You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
andrewpai
changed the title
Override unknown ACS values in SAML state with registered URI
Add additional CSRF protection when FusionAuth is functioning as a SAML IdP
Jan 24, 2024
Add additional CSRF protection when FusionAuth is functioning as a SAML IdP #2611
Description
If a SAML state contains an unregistered redirect URI in its
acs
value, override it with the first registered URI.Is this a question about how to use FusionAuth? Please consider posting on the FusionAuth forum instead.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Release Notes
Add additional protection against cross-site attacks when FusionAuth is acting as a SAML IdP.
The text was updated successfully, but these errors were encountered: