NegotiationAuthenticator loses post data
Key: SECURITY-815
URL: https://issues.jboss.org/browse/SECURITY-815
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2_2_5
Reporter: Derek Horton
Assignee: Darran Lofthouse
The NegotiationAuthenticator loses post data.
A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list