Bug #23

IssuerID is not required on SAML RequestAbstractType

Added by S M 3128 days ago. Updated 3038 days ago.

Status:Closed Start:04/29/2009
Priority:Normal Due date:
Assigned to:- % Done:

100%

Category:ESOE Core Spent time: -
Target version:0.9.5

Description

project esoecore, class AuthenticationAuthorityProcessorBase, method execute():

In the following line:

data.setIssuerID(data.getAuthnRequest().getIssuer().getValue());

you assume that the request always has an issuer-id != null.

Actually this is not a must, because at this point the SAML request wasn`'t validated. I saw in your JUNit tests that you always set an issuer, but IMHO this must not always be set. Especially if you test with the Google sample/SDK, ypu will hit a null-reference exception at this line. So I patched it by checking for not null.

History

Updated by S M 3106 days ago

  • Category set to ESOE Core

Updated by S M 3105 days ago

  • Target version set to 0.9.5

Updated by S M 3038 days ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Applied in changeset r1433.

Also available in: Atom PDF