ADFS SessionInitiator doesn't raise proper error when ACS is wrong
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
The ADFS initiator by itself isn't handling the case of a bogus ACS calculation correctly, and just falls into code that shouldn't run.
Also, the new code added with 2.2.1 to do binding checks on the ACS created a regression that makes it necessary to define a defaultACSIndex property since it doesn't auto-derive the ACS based on binding any more. Need to revisit this logic.
The "fall through" bug affects all the other protocol handlers as well, and was introduced with the fix to check the ACS binding against the protocol to prevent mixing of protocols.
The ADFS initiator by itself isn't handling the case of a bogus ACS calculation correctly, and just falls into code that shouldn't run.
Also, the new code added with 2.2.1 to do binding checks on the ACS created a regression that makes it necessary to define a defaultACSIndex property since it doesn't auto-derive the ACS based on binding any more. Need to revisit this logic.