[jboss-jira] [JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
RH Bugzilla Integration (JIRA)
issues at jboss.org
Thu Apr 17 17:40:35 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12962664#comment-12962664 ]
RH Bugzilla Integration commented on SECURITY-815:
--------------------------------------------------
Paul Gier <pgier at redhat.com> changed the Status of [bug 1085497|https://bugzilla.redhat.com/show_bug.cgi?id=1085497] from MODIFIED to ON_QA
> NegotiationAuthenticator loses post data
> ----------------------------------------
>
> Key: SECURITY-815
> URL: https://issues.jboss.org/browse/SECURITY-815
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_5
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_3_0_CR2
>
>
> The NegotiationAuthenticator loses post data.
> A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
> If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
> If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list