[keycloak-dev] Keycloak SAML response 'Destination' Element is always validated.
Bill Burke
bburke at redhat.com
Thu Jan 28 09:33:01 EST 2016
Yes, we validate it. Is this a problem with some third party saml
integration?
On 1/28/2016 5:31 AM, Arulkumar Ponnusamy wrote:
> As per OASIS/SAML spec recommendation, If the message is signed, the
> Destination XML attribute in the root SAML element of the protocol
> message MUST contain the URL to which the sender has instructed the
> user agent to deliver the message. The recipient MUST then verify that
> the value matches the location at which the message has been received.
>
> However, in keycloak, always validate the 'Destination' on saml
> response. irrespective of response is signed or not.
>
> is not a defect?
>
> Thanks,
> Arul kumar P.
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160128/835352ae/attachment.html
More information about the keycloak-dev
mailing list