IdPSessionFilter lacks on Source IP verification and cookie signature checking

Fixed

Description fields

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

ERROR with IPv6 enabled:
10:22:13.686 ERROR [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:139] - Client sent a cookie from addres 2001:620:0:4:21b:63ff:fe94:bae2 but the cookie was issued to address 2001

ERROR with IPv6 disabled, running IPv4:
0:30:51.132 ERROR [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:157] - Session cookie signature did not match, the session cookie has been tampered with

Environment

None

Activity

ChadC

October 29, 2008 at 3:23 AM

(edited)

Derek Morr

October 15, 2008 at 3:56 PM

ChadC

October 15, 2008 at 3:35 PM

(edited)

Resize work item view side panel

Details

Assignee

ChadC

Reporter

Former user(Deactivated)

Created October 15, 2008 at 5:58 AM

Updated June 24, 2021 at 3:37 PM

Resolved October 29, 2008 at 3:23 AM

IdPSessionFilter lacks on Source IP verification and cookie signature checking

Description

Environment

ChadC

Derek Morr

ChadC

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Flag notifications

Something's gone wrong