Bug #1577
LassoProfile.signature_status should always contain the signature status of the last processed request or response
Start date:
27 July 2012
Due date:
% Done:
0%
Estimated time:
Patch proposed:
No
Planning:
No
Description
Currently for SAML 2 it's the case for responses but not for requests, as the signature validation is skipped when SIGNATURE_VERIFY_HINT is IGNORE.
What should be done is to always check the signature, but only report it as a failure if the signaturee verification hint allows it.
History
Updated by Benjamin Dauvergne almost 9 years ago
- Assignee set to Benjamin Dauvergne
- Target version changed from future to 318
- Patch proposed set to No