Bug 1433517
| Summary: | [GSS] (6.4.z) SAML LogoutResponse includes invalid Responder status | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | dhorton |
| Component: | PicketLink | Assignee: | jboss-set |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Josef Cacek <jcacek> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4.13 | CC: | anmiller, bdawidow, bmaxwell, ihradek, jcacek, jtruhlar, psilva, pskopek, rnetuka |
| Target Milestone: | CR1 | ||
| Target Release: | EAP 6.4.15 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1430526 | Environment: | |
| Last Closed: | 2017-05-19 08:04:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1343635, 1419353, 1430526 | ||
|
Description
dhorton
2017-03-17 21:12:28 UTC
Cherry-pick fix from here: http://git.app.eng.bos.redhat.com/git/picketlink25.git/log/?h=2.5.4.SP11-redhat-1_BZ-1430526 Reproducer notes:
hit employee
hit sales-post
hit employee
hit employe/?GLO=true
View LogoutResponse sent from sales-post to idp:
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Destination="http://10.10.178.29:8080/auth/realms/master/protocol/saml"
ID="ID_c3e91cee-65cb-4652-ad94-e97e69cddbda"
InResponseTo="ID_a5aa1ad4-d131-4819-b38e-9534050fb722"
IssueInstant="2017-03-08T17:40:13.119Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8080/sales-post/</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:StatusCode>
</samlp:Status>
</samlp:LogoutResponse>
Notice the "Success" tag is inside the "Responder" tag.
expected:
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Destination="http://10.10.178.29:8080/auth/realms/master/protocol/saml"
ID="ID_8b350147-9a1c-4192-b95a-ef20b1d72f39"
InResponseTo="ID_91bc6671-8f07-4cee-ac8e-9fa91ff941bc"
IssueInstant="2017-03-08T17:50:48.238Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8080/sales-post/</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
</samlp:LogoutResponse>
Issue appears to be fixed upstream. 7.x bug is located here: https://issues.jboss.org/browse/JBEAP-9677 *** Bug 1433516 has been marked as a duplicate of this bug. *** Verified with EAP-6.4.15.CP.CR{2,3}
Released on May 18 as part of EAP 6.4.15. |