Please sign in to comment.
bugfix: Make sure a persistent NameID is not generated by default whe…
…n the UserID is missing in the state array. This allowed misconfigured IdPs (i.e. those without both a PersistenNameID authproc filter, a “userid.attribute” configuration option and no “eduPersonPrincipalName” attribute available after running all the authentication processing filters) to generate a persistent NameID based on “null”, effectively giving all users the same identifier.
- Loading branch information...