Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issuer Validation #712

Closed
AndersAbel opened this issue May 9, 2017 · 0 comments
Closed

Issuer Validation #712

AndersAbel opened this issue May 9, 2017 · 0 comments
Labels
bug security enhancement
Milestone
v2.9.2

Comments

@AndersAbel
Copy link
Member

AndersAbel commented May 9, 2017
edited
Loading

The issuer in the saml response is used to retreive signin keys and it is thus properly validated that the issuer of the response has access to the signing keys. The issuer in the assertion should also be validated, otherwise a malicious idp could craft a response where the assertion issuer identifies another Idp. It is the assertion issuer that is used to create the issuer property of the issued claims.
The issuer should also be validated against the issuer identified in the stored request state to prevent substition of encrypted request state.
@Sustainsys Sustainsys locked and limited conversation to collaborators Sep 6, 2018
AndersAbel added a commit that referenced this issue Sep 19, 2023
@AndersAbel
Issuer validation
855f94d 
- Fixes #712
AndersAbel added a commit that referenced this issue Sep 19, 2023
@AndersAbel
Issuer validation
419081d 
- Fixes #712
@AndersAbel AndersAbel modified the milestones: v2.9.2, v1.0.3 Sep 19, 2023
@AndersAbel AndersAbel changed the title Reserved Issue# Issuer Validation Sep 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug security enhancement
Projects
None yet
Milestone
v2.9.2
Development

No branches or pull requests
1 participant
@AndersAbel