[jboss-jira] [JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue May 13 07:08:56 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12967441#comment-12967441 ]
RH Bugzilla Integration commented on SECURITY-815:
--------------------------------------------------
Ondrej Lukas <olukas at redhat.com> changed the Status of [bug 1085504|https://bugzilla.redhat.com/show_bug.cgi?id=1085504] from ON_QA to VERIFIED
> NegotiationAuthenticator loses post data
> ----------------------------------------
>
> Key: SECURITY-815
> URL: https://issues.jboss.org/browse/SECURITY-815
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_5
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
>
>
> The NegotiationAuthenticator loses post data.
> A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
> If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
> If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list