Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-419

Assertion is not renewed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • PLINK_2.7.0.CR1
    • PLINK_2.6.0.CR2
    • SAML
    • None
    • Hide

      Login to application A and capture the SAML response, note the value of the ID attribute of the assertion.
      Login (or just "go", as it's SSO) to application B and capture the SAML response, note the value of the ID attribute of the assertion.
      The IDs of A and B are different, but shouldn't be, as the assertion just had to be renewed.

      Show
      Login to application A and capture the SAML response, note the value of the ID attribute of the assertion. Login (or just "go", as it's SSO) to application B and capture the SAML response, note the value of the ID attribute of the assertion. The IDs of A and B are different, but shouldn't be, as the assertion just had to be renewed.

      In SAML2AuthenticationHandler$IDPAuthenticationHandler.getResponse, at line 263, the ASSERTION_ID is gotten from the session and assigned to a local variable, on which further on in the program flow a renew or issue assertion is based. However, the ASSERTION_ID attribute seems to be never set in the session, which leads to a issue assertion in every single case, instead of renewing assertions when appropriate.

      While going through the whole login flow in debug mode, I was never able to get into the renewToken logic.

              psilva@redhat.com Pedro Igor Craveiro
              roelvanniekerk_jira Roel van Niekerk (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: