Allow blocking of unsolicited SSO

Basics

Logistics

Basics

Logistics

Description

This would depend on the new support for message correlation checking, and would also assume that SAML 1 (and WS-Fed) were disabled separately to be useful.

Environment

None

Linked issues

depends on

SSPCPP-604

Web SSO Profile: InResponseTo attribute is not validated

has dependent

SSPCPP-873

Tighten SSO profile requirements around conditions

Activity

Scott CantorFebruary 25, 2020 at 2:45 AM

Finalized logic, added blockUnsolicited flag to MessageFlow rule and to new policy example.

Scott CantorFebruary 14, 2020 at 9:52 PM

Implemented and lightly tested as a new option via a predefined alternate SecurityPolicy. Currently this is just at the bearer confirmation check. Could be added to the MessageFlow rule, still debating.

Fixed

Details
Assignee
Scott Cantor
Reporter
Scott Cantor
Components
SAML 2.0 Single Sign-On
Fix versions
3.1.0

Created February 11, 2020 at 6:06 PM

Updated April 13, 2020 at 5:49 PM

Resolved February 25, 2020 at 2:45 AM

Allow blocking of unsolicited SSO

Description

Environment

Linked issues

depends on

has dependent

Activity

Scott CantorFebruary 25, 2020 at 2:45 AM

Scott CantorFebruary 14, 2020 at 9:52 PM

DetailsAssigneeScott CantorScott CantorReporterScott CantorScott CantorComponentsSAML 2.0 Single Sign-OnFix versions3.1.0

Details

Assignee

Reporter

Components

Fix versions

Details
Assignee
Scott Cantor
Reporter
Scott Cantor
Components
SAML 2.0 Single Sign-On
Fix versions
3.1.0