Bug #9616
RequestedAuthnContext - Comparison attribute is added as a child element
100%
Description
When generating a AuthnRequest, adding a "RequestedAuthnContext" and setting the "Comparison" generates the following request
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_22D2E210A5ECFBB351A4936CF2A574FE"
Version="2.0"
IssueInstant="2016-01-13T00:53:37Z"
Destination="https://im1.oca-test-beta-el7sec.lan.noggin.com.au/saml/trust"
ForceAuthn="false"
IsPassive="false"
AssertionConsumerServiceURL="https://pro.oca-test-beta-el7sec.lan.noggin.com.au/login.html?op=op_samlresponse"
>
<saml:Issuer>https://pro.oca-test-beta-el7sec.lan.noggin.com.au/saml</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
AllowCreate="false"
/>
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
<samlp:Comparison>minimum</samlp:Comparison>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
instead of
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_22D2E210A5ECFBB351A4936CF2A574FE"
Version="2.0"
IssueInstant="2016-01-13T00:53:37Z"
Destination="https://im1.oca-test-beta-el7sec.lan.noggin.com.au/saml/trust"
ForceAuthn="false"
IsPassive="false"
AssertionConsumerServiceURL="https://pro.oca-test-beta-el7sec.lan.noggin.com.au/login.html?op=op_samlresponse"
>
<saml:Issuer>https://pro.oca-test-beta-el7sec.lan.noggin.com.au/saml</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
AllowCreate="false"
/>
<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Attached is a reproduce case (php) and a patch that corrects the problem. The reproduce case triggers a PHP warning re XMLSEC that can be ignored for the purposes of this bug.
Fichiers
Révisions associées
Historique
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Statut changé de En cours à Résolu (à déployer)
- % réalisé changé de 0 à 100
Appliqué par commit 675858f43cfc33216e6b7b9c8a62b826a8a1ef4a.
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- % réalisé changé de 100 à 0
First time I see someone using that element :)
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Statut changé de Résolu (à déployer) à Fermé
Fix wrong snippet type (fixes #9616)
In elements samlp2:RequestedAuthnContext, Comparison is an attribute, not a text
child node.