Bug #1577
LassoProfile.signature_status should always contain the signature status of the last processed request or response
Début:
27 juillet 2012
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Non
Planning:
Non
Description
Currently for SAML 2 it's the case for responses but not for requests, as the signature validation is skipped when SIGNATURE_VERIFY_HINT is IGNORE.
What should be done is to always check the signature, but only report it as a failure if the signaturee verification hint allows it.
Historique
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Assigné à mis à Benjamin Dauvergne
- Version cible changé de future à 318
- Patch proposed mis à Non