Release of "target" in VOMS proxy is not checked

indigo-iam / iam

INDIGO Identity and Access Management Service

https://indigo-iam.github.io/

Other

99 stars 43 forks source link

Release of "target" in VOMS proxy is not checked #723

Open federicaagostini opened 3 months ago

federicaagostini commented 3 months ago

When a user asks for a target during voms-proxy-init, it appears in the VOMS proxy without any further check. For instance, this test should be green.

Add checks on the target parameter as per specification.

giacomini commented 3 months ago

In fact the check in voms-proxy-init (C/C++ version) is probably wrong, since the target represents where the proxy will be used, not where it is generated; it corresponds to the audience in tokens.

federicaagostini commented 2 months ago

Reference about target parameter: https://datatracker.ietf.org/doc/html/rfc3281#section-4.3.2

enricovianello commented 2 months ago

VOMS-aa should check that the requested target is not an empty string (according with GeneralName definition). The failing test should be fixed expecting a successful voms-proxy-init