Project

General

Profile

Bug #9616

RequestedAuthnContext - Comparison attribute is added as a child element

Added by Brett Gardner about 7 years ago. Updated about 7 years ago.

Status:
Fermé
Priority:
Normal
Assignee:
-
Category:
-
Target version:
2.5.1
Start date:
13 January 2016
Due date:
% Done:

100%

Estimated time:
Patch proposed:
Yes
Planning:

Description

When generating a AuthnRequest, adding a "RequestedAuthnContext" and setting the "Comparison" generates the following request

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_22D2E210A5ECFBB351A4936CF2A574FE"
Version="2.0"
IssueInstant="2016-01-13T00:53:37Z"
Destination="https://im1.oca-test-beta-el7sec.lan.noggin.com.au/saml/trust"
ForceAuthn="false"
IsPassive="false"
AssertionConsumerServiceURL="https://pro.oca-test-beta-el7sec.lan.noggin.com.au/login.html?op=op_samlresponse"
>
<saml:Issuer>https://pro.oca-test-beta-el7sec.lan.noggin.com.au/saml&lt;/saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
AllowCreate="false"
/>
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
<samlp:Comparison>minimum</samlp:Comparison>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

instead of

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_22D2E210A5ECFBB351A4936CF2A574FE"
Version="2.0"
IssueInstant="2016-01-13T00:53:37Z"
Destination="https://im1.oca-test-beta-el7sec.lan.noggin.com.au/saml/trust"
ForceAuthn="false"
IsPassive="false"
AssertionConsumerServiceURL="https://pro.oca-test-beta-el7sec.lan.noggin.com.au/login.html?op=op_samlresponse"
>
<saml:Issuer>https://pro.oca-test-beta-el7sec.lan.noggin.com.au/saml&lt;/saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
AllowCreate="false"
/>
<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

Attached is a reproduce case (php) and a patch that corrects the problem. The reproduce case triggers a PHP warning re XMLSEC that can be ignored for the purposes of this bug.

Files

lasso-comparison.patch (659 Bytes) lasso-comparison.patch Patch Brett Gardner, 13 January 2016 03:43 AM
lasso-reproduce.tar.bz2 (3.57 KB) lasso-reproduce.tar.bz2 Reproduce case Brett Gardner, 13 January 2016 03:44 AM

Associated revisions

Revision 675858f4 (diff)
Added by Benjamin Dauvergne about 7 years ago

Fix wrong snippet type (fixes #9616)

In elements samlp2:RequestedAuthnContext, Comparison is an attribute, not a text
child node.

History

#1

Updated by Benjamin Dauvergne about 7 years ago

  • Status changed from Nouveau to En cours
#2

Updated by Benjamin Dauvergne about 7 years ago

  • Status changed from En cours to Résolu (à déployer)
  • % Done changed from 0 to 100
#3

Updated by Benjamin Dauvergne about 7 years ago

  • % Done changed from 100 to 0

First time I see someone using that element :)

#4

Updated by Benjamin Dauvergne about 7 years ago

  • % Done changed from 0 to 100
#5

Updated by Benjamin Dauvergne about 7 years ago

  • Target version changed from 2.5.0 to 2.5.1
#6

Updated by Benjamin Dauvergne about 7 years ago

  • Status changed from Résolu (à déployer) to Fermé

Also available in: Atom PDF