[jira] [Updated] (CXF-7039) JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy

Mon, 05 Sep 2016 03:51:50 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-7039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michal Sabo updated CXF-7039:
-----------------------------
    Description: 
During the SAML web SSO processing, the RequestAssertionConsumerService 
validates the request with the 
org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator using a wrong 
assertionConsumerURL.

The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with the 
serviceURL taken as the 
org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
 property, however the 
org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped 
with the following consumer URL:

ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());

This particularly makes a problem when serving the application behind a reverse 
proxy.

  was:
During the SAML web SSO processing, the RequestAssertionConsumerService 
validates the request using 
org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator using a wrong 
assertionConsumerURL.

The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with the 
serviceURL taken as the 
org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
 property, however the 
org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped 
with the following consumer URL:

ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());

This particularly makes a problem when serving the application behind a reverse 
proxy.


> JAX-RS Security SAML web SSO consumer service can not validate SAML response 
> behind reverse proxy
> -------------------------------------------------------------------------------------------------
>
>                 Key: CXF-7039
>                 URL: https://issues.apache.org/jira/browse/CXF-7039
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.0.9
>         Environment: JRE 1.8.0_101-b13
>            Reporter: Michal Sabo
>
> During the SAML web SSO processing, the RequestAssertionConsumerService 
> validates the request with the 
> org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator using a wrong 
> assertionConsumerURL.
> The SAML request (org.opensaml.saml2.core.AuthnRequest) is configured with 
> the serviceURL taken as the 
> org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter.assertionConsumerServiceAddress
>  property, however the 
> org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator is bootstrapped 
> with the following consumer URL:
> ssoResponseValidator.setAssertionConsumerURL(messageContext.getUriInfo().getAbsolutePath().toString());
> This particularly makes a problem when serving the application behind a 
> reverse proxy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to