Query logic should enforce subject matching

Description

The attribute query logic is currently leaving subject matching implicit and just trusting the IdP. No attacks are obvious here, even with the TLS prefix attack, but for correctness' sake, it should be enforced in the SP.

Environment

None

Activity

Scott Cantor 
November 24, 2009 at 11:07 AM

http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3196

For now, defaulting the check to off, but turning on in the shipped config.

Fixed

Details

Assignee

Reporter

Fix versions

Affects versions

Created November 17, 2009 at 10:22 AM
Updated May 26, 2011 at 1:30 PM
Resolved November 24, 2009 at 11:07 AM