[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772178#comment-16772178 ] Colm O hEigeartaigh commented on FEDIZ-232: --- This will be fixed for the Spring + CXF plugins

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699348#comment-16699348 ] ASF GitHub Bot commented on FEDIZ-232: -- coheigea commented on a change in pull request #35: FEDIZ-232

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16688229#comment-16688229 ] ASF GitHub Bot commented on FEDIZ-232: -- pedromfalves opened a new pull request #35: FEDIZ-232 added

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686772#comment-16686772 ] Pedro Alves commented on FEDIZ-232: --- In our case the STS is signing the assertion and the IdP just wraps

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686575#comment-16686575 ] Colm O hEigeartaigh commented on FEDIZ-232: --- Why can't your IdP insert the InResponseTo when

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16686472#comment-16686472 ] Pedro Alves commented on FEDIZ-232: --- 1 - Thanks for clarifying. I created FEDIZ-233 to continue the

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16685411#comment-16685411 ] Colm O hEigeartaigh commented on FEDIZ-232: --- # This is not really a bug as such but probably a

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16684034#comment-16684034 ] Pedro Alves commented on FEDIZ-232: --- Thank you for your reply, [~coheigea] Additionally, we are also

[jira] [Commented] (FEDIZ-232) 'wctx' parameter mandatory but protocol does not require

[ https://issues.apache.org/jira/browse/FEDIZ-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16651457#comment-16651457 ] Colm O hEigeartaigh commented on FEDIZ-232: --- Yes the CSRF style attacks are valid, see previous