-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.2.X, Master
-
Fix Version/s: 7.2.X, 7.2.1 CE GA2
-
Component/s: Application Security > SAML
-
Labels:
-
Branch Version/s:7.2.x
-
Backported to Branch:Committed
-
Fix Priority:4
-
Git Pull Request:
Steps to reproduce:
1) Configure two Liferay 7.2 GA1 Liferay instances with the plugin Liferay Connector to SAML 2.0 (version 5.0.0) in order to have one as an Identity provider and the other one as a Service Provider
2) To test sign in from SP and then inspect the Response xml received from Liferay SAML IdP.
Expected result: SubjectConfirmationData should have 'InResponseTo' attribute as we had on 6.2 as follows:
(Note: This is an example result of my test executed on 6.2)
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">csilla@csilla.com</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_aa76fae68b758326d7f7d4ca259e029285af11a1"
NotOnOrAfter="2019-09-05T10:11:53.326Z" Recipient="http://sp:8080/c/portal/saml/acs"/></saml2:SubjectConfirmation>
Actual result: SubjectConfirmationData does not have 'InResponseTo' attribute as follows:
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">csilla@csilla.com</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2019-09-04T07:19:58.448Z"
Recipient="http://sp:8080/c/portal/saml/acs"/></saml2:SubjectConfirmation>
Reproduced on
7.2 GA1
7.2X 350296f49e64c44d789c00bee1e4833c10d38cd3
Could not test on master
Also tested the behavior on 6.2 liferay-portal-6.2-ee-sp18 -here we have the attribute InResponseTo