Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML 2.0 HTTP Redirect Binding query params may appear in any order #12963

Closed
wants to merge 0 commits into from
Closed

SAML 2.0 HTTP Redirect Binding query params may appear in any order #12963

wants to merge 0 commits into from
+0 −0

Conversation

lukaszmigdalek
Copy link
Contributor

According to my latest comment:
#12346 (comment)

SAML 2.0 HTTP Redirect Binding specification says that query params may appear in any order.
"Note that when verifying signatures, the order of the query string parameters on the resulting URL to be
verified is not prescribed by this binding. The parameters may appear in any order. Before verifying a
signature, if any, the relying party MUST ensure that the parameter values to be verified are ordered as
required by the signing rules above."

Added support for a different order of query params based on the previous implementation:
88f9529

gh-12346
#12346

@pivotal-cla
Copy link

@lukaszmigdalek Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-cla
Copy link

@lukaszmigdalek Thank you for signing the Contributor License Agreement!

@lukaszmigdalek lukaszmigdalek mentioned this pull request Apr 3, 2023
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 3, 2023
@jzheaux jzheaux closed this May 15, 2023
@jzheaux jzheaux self-assigned this May 15, 2023
@jzheaux jzheaux added type: bug A general bug in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels May 15, 2023
@jzheaux jzheaux added this to the 5.8.4 milestone May 15, 2023
@jzheaux
Copy link
Contributor

jzheaux commented May 15, 2023
edited
Loading

Thanks, @lukaszmigdalek, for the PR. This is now merged into 5.8.x, 6.0.x, and main in f491589. It will go out in 5.8.4, 6.0.4, and 6.1.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Projects
None yet
Milestone
5.8.4
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@lukaszmigdalek @pivotal-cla @jzheaux @spring-projects-issues