Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3202

RelayState is validated as a URL

    XMLWordPrintable

    Details

    • Rank:
      1|hzlzmv:
    • Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45

      Description

      The ESAPI validator is validating the RelayState parameter during SAML2 federation as a URL, where this may (should) be an opaque string. The result is that the RelayState parameter is silently dropped.

        Attachments

          Issue Links

            Activity

              People

              peter.major Peter Major [X] (Inactive)
              jonathan Jonathan Scudder
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: