Decrypted assertion's signature not verifiable due to IDness bug

Basics

Logistics

Basics

Logistics

Description

I believe due to https://shibboleth.atlassian.net/browse/OSJ-154#icft=OSJ-154 the DecryptAssertions profile action ends up leaving the decrypted assertions in a state where the signature won't be verifiable. It's observable with the new proxying support in the IdP when the assertion is signed and encrypted.

I'm not sure we have plans to fix the overarching bug, so filing this separately in case a more tactical fix is required.

Environment

None

Activity

Brent PutmanMay 28, 2020 at 3:56 AM

https://shibboleth.atlassian.net/browse/OSJ-154#icft=OSJ-154 is now fixed. So the solution here is to simply re-marshall the Response if there were any decrypted Assertions.

Fixed in 286630bb85fe9487b38f44b4319adffa069fc1f4.

Fixed

Details
Assignee
Brent Putman
Reporter
Scott Cantor
Components
SAML 2 Profiles
Fix versions
4.0.1
Affects versions
4.0.0

Created April 17, 2020 at 1:50 PM

Updated May 28, 2020 at 3:56 AM

Resolved May 28, 2020 at 3:56 AM

Decrypted assertion's signature not verifiable due to IDness bug

Description

Environment

Activity

Brent PutmanMay 28, 2020 at 3:56 AM

Details
Assignee
Brent Putman
Reporter
Scott Cantor
Components
SAML 2 Profiles
Fix versions
4.0.1
Affects versions
4.0.0

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Flag notifications

Something's gone wrong

Something's gone wrong

Decrypted assertion's signature not verifiable due to IDness bug

Description

Environment

Activity

Brent PutmanMay 28, 2020 at 3:56 AM

DetailsAssigneeBrent PutmanBrent PutmanReporterScott CantorScott CantorComponentsSAML 2 ProfilesFix versions4.0.1Affects versions4.0.0

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Brent Putman
Reporter
Scott Cantor
Components
SAML 2 Profiles
Fix versions
4.0.1
Affects versions
4.0.0