Uploaded image for project: 'Shibboleth SP - C++'
  1. Shibboleth SP - C++
  2. SSPCPP-719

SP session creation parameter target and discoveryProtocol SAMLDS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.1
    • Labels:
      None
    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple
    • Web Server:
      Multiple

      Description

      Hello,

      I am using Shibboleth Native SP for Apache 2.6.0 on CentOS 6.8.

      The SP is configured with an <SSO> element that uses the
      discoveryProtocol attribute with value "SAMLDS":

      <SSO discoveryProtocol="SAMLDS" discoveryURL="https://myserver.com/discovery" EC
      P="true">

      When I initiate session creation (a SAML2 SSO flow) like this

      https://myserver.com/Shibboleth.sso/Login?target=https%3A%2F%2Fanother.server.com

      I receive a 302 Found with Location

      https://myserver.com/discovery?entityID=https%3A%2F%2F/myserver.com/shibboleth?return=https%3A%2F%2Fanother.server.com%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253A618901ce5b68917111816e2157b1d5c612981a553e5ccccc7851a3708d2a8f86

      That is, the discovery service is being told to send the
      browser to a Shibboleth handler location at the target, which
      in my use case does not exist.

      I note that if I change the SP session creation parameter from
      'target' to 'return' the Location has what I expect for the
      value of 'return' that is passed to the discovery service.

      Was the SP creation parameter name 'target' inadvertantly changed
      to 'return'?

      Note that the attribute 'redirectLimit' on the <Sessions>
      element is not set and so should have the default behavior of
      'none'.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            skoranda@uwm.edu Scott F Koranda
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: