Project

General

Profile

Actions
Copy link

Bug #1577

open

LassoProfile.signature_status should always contain the signature status of the last processed request or response

Added by Benjamin Dauvergne over 13 years ago. Updated over 5 years ago.

Status:
Nouveau
Priority:
Normal
Assignee:
-
Category:
-
Target version:
future
Start date:
27 July 2012
Due date:
% Done:

0%

Estimated time:
Patch proposed:
No
Planning:
No

Description

Currently for SAML 2 it's the case for responses but not for requests, as the signature validation is skipped when SIGNATURE_VERIFY_HINT is IGNORE.

What should be done is to always check the signature, but only report it as a failure if the signaturee verification hint allows it.

Actions
Copy link
 #1

Updated by Benjamin Dauvergne over 10 years ago

  • Target version set to future
Actions
Copy link
 #2

Updated by Benjamin Dauvergne almost 10 years ago

  • Assignee set to Benjamin Dauvergne
  • Target version changed from future to 318
  • Patch proposed set to No
Actions
Copy link
 #3

Updated by Benjamin Dauvergne over 7 years ago

  • Target version changed from 318 to future
Actions
Copy link
 #4

Updated by Benjamin Dauvergne over 5 years ago

  • Assignee deleted (Benjamin Dauvergne)
Actions
Copy link

Also available in: Atom PDF