IIS and new Service Provider v2.5
Martin B. Smith
smithmb at ufl.edu
Tue Nov 6 14:00:50 EST 2012
On 11/06/2012 01:13 PM, Cantor, Scott wrote:
> I suspect it's happening because of a tail match of something that ends in
> "st". What I would note is that I think they have safeHeaderNames turned
> off. That results in some slightly different logic for checking the names
> and is probably where the tail matching problem is showing up.
Hey Scott & all,
You're correct -- safeHeaderNames defaults to false, and many of these
configurations are using older config files from previous versions of
the SP where safeHeaderNames isn't specified at all.
I'm being told some folks have cast some suspicion on the following
cookie as the place the SP software is detecting the "st:" --
Is it possible there's a bug in parsing that cookie and somehow the SP
thinks there's a header named "st:" being injected from ALL_HTTP? In any
case, I'll file a bug and let you decide what to do from there. I'll
also recommend safeHeaderNames be turned on.
Martin B. Smith, Systems Administrator
smithmb at ufl.edu - (352) 273-1329
UF Information Technology, CNS/Open Systems Group
University of Florida
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20121106/c87121e7/attachment.bin
More information about the users