Project

General

Profile

Bug #7118

Authorized NameID format are sometimes refused because they are not mapped correctly to local identifiers

Added by Benjamin Dauvergne over 4 years ago. Updated about 2 years ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
30 Apr 2015
Due date:
% Done:

100%

Patch proposed:
No
Planning:
No

Description

edupersontargetedid and persistent identifiers map to the same NameID format. When reversing this relation depending on ordering of the dictionnary, the persistent NameID format is mapped to the string 'persistentn' or 'edupersontargetedid' which if the two are not authorized produce denied request when it should have been accepted.

Wheen lookup for the identifier of a NameID format we should only consider authorized ones.

Associated revisions

Revision b05c11b4 (diff)
Added by Benjamin Dauvergne over 4 years ago

saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)

Revision 4c1c0415 (diff)
Added by Benjamin Dauvergne over 4 years ago

saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)

Revision b788a3be (diff)
Added by Benjamin Dauvergne over 4 years ago

saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)

Revision 24f395f9 (diff)
Added by Benjamin Dauvergne over 4 years ago

saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)

History

#1 Updated by Benjamin Dauvergne over 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Nouveau to Résolu (à déployer)

#5 Updated by Benjamin Dauvergne almost 4 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#6 Updated by Benjamin Dauvergne about 2 years ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF