Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protected Gluu end points #1494

Closed
sahilIT2020 opened this issue Feb 1, 2019 · 1 comment
Closed

Protected Gluu end points #1494

sahilIT2020 opened this issue Feb 1, 2019 · 1 comment
Assignees
@jgomer2001
Labels
bug High Priority
Milestone
3.1.6

Comments

@sahilIT2020
Copy link
Contributor

sahilIT2020 commented Feb 1, 2019
edited by willow9886

Following Gluu endpoints should be made protected. Also, we need to check all other end points and ensure that sensitive end points are not public

../passport/saml_config
../passport/passportstrategies

Issue is reproducible on following versions
3.1.2, 3.1.3, 3.1.4, 3.1.5

Note: No sensitive data is exposed via these endpoints.
@sahilIT2020 sahilIT2020 added this to the 3.1.6 milestone Feb 1, 2019
@yurem yurem assigned jgomer2001 and unassigned yurem Feb 1, 2019
@jgomer2001
Copy link
Contributor

2 Passport endpoints do not need protection. They were removed and code adjusted, as per GluuFederation/oxAuth#993

@yurem can you do an overall CE revision about any other data exposed anonymously

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgomer2001 jgomer2001

Labels
bug High Priority
Projects
None yet
Milestone
3.1.6
Development

No branches or pull requests
3 participants
@jgomer2001 @yurem @sahilIT2020