Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Security] IDP shouldn't answer to SP saml request with unsupported name ID formats #38

Closed
peppelinux opened this issue Mar 27, 2019 · 1 comment
Closed

[Security] IDP shouldn't answer to SP saml request with unsupported name ID formats #38

peppelinux opened this issue Mar 27, 2019 · 1 comment

Comments

@peppelinux
Copy link
Contributor

peppelinux commented Mar 27, 2019
edited
Loading

in https://github.com/OTA-Insight/djangosaml2idp/blob/master/djangosaml2idp/views.py#L232
or in https://github.com/askvortsov1/djangosaml2idp/blob/master/djangosaml2idp/views.py#L146

The IDP return an UNSPECIFIED format if neither the sp or the idp nameid format was found.
In addition, a check about the availability of the requested name id format, idp side, hasn't been made.

This should raise an handled exception
@peppelinux peppelinux mentioned this issue Mar 28, 2019
Closed
@mhindery
Copy link
Contributor

This was merged and released with version 0.6.0

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @mhindery