Shibboleth acting as open redirect

Cantor, Scott cantor.2 at
Thu Oct 10 08:09:47 EDT 2019

On 10/10/19, 7:39 AM, "users on behalf of Max Spicer" <users-bounces at on behalf of max.spicer at> wrote:

> Is this behaviour standard, or is it a mis-configuration on our part?

A system working as designed that is inherently insecure is how I define the WWW, but call it a misconfiguration if you like. See, redirectLimit

-- Scott

More information about the users mailing list