[
https://issues.apache.org/jira/browse/FEDIZ-157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15186807#comment-15186807
]
Jan Bernhardt commented on FEDIZ-157:
-------------------------------------
A new property is now available for a trusted IDP configuration {{issuer}}. If
set this property will be used for issuer name validation. If it is not set,
the {{url}} parameter will be used as before to ensure backward compatibility.
> SAMLResponse Handler uses URL instead of Realm name for issuer validation
> -------------------------------------------------------------------------
>
> Key: FEDIZ-157
> URL: https://issues.apache.org/jira/browse/FEDIZ-157
> Project: CXF-Fediz
> Issue Type: Bug
> Components: IDP
> Affects Versions: 1.2.2
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.3.0
>
>
> The {{TrustedIdpSAMLProtocolHandler}} uses the {{SAMLSSOResponseValidator}}
> to validate the issuer name within the {{SAMLResponse}}.
> For this validation the configured 3rd party URL is used. This is an error,
> because the redirect URL for the {{SAMLRequest}} does not need to be equal or
> even similar to the issuer name within the {{SAMLResponse}}.
> The 3rd party realm name should be applicable instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
