Lock down the SSO handler to more specific URLs. Bugzilla #373
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 8 Jul 2005 15:23:56 +0000 (15:23 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 8 Jul 2005 15:23:56 +0000 (15:23 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1692 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/conf/dist.idp.xml

index 1a8d490..8b33370 100644 (file)
@@ -96,7 +96,7 @@
        <!-- Protocol handlers specify what type of requests the IdP can respond to.  The default set listed here should work 
                for most configurations.  Modifications to this section may require modifications to the deployment descriptor -->
        <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
-               <Location>.+/shibboleth-idp/SSO</Location>
+               <Location>https?://[^:]+(:443|:80|)/shibboleth-idp/SSO</Location> <!-- regex works when using default protocol ports -->
        </ProtocolHandler>
        <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
                <Location>.+:8443/shibboleth-idp/AA</Location>