Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1716

X509 flow within MFA and subject canonicalization

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 4.0.0, 4.0.1, 3.4.7
    • Fix Version/s: 4.1.0
    • Component/s: Authentication
    • Labels:

      Description

      When using X509 authn within the MFA flow, a case exists whereby the c14n/x500 subject canonicalization process cannot use the certificate subject alternative names after the initial authn because the public credentials (certificate itself) are lost.

      Users mailing list thread(s):
      https://shibboleth.1660669.n2.nabble.com/previous-X509-auth-result-contains-subject-with-no-public-credentials-td7648022.html

      https://marc.info/?t=160590813500003&r=1&w=2

       

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            robertl@jlab.org Bobby Lawrence Lawrence
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 30 minutes
                3h 30m