larger key breaking sasl library #4
Comments
|
I think I was using canon_user wrong on in the client plugin. It was 'working' by accident. I was calling canon_user with the assertion and audience. I don't need to do this. canon_user should be called on the client side with the user's email address for both user and authname. I'm currently investigating a two step protocol (instead of 1 step). With this piece of information, the client can call canon_user. |
|
I've taken a stab at fixing this. Also, sasl-browserid had fallen out of sync with browserid.org. Resp no longer contains valid_until, it has it as expires. Also fixed. |
|
For reference |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We currently send the assertion in the CB_AUTHNAME field. The latest assertions in production are larger than the max allowed for this field and are causing SASL_BUFOVER to be returned when we try to canonicalize the authname.
result = params->canon_user(params->utils->conn, browser_assertion, 0,
SASL_CU_AUTHZID, oparams);
This causes the server plugin to quit early and auth to fail.
Areas to explore:
The text was updated successfully, but these errors were encountered: