openid / connect / issues / #142 - Basic - 7.5. Assertion Substitution — Bitbucket

Issue #142 resolved

hideki nara created an issue 2011-09-29

I think that * OP must check client_id and redirect_url to return assertions to proper RP. * RP is recommended to use state or/and UA session cookie to bind returned assertions to proper authz request.

Comments (4)

hideki nara reporter
- edited description
- 2011-09-29T20:23:32+00:00
John Bradley
- assigned issue to
  
  John Bradley
Assertion substitution in SP-800-63 has to do with reordering packets on the wire to attack SOAP etc.

I will look at this again.
- 2011-09-29T21:21:28+00:00
hideki nara reporter
Thank you very much for you information.
- 2011-09-30T03:57:58+00:00
Nat Sakimura
- changed status to resolved
- 2011-10-17T23:24:11+00:00
Log in to comment

Assignee: John Bradley

Type: enhancement

Priority: minor

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!