511fa8b Fix SAML2 multi-session vulnerability

Authored and Committed by puiterwijk 2 years ago
    Fix SAML2 multi-session vulnerability
    
    This resolves an issue where Ipsilon can be requested to initiate logout
    sessions for all currently open sessions, regardless of currently logged
    in user.
    
    Fixes: CVE-2016-8638
    Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
    Reviewed-by: Howard Johnson <merlin@merlinthp.org>
    Reviewed-by: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+5 -4