SAML2 ECP Accept header incorrect
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystoneauth |
Fix Released
|
High
|
Jamie Lennox | ||
python-keystoneclient |
Fix Released
|
High
|
Jamie Lennox |
Bug Description
The first SAML ECP request is to the endpoint with an Accept value containing application/
This has been confirmed by SAML2 working group as a bug in the spec. (Will provide reference for this soon).
This works in Sibolleth because the accept matcher simply does
if 'application/
but fails in mod_auth_mellon which does a more strict type check.
[1] http://
[2] http://
tags: | added: kilo-backport-potential |
Changed in keystoneauth: | |
status: | New → In Progress |
assignee: | nobody → Jamie Lennox (jamielennox) |
Changed in python-keystoneclient: | |
assignee: | Jamie Lennox (jamielennox) → Steve Martinelli (stevemar) |
Changed in python-keystoneclient: | |
assignee: | Steve Martinelli (stevemar) → Jamie Lennox (jamielennox) |
Changed in keystoneauth: | |
importance: | Undecided → High |
Changed in python-keystoneclient: | |
importance: | Undecided → High |
Changed in python-keystoneclient: | |
milestone: | none → 1.7.0 |
status: | Fix Committed → Fix Released |
Changed in keystoneauth: | |
milestone: | none → 2.1.0 |
status: | Fix Committed → Fix Released |
Fix proposed to branch: master /review. openstack. org/216928
Review: https:/