Bug #7118
Authorized NameID format are sometimes refused because they are not mapped correctly to local identifiers
100%
Description
edupersontargetedid and persistent identifiers map to the same NameID format. When reversing this relation depending on ordering of the dictionnary, the persistent NameID format is mapped to the string 'persistentn' or 'edupersontargetedid' which if the two are not authorized produce denied request when it should have been accepted.
Wheen lookup for the identifier of a NameID format we should only consider authorized ones.
Associated revisions
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
saml: when looking for the NameID formats identifier only check the authorized ones (fixes #7118)
History
#1 Updated by Benjamin Dauvergne over 4 years ago
- % Done changed from 0 to 100
- Status changed from Nouveau to Résolu (à déployer)
Appliqué par commit authentic2|b05c11b4352fc71257401c639a69c74256e13cfb.
#2 Updated by Benjamin Dauvergne over 4 years ago
Appliqué par commit authentic2|4c1c04151b3087805bb9aec1b41c56024716faba.
#3 Updated by Benjamin Dauvergne over 4 years ago
Appliqué par commit authentic2|b788a3beacd21db19b96ca8aeb247797928f8a1d.
#4 Updated by Benjamin Dauvergne over 4 years ago
Appliqué par commit authentic2|24f395f903a899669d56f523004aa682f2b3d3ce.
#5 Updated by Benjamin Dauvergne almost 4 years ago
- Status changed from Résolu (à déployer) to Solution déployée
#6 Updated by Benjamin Dauvergne about 2 years ago
- Status changed from Solution déployée to Fermé