You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Logout request signature validation is skipped at [1] due to logoutReqIssuer not being populated properly.
The logoutReqIssuer information is retrieved base on what's stored during the authentication at [2]. The created SAMLSSOServiceProviderDO lacks information which requires to validate SAML logout response (eg: logout validation config, SP certificate, etc). Need to check the feasibility of using the SAMLSSOServiceProviderDO object created at [3] instead of creating a new object.
Thank you for your contribution!
We are closing this issue since it has not been prioritized for a long time. Chances are that it has already been solved in more recent versions. If not, we will be re-evaluating this when it becomes a priority.
Logout request signature validation is skipped at [1] due to
logoutReqIssuer
not being populated properly.The
logoutReqIssuer
information is retrieved base on what's stored during the authentication at [2]. The createdSAMLSSOServiceProviderDO
lacks information which requires to validate SAML logout response (eg: logout validation config, SP certificate, etc). Need to check the feasibility of using theSAMLSSOServiceProviderDO
object created at [3] instead of creating a new object.[1] - https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/ee338982c1add8f75f1132a6b3bacb30cee7989b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/SPInitLogoutRequestProcessor.java#L130
[2] - https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/master/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/SPInitSSOAuthnRequestProcessor.java#L142
[3] - https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/master/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/SPInitSSOAuthnRequestProcessor.java#L54
The text was updated successfully, but these errors were encountered: