Project

General

Profile

Actions
Copy link

Bug #182

closed

Host misses serverPort

Added by Marcel Selhorst about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Wich
Target version:
1.0.1
Start date:
03/15/2013
Due date:
% Done:

100%

Estimated time:
Reviewer:
Build Version:

Description

Incoming HTTP GET calls miss the server port information within the HTTP HOST HEADER.
This leads to Verification Errors of the SAMLResponse, since the destination, recipient and audienceRestriction will not comply to the given host value.
Here two examples (tested with Tomcat)

================================================= ================== AUSWEIS APP ================= =================================================
Server Name: dev-selhomar01
Remote Host: 172.20.109.172
Query String: SAMLResponse=[...]
Request URL: https://dev-selhomar01:1443/bdr-demo-sp-1.0.0-SNAPSHOT/saml/Response
PathInfo: /Response ================
HEADER-LIST ================
user-agent:Java/1.7.0_09
host:dev-selhomar01:1443
accept:text/html, image/gif, image/jpeg, ; q=.2, */; q=.2
connection:keep-alive

================================================= ================ Open-eCard-App ================ =================================================
Server Name: dev-selhomar01
Remote Host: 172.20.109.172
Query String: SAMLResponse=[...]
Request URL: https://dev-selhomar01/bdr-demo-sp-1.0.0-SNAPSHOT/saml/Response
PathInfo: /Response ================
HEADER-LIST ================
connection:keep-alive
user-agent:Open-eCard-App/1.0.1-SNAPSHOT
host:dev-selhomar01
accept:text/xml, */*;q=0.8
accept-charset:utf-8, *;q=0.8 ================

Actions
Copy link

Also available in: Atom PDF