Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not send SubjectConfirmationData Address= with URL #50

Merged

Conversation

thijskh
Copy link
Member

@thijskh thijskh commented Feb 5, 2019

Before, Mujina would send the following SubjectConfirmationData:

 <saml2:SubjectConfirmationData Address="https://engine.example.org/authentication/sp/consume-assertion"

The Address attribute is in SAML 2.0 core more or less defined to be
an IP-address (or at least something a session can be "bound" to).
This being an URL trips some very strict libraries.

IP-address binding is not a feature that is useful in Mujina (or in
general, if you ask me). Likely best just not to send it at all.

Before, Mujina would send the following SubjectConfirmationData:
```xml
 <saml2:SubjectConfirmationData Address="https://engine.example.org/authentication/sp/consume-assertion"
```

The Address attribute is in SAML 2.0 core more or less defined to be
an IP-address (or at least something a session can be "bound" to).
This being an URL trips some very strict libraries.

IP-address binding is not a feature that is useful in Mujina (or in
general, if you ask me). Likely best just not to send it at all.
@thijskh thijskh requested a review from oharsta February 5, 2019 10:43
@codecov-io
Copy link

Codecov Report

Merging #50 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master      #50   +/-   ##
=========================================
  Coverage     92.48%   92.48%           
  Complexity      153      153           
=========================================
  Files            29       29           
  Lines           532      532           
  Branches         10       10           
=========================================
  Hits            492      492           
  Misses           30       30           
  Partials         10       10

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8aa7efe...af1600d. Read the comment docs.

@oharsta oharsta merged commit 5724078 into master Feb 5, 2019
@thijskh thijskh deleted the bugfix/subjectconfirmationdata-invalid-address-attribute branch February 5, 2019 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants