We have discovered PEPS Demo application using samlToken in HTML form when exchanging base64 encoded SAMLAuthRequest and SAMLResponse. According to SAML V2.0 the form control must be named SAMLRequest and SAMLResponse. Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0 If the message is a SAML request, then the form control MUST be named SAMLRequest. If the message is a SAML response, then the form control MUST be named SAMLResponse. Any additional form controls or presentation MAY be included but MUST NOT be required in order for the recipient to process the message.
| Hardware | None |
| Product | S-PEPS |
| Operating System | None |
| Component | Interfaces |
| Version | v1.1 |
| Severity | normal |
| Resolution | None |
| Reporter's email | None |
Category
Bugs
Login or create an account to comment.