Skip to content

Decode and track RequestIds#28

Open
kmacgugan wants to merge 1 commit intoarekinath:developfrom
chef:track-request-id
Open

Decode and track RequestIds#28
kmacgugan wants to merge 1 commit intoarekinath:developfrom
chef:track-request-id

Conversation

@kmacgugan
Copy link
Copy Markdown

@kmacgugan kmacgugan commented Jun 29, 2016

  • When generating an authn request, generate unique ID and store it for
    a certain time (5 minutes).
  • When validating an assertion response, verify that the ID in
    InResponseTo (if present) matches one we know; then forget that one.

Note that both #esaml_response{} and #esaml_assertion{} gets an
in_response_to field: the ID is present in both subtrees of the XML
document; but for validating an assertion response, only esaml_assertion
is used.

We chose not to add an ets table in esaml_utils and instead track the ID within our application, however this could be an option here.

Decode and track RequestIds
8329da5 
* Add ets table for tracking request ID's.
* When generating an authn request, generate unique ID and store it for
  a certain time (5 minutes).
* When validating an assertion response, verify that the ID in
  `InResponseTo` (if present) matches one we know; then forget that one.

Note that both #esaml_response{} and #esaml_assertion{} gets an
`in_response_to` field: the ID is present in _both_ subtrees of the XML
document; but for validating an assertion response, only esaml_assertion
is used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmacgugan