Bug #7118
Authorized NameID format are sometimes refused because they are not mapped correctly to local identifiers
100%
Description
edupersontargetedid and persistent identifiers map to the same NameID format. When reversing this relation depending on ordering of the dictionnary, the persistent NameID format is mapped to the string 'persistentn' or 'edupersontargetedid' which if the two are not authorized produce denied request when it should have been accepted.
Wheen lookup for the identifier of a NameID format we should only consider authorized ones.
Associated revisions
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
History
Updated by Benjamin Dauvergne almost 6 years ago
- Status changed from Nouveau to Résolu (à déployer)
- % Done changed from 0 to 100
Appliqué par commit authentic2|b05c11b4352fc71257401c639a69c74256e13cfb.
Updated by Benjamin Dauvergne almost 6 years ago
Appliqué par commit authentic2|4c1c04151b3087805bb9aec1b41c56024716faba.
Updated by Benjamin Dauvergne almost 6 years ago
Appliqué par commit authentic2|b788a3beacd21db19b96ca8aeb247797928f8a1d.
Updated by Benjamin Dauvergne almost 6 years ago
Appliqué par commit authentic2|24f395f903a899669d56f523004aa682f2b3d3ce.
Updated by Benjamin Dauvergne about 5 years ago
- Status changed from Résolu (à déployer) to Solution déployée
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)