First Last Prev Next    This bug is not in your last search results.
Bug 52338 - UMC-Web-Server: don't store relay state dictionary
UMC-Web-Server: don't store relay state dictionary
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Florian Best
Dirk Wiesenthal
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-11-09 16:58 CET by Florian Best
Modified: 2020-11-25 12:08 CET (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Large environments, UCS Performance
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-11-09 16:58:24 CET 
We are currently storing a dictionary relay_state between the SAML AuthNRequest and the response to it to redirect the user back to the location where he came from.

Instead, this is regular SAML behavior, we should just set the URL/path as relay state.

Then we don't leak a never removed dictionary entry in case the user never comes back. (And we currently don't seem to remove it at all ever).
Comment 1 Florian Best univentionstaff 2020-11-09 17:11:53 CET 
Fixed in:

univention-management-console.yaml
34b46e2fc39d | YAML Bug #52338

univention-management-console (11.0.5-11)
ad51dd79f9b7 | Bug #52338: do not store relay state between requests
Comment 2 Dirk Wiesenthal univentionstaff 2020-11-18 14:46:56 CET 
OK: Login flow still works
OK: Code
OK: YAML
First Last Prev Next    This bug is not in your last search results.