Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-619

Wildfly SP allows access after bad IDP signature

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Critical
    • PLINK_2.7.0.Final
    • PLINK_2.7.0.CR1
    • SAML
    • None

    Description

      Wildfly SAML2 SP will allow a constrained HTTP request into the servlet even if the IDPs signature is invalid. Principal will be null though

      https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlSignedPostBindingTest.java

      See method: testBadRealmSignature()

      Let me know if you can't get to this. I'll look into it when I finish keycloak saml work.

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            patriot1burke@gmail.com Bill Burke (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: