Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9790

Allow IDP to determine request binding from goto url as well as request method

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 12.0.3, 13.5.0
    • Fix Version/s: 6.5.0, 6.0.1, 5.5.2
    • Component/s: SAML
    • Labels:
    • Sprint:
      AM Sustaining Sprint 35, AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41, AM Sustaining Sprint 42, AM Sustaining Sprint 43, AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46, AM Sustaining Sprint 47, AM Sustaining Sprint 48, AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51
    • Story Points:
      2
    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Steps to reproduce: - ( dependant on OPENAM-9475 being present )

      1) Create an IDP that only has POST IDP Service Attributes defined (Single Logout Service and Single SignOn Service) This could be done by creating IDP then choosing in Federation tab and removing Redirect and SOAP endpoints

      2) Federate with SP.

      3)Initiate a spSSOInit

      e.g.

      http://sp.example.net:9080/openam/saml2/jsp/spSSOInit.jsp?idpEntityID=http%3A%2F%idp.example.com%3A8080%2Fopenam&metaAlias=/sp

      This will fail with unsupported binding exception.

      Analysis:
      After authenticating at the IDP XUI - the flow goes to the idpSSOFederate.jsp page.

      Here the logic is to use the request method to determine request binding which will be set to
      HTTP_REDIRECT (which is not defined in IDP) as this is actually GET request method.

          String reqBinding = SAML2Constants.HTTP_REDIRECT;
          if (request.getMethod().equals("POST")) {
              reqBinding = SAML2Constants.HTTP_POST;
          }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sfraser Sam Fraser
                Reporter:
                jonthomas Jonathan Thomas
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: