-
IdP registration is currently same-origin, I believe. With the relaxation of the login status API to using same-site over same-origin (https://github.com/fedidcg/FedCM/pull/538), I wondered if the sam…
-
In the saml2/login endpoint when using 3rd party SSO, the idp parameter is vulnerable to cross-site scripting injection due to insufficient input sanitization.
Proof of Concept:
Visit the URL end…
-
- upgrade to v5 occur on the v4 instance as recommended by Shibboleth. To do this we could add a new option to the v4 installer to kickstart the v5 upgrade.
- having some config that we recommend th…
trsau updated
3 months ago
-
There are many scenarios in which the user is logged in to the IdP but the IdP does not want to issue a token in the assertion endpoint response, such as wanting to re-authenticate the user, or needin…
-
### What would you like to be added?
Hi,
I've done the following setup:
- Okta OIDC provider (IDP);
- AWS ALB with SSL termination;
- oauth2-proxy for authentication (Helm chart v7.4.1);
- Kuber…
-
Let's learn how Keycloak works and what it will take to get it running locally for development and what it required to have it running in Skylight AWS so that the demo instance on dibbs.cloud has an I…
-
When you try to register a Provider through the UI, there is no option for choosing the text that will be shown in the UI. This can be set in the backend by setting the `label` field in the IdP config…
-
Currently the IdP has no way to return errors back to FedCM from neither the `id_assertion_endpoint` nor from within the Continuation API popup.
The only fulfillable response from is 200 OK that m…
panva updated
5 months ago
-
Allow user provisioning / access to be controlled via a separate IdP.
-
[This issue is imported from pivotal - Originaly created at Jan 31, 2024 by Henny Bekker](https://www.pivotaltracker.com/story/show/186952433)
The value of the subject-id is not shown in the \'Attrib…