[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772178#comment-16772178
]
Colm O hEigeartaigh commented on FEDIZ-232:
---
This will be fixed for the Spring + CXF plugins
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699348#comment-16699348
]
ASF GitHub Bot commented on FEDIZ-232:
--
coheigea commented on a change in pull request #35: FEDIZ-232
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16688229#comment-16688229
]
ASF GitHub Bot commented on FEDIZ-232:
--
pedromfalves opened a new pull request #35: FEDIZ-232 added
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686772#comment-16686772
]
Pedro Alves commented on FEDIZ-232:
---
In our case the STS is signing the assertion and the IdP just wraps
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686575#comment-16686575
]
Colm O hEigeartaigh commented on FEDIZ-232:
---
Why can't your IdP insert the InResponseTo when
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686472#comment-16686472
]
Pedro Alves commented on FEDIZ-232:
---
1 - Thanks for clarifying. I created FEDIZ-233 to continue the
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16685411#comment-16685411
]
Colm O hEigeartaigh commented on FEDIZ-232:
---
# This is not really a bug as such but probably a
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16684034#comment-16684034
]
Pedro Alves commented on FEDIZ-232:
---
Thank you for your reply, [~coheigea]
Additionally, we are also
[
https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16651457#comment-16651457
]
Colm O hEigeartaigh commented on FEDIZ-232:
---
Yes the CSRF style attacks are valid, see previous