[OPENAM-6318] IdP proxy should populate the AuthenticatingAuthority element in its Responses - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 11.0.4, 12.0.3, 13.0.0
Component/s: SAML
Labels:

Sprint:
Sprint 84 - Sustaining

Support Ticket IDs:

Verified Version/s:

12.0.3

Description

According to the SAML core spec, section 3.4.1.5.1:

The <saml:AuthnStatement> in the new assertion MUST include a <saml:AuthnContext>
element containing a <saml:AuthenticatingAuthority> element referencing the identity
provider to which the proxying identity provider referred the presenter. If the original assertion
contains <saml:AuthnContext> information that includes one or more
<saml:AuthenticatingAuthority> elements, those elements SHOULD be included in the
new assertion, with the new element placed after them.

OpenAM currently does not populate the AuthenticatingAuthority field, which appears to violate a MUST in the spec.

Attachments

Activity

People

Assignee:

Peter Major [X] (Inactive)

Reporter:

Peter Major [X] (Inactive)

QA Assignee:

Nemanja Lukic

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

07/Jul/15 4:32 PM

Updated:

20/Nov/16 12:26 PM

Resolved:

10/Jul/15 9:56 AM

Time Tracking

Estimated:

Remaining:

Logged: