Bug 1342686
Summary: | [GSS] (6.4.7 patch) IDP initiated (unsolicited) responses should not contain InResponseTo attributes | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | dhorton | ||||||||
Component: | PicketLink | Assignee: | dhorton | ||||||||
Status: | CLOSED EOL | QA Contact: | Pavel Slavicek <pslavice> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 6.4.7 | CC: | anmiller, bdawidow, bmaxwell, jboss-set, msochure, psilva, pskopek | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||
Doc Text: |
To apply this individual patch, follow the steps outlined in How do I apply individual or cumulative patches in JBoss EAP 6.2 and beyond [1]?
To rollback this individual patch if installation has unexpected consequences, follow the steps outlined in How do I rollback individual or cumulative patches in JBoss EAP 6.2 and beyond [2]?
[1] https://access.redhat.com/site/solutions/625683
[2] https://access.redhat.com/site/solutions/639403
|
Story Points: | --- | ||||||||
Clone Of: | 1342685 | Environment: | |||||||||
Last Closed: | 2019-08-19 12:44:26 UTC | Type: | Support Patch | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1342685 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
dhorton
2016-06-03 21:58:49 UTC
Created attachment 1177454 [details] BZ1342686.zip Created attachment 1177455 [details]
idp.war
Created attachment 1177456 [details]
employee.war
To reproduce: - deploy idp.war and employee.war - login to IDP - http://localhost:8080/idp/ - trigger the SAMLv2 unsolicited response by going to http://localhost:8080/idp/index.html?TARGET=http://localhost:8080/employee/&SAML_VERSION=2.0 - view the SAML request that gets sent to the employee application - there should not be an InResponseTo attribute Required security-domain configuration: <security-domain name="idp" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="sp" cache-type="default"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/> </authentication> </security-domain> This is fixed upstream here: https://issues.jboss.org/browse/PLINK-700 The patch needs to be rebuild using the fix from PLINK-700. |