Project

General

Profile

Actions

Bug #182

closed

Host misses serverPort

Added by Marcel Selhorst almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
03/15/2013
Due date:
% Done:

100%

Estimated time:
Reviewer:
Build Version:

Description

Incoming HTTP GET calls miss the server port information within the HTTP HOST HEADER.
This leads to Verification Errors of the SAMLResponse, since the destination, recipient and audienceRestriction will not comply to the given host value.
Here two examples (tested with Tomcat)

================================================= ================== AUSWEIS APP ================= =================================================
Server Name: dev-selhomar01
Remote Host: 172.20.109.172
Query String: SAMLResponse=[...]
Request URL: https://dev-selhomar01:1443/bdr-demo-sp-1.0.0-SNAPSHOT/saml/Response
PathInfo: /Response ================
HEADER-LIST ================
user-agent:Java/1.7.0_09
host:dev-selhomar01:1443
accept:text/html, image/gif, image/jpeg, ; q=.2, */; q=.2
connection:keep-alive

================================================= ================ Open-eCard-App ================ =================================================
Server Name: dev-selhomar01
Remote Host: 172.20.109.172
Query String: SAMLResponse=[...]
Request URL: https://dev-selhomar01/bdr-demo-sp-1.0.0-SNAPSHOT/saml/Response
PathInfo: /Response ================
HEADER-LIST ================
connection:keep-alive
user-agent:Open-eCard-App/1.0.1-SNAPSHOT
host:dev-selhomar01
accept:text/xml, */*;q=0.8
accept-charset:utf-8, *;q=0.8 ================

Actions #1

Updated by Detlef Hühnlein almost 12 years ago

  • Assignee set to Tobias Wich
  • Target version set to 1.0.1
Actions #2

Updated by Tobias Wich almost 12 years ago

  • Status changed from New to Review
  • % Done changed from 0 to 100

Patch is available in 04650df4

Actions #3

Updated by Tobias Wich almost 12 years ago

  • Status changed from Review to Closed
Actions

Also available in: Atom PDF