Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-760

SAML2AuthenticationHandler#handleRequestType should check request method against HttpContext Request instance instead of AuthnRequestType

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: PLINK_2.7.1.Final
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None

      Description

      The fix of PLINK-700 introduces a regression in HTTP Redirect workflow use-cases (between SP and IdP) by the following change:

      SAML2AuthenticationHandler.java
      -                boolean isPost = httpContext.getRequest().getMethod().equalsIgnoreCase("POST");
      +               boolean isPost = art.getProtocolBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
      

      Even if httpContext.getRequest() has set GET http method, the handleRequestType method now assumes it being POST in case of urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST in AuthnRequestType.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                istudens Ivo Studensky
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: