Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-868

Stored persistent IDs can be invalidated by a date in the future

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.3.2, 3.3.3, 3.4.1, 3.4.2, 3.4.3, 3.4.4
    • Fix Version/s: 3.2.0, 4.0.0
    • Component/s: NameID Handling
    • Labels:
      None
    • Environment:

      IdP snapshot 3.2.0-20151116.054018-216

      Description

      Code in net.shibboleth.idp.saml.nameid.impl.JDBCPersistentIdStoreEx#getBySourceValue() only checks for the absence of a value in column deactivationDate (line 551), so it is theoretically possible to deactivate a persistent ID with a date in the future, which makes little sense. Flagging as "trivial" since deactivating persistent IDs is rarely used, if at all.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            cp+akh4hcy23wzvoqzqp+bp6+ao=@https://aai-logon.switch.ch/idp/shibboleth Etienne Dysli-Metref
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 45 minutes
                45m