Shibboleth acting as open redirect
cantor.2 at osu.edu
Thu Oct 10 08:09:47 EDT 2019
On 10/10/19, 7:39 AM, "users on behalf of Max Spicer" <users-bounces at shibboleth.net on behalf of max.spicer at york.ac.uk> wrote:
> Is this behaviour standard, or is it a mis-configuration on our part?
A system working as designed that is inherently insecure is how I define the WWW, but call it a misconfiguration if you like. See https://wiki.shibboleth.net/confluence/display/SP3/Sessions, redirectLimit
More information about the users