Subversion Status
ChangeLog
| 15:27 | bdauvergne | rev 4935 | [SAMLv2/SSO] when processing AuthnResponse with binding HTTP-Post only the assertion need to be signed If the message is signed, the assertion is also covered, but if only the assertion is signed, there is no error to report. If the caller ask for forcing the validation of message signature, then we report an error. This commit also add checking for the binding used, if it is not HTTP-Post lasso_login_process_authn_response_msg will now report an error. |
Copyright © 2004-2007 Entr'ouvert