Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16999

Document Stricter requirements for SAML Assertion Consumer Service

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.0, 6.5.3, 7.1.0, 7.0.1
    • 7.0.0, 6.5.3, 7.1.0
    • documentation
    • AM 6.5.3 and above
    • Rank:
      1|i02na7:
    • No
    • No
    • No (add reasons in the comment)

      Description

      Bug description

      Due to changes introduced in 6.5.3 and 7.0.0 SAML Assertion Consumer Service must exactly match. 

      if a customer edited this to remove the port numbers (80/443 as an example). This will fail after an upgrade 

      Needs to be outlined as an upgrade consideration

      How to reproduce the issue

      1. Configure SAML in 6.5.3 or 7.0.0
      2. Change the Assertion consumer service to remove the port 
      3. Test and this will fail but Message logging will not have much only
        libSAML:10/28/2020 03:46:37:607 PM EDT: Thread[https-jsse-nio-8443-exec-9,5,main]: TransactionId[db55cc6b-0e78-484f-9a02-5eaa18c7561d-315]
        SAMLUtils.sendError: error page /saml2/jsp/saml2error.jsp
        Audit logs will at least show:
        "Invalid Assertion Consumer Location specified"
      Expected behaviour
      By default the port is included when creating SAML sp's but it functioned without this in prior versions
      Current behaviour
      If you have edited this, SAML will fail with above errors

      Work around

      Correct Assertion Consumer Service to include port.

      Code analysis

      Issue reported in https://bugster.forgerock.org/jira/browse/OPENAM-16998
      

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            william.hepler William Hepler
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: