Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3202

RelayState is validated as a URL

    Details

    • Sprint:
      Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45
    • Support Ticket IDs:

      Description

      The ESAPI validator is validating the RelayState parameter during SAML2 federation as a URL, where this may (should) be an opaque string. The result is that the RelayState parameter is silently dropped.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                jonathan Jonathan Scudder
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: