Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1131612 - [GSS] (6.4.0) PickletLink IdP Filter eating cookies added to response by other filters
[GSS] (6.4.0) PickletLink IdP Filter eating cookies added to response by othe...
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.3.0
Unspecified Unspecified
unspecified Severity unspecified
: DR4
: EAP 6.4.0
Assigned To: Peter Skopek
Ondrej Kotek
:
Depends On:
Blocks: 1123426 1131582
  Show dependency treegraph
 
Reported: 2014-08-19 12:29 EDT by Derek Horton
Modified: 2018-02-07 13:13 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1131582
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker PLINK-529 Major Resolved PickletLink IdP Filter eating cookies added to response by other filters 2016-06-28 22:25 EDT

  None (edit)
Description Derek Horton 2014-08-19 12:29:39 EDT 
+++ This bug was initially created as a clone of Bug #1131582 +++

Description of problem:

PickletLink IdP Filter eating cookies added to response by other filters

Steps to Reproduce:
1. create a filter that adds a cookie to the httpServletResponse (response.addCookie(...))
2. ensure that you are using IDPfilter

Regardless of which is mapped first (cookie filter or idpFilter), the cookies you add to the response will not be returned to the browser. Simply commenting out the IdPFilter mapping will allow the cookies to be properly returned to the browser.

This behavior appears to happen without regard to the presence of a SAML assertion in the incoming request (ie. it doesn't matter if you directly access the IdP or are redirected there from a trusted SP).
Comment 1 Derek Horton 2014-08-19 13:16:10 EDT 
Upstream PR:
https://github.com/picketlink/picketlink/pull/372
Comment 2 JBoss JIRA Server 2014-08-25 11:55:03 EDT 
Pedro Igor <pigor.craveiro@gmail.com> updated the status of jira PLINK-529 to Resolved
Comment 3 Kabir Khan 2014-10-03 12:22:12 EDT 
I believe this should be fixed by the SP11 upgrade in 1123426
Comment 4 Ondrej Kotek 2014-10-10 05:22:48 EDT 
The fix does not work for me. For JBoss EAP 6.4.0.DR4:
  * a test filter is called twice (unlike JBoss EAP 6.3.0)
  * cookies created in the filter are not returned to the browser for base URI (like JBoss EAP 6.3.0)

See BZ 1133099. Backport of PLINK-558 helped. There is manual reproducer available.
Comment 5 Ondrej Kotek 2014-10-13 05:51:38 EDT 
BZ 1123426 (Upgrade PicketLink from 2.5.3.SP10-redhat-1 to 2.5.3.SP11-x) is verified but included commits are in wrong order. PLINK-558 commit is the important one and should be placed as the last one.
Comment 6 Ondrej Kotek 2015-01-26 06:39:04 EST 
Verified for JBoss EAP 6.4.0.DR7, like BZ 1122717.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.