Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3095

When a SP sends an unsigned Authn Request using SAML ECP OpenAM sees it as a wrong message

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.0-Xpress
    • Fix Version/s: 12.0.3, 13.5.0
    • Component/s: SAML
    • Environment:
      Office 365 as SP to IDP on OpenAM (SSO), any thick client (for example Thunderbird)
    • Sprint:
      AM Sustaining Sprint 15, AM Sustaining Sprint 16, AM Sustaining Sprint 17
    • Support Ticket IDs:

      Description

      A thick client is trying to connect to (for example) the mail services of Office 365, this Office 365 is protected by SSO to OpenAM. Because of the nature of the client the SAML ECP profile is used which sends an unsigned Authn request to OpenAM Soap endpoint. In the code of IDPSSOFederate there is an statement which says that all messages from ECP must be signed, but this will cause SAML ECP not to work in combination with Office 365. So can this code be refactored in such a way that it is configurable whether the Authn Request should be signed or not.

      (in version 10.1.0-Xpress it is line 345 of IDPSSOFederate.java

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                sarris.overbosch@everett.nl Sarris Overbosch
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h Time Not Required
                  1h