Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for gh10663 encryptedID #10689

Closed
wants to merge 3 commits into from
Closed

Fix for gh10663 encryptedID #10689

wants to merge 3 commits into from

Conversation

bitrecycling
Copy link
Contributor

No description provided.

@bitrecycling
WIP Tests sometimes fail!
cbbbff8 
Enabled SAML LogoutRequests with EncryptedID

The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh10663
@bitrecycling
Enabled SAML LogoutRequests with EncryptedID
e17f3b1 
The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh10663
@bitrecycling bitrecycling mentioned this pull request Jan 8, 2022
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 8, 2022
@eleftherias eleftherias added in: saml2 An issue in SAML2 modules status: duplicate A duplicate of another issue type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 10, 2022
@jzheaux jzheaux added this to the 5.7.0-M1 milestone Jan 12, 2022
@bitrecycling
Testfix
224b90a 
Enabled SAML LogoutRequests with EncryptedID

The OpenSamlLogoutRequestValidator validates the subject to be logged out.
Formerly this was done only using the NameID from the OpenSamlLogoutRequest.
Now the EncryptedID is also supported, Since the SAML2 Standard also allows
the EncryptedID as subject identifiers,

- added EncryptedID as valid subject in OpenSamlLogoutRequestValidator
- added test

Closes gh10663
@bitrecycling
Copy link
Contributor Author

@jzheaux I tried to reproduce and fix

@sjohnr sjohnr modified the milestones: 5.7.0-M1, 5.7.0-M2 Jan 14, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Jan 14, 2022

Thanks, @bitrecycling! I've merged this into 5.7.x via 700cae8 and a polish of 3c45d46. It's also been merged into main as part of the 6.0 release.

@jzheaux jzheaux closed this Jan 14, 2022
@bitrecycling
Copy link
Contributor Author

Thanks, @bitrecycling!
@jzheaux glad I could help, also I might be using it soon :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
5.7.0-M2
Development

Successfully merging this pull request may close these issues.
5 participants
@bitrecycling @jzheaux @sjohnr @eleftherias @spring-projects-issues