On Fri, Jan 23, 2015 at 4:21 PM, Senduran Balasubramaniyam < sendu...@wso2.com> wrote:
> Hi, > > Even when I add the "UseAuthenticatedUserDomainCrypto" to true in IS, I am > still getting the same exception. > Is this because IS couldn't identify whether it is tenant or admin who has > logged in ? as Malithi mentioned in "[IS] [ES] Signature Validation fails > when tenant logs into SSO enabled Publisher" > Hm..I doubt how something like this could happen. If there is a logged in session, that means there is an associated user who's tenant domain can be determined. Relying on a passed tenant domain is never secure for authenticated users. Anyway, can you talk to me on Monday, so that we can have a look with the property suggested by pushpalanka. /Ruchira -- *Ruchira Wageesha**Associate Technical Lead* *WSO2 Inc. - lean . enterprise . middleware | wso2.com <http://wso2.com>* *email: ruch...@wso2.com <ruch...@wso2.com>, blog: ruchirawageesha.blogspot.com <http://ruchirawageesha.blogspot.com>, mobile: +94 77 5493444*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev