NativeSP: xmltooling::IOException when processing Logout Response
Rainer Hoerbe
rainer at hoerbe.at
Mon May 20 10:20:02 EDT 2019
Thanks for the explanation. It was only unclear, that a tampered relay state leads to a security policy exception, while an unsolicited relay state causes the URL parsing exception. In theory, the SP could reject a RelayState value that is neither a cookie, local storage or a valid URL. But that is cosmetic, and with this mail thread in the search engine results future generation have clarified the issue :-)
- Rainer
> Am 2019-05-20 um 14:19 schrieb Cantor, Scott <cantor.2 at osu.edu>:
>
> The SP doesn't have any memory of RelayState per se, it just processes them based on what's in them and if they're not storage or cookie based, it will treat them as URLs and enforce the redirection policy, which requires parsing the URL to a limited degree. That's what failed, presumably, so the value is simply malformed.
>
> You shouldn't need anything more than access logs if they're redirect messages, it should be evident what was in the parameter. POST would be the difficult one.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list