#102 REST API allows SPs to be added with illegal names
Closed: Fixed None Opened 8 years ago by nkinder.

The admin pages only allow a SP to be added with a name containing alphanumeric characters. The REST API doesn't have this restriction. This lets you add a SP with an invalid name (like sp.example.test), which will actually work for issuing SAML assertions, but breaks the admin pages. If you attempt to open or delete a SP that has an illegal name in the admin pages, you will get a 404. This effectively means that it is impossible to delete an illegally named SP through any of the supported interfaces.


Fields changed

owner: => nkinder
status: new => accepted

Fields changed

patch_available: 0 => 1

master: 8ffd262

resolution: => fixed
status: accepted => closed

Fields changed

rhbz: => 0

Metadata Update from @nkinder:
- Issue assigned to nkinder
- Issue set to the milestone: 1.0 m4

7 years ago

Login to comment on this ticket.

Metadata