[OPENAM-4804] SAE fails with No_App_Attrs:https error Created: 28/Oct/14  Updated: 20/Nov/16  Resolved: 09/Feb/15

Status: Resolved
Project: OpenAM
Component/s: SAE
Affects Version/s: 10.0.3, 11.0.2, 12.0.0
Fix Version/s: 10.0.3, 11.0.3, 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: tsujiguchi Assignee: Mark de Reeper
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
Sprint: Sprint 76 - Sustaining
Support Ticket IDs:

 Description   

I try SAE. But saeerror.jsp is displayed always.

errorcode= IDP_3 messageParam= No_App_Attrs:http


 Comments   
Comment by tsujiguchi [ 28/Oct/14 ]

SA_IDP.jsp always fail to verification of idpAppUrl.

SA_IDP.jsp
176     String idpAppUrl = request.getParameter(SecureAttrs.SAE_PARAM_IDPAPPURL);
177     if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + idpAppUrl, idpAppUrl,
178         "HTTPParameterValue", 2000, true)) {
179         idpAppUrl = null;
180     }

Utils.queryStringFromRequest() returns the encoded goto parameter.

I think this goto parameter is invalid.

Utils.jsp
98     public static String queryStringFromRequest(HttpServletRequest request)
99     {
100         Enumeration en = request.getParameterNames();
101         StringBuilder buf = new StringBuilder();
102         boolean priorparam = false;
103         while (en.hasMoreElements()) {
104             String name = (String) en.nextElement();
105             String val = request.getParameter(name);
106             if (priorparam)
107                 buf.append("&");
108             buf.append(name).append("=").append(ESAPI.encoder().encodeForHTML(val));
109             priorparam = true;
110         }
111         return buf.toString();
112     }
Comment by Mark de Reeper [ 09/Feb/15 ]

Fixed in R12388, R12389, R12390 and R12391

Generated at Wed Oct 21 09:51:34 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.