[SIDP-222] - Template engine used by LDAP and database connectors throw an NPE on startup
[SIDP-224] - Add version information in library JAR manifest and provide command line tool to view it
[SIDP-225] - Credential theft vulnerability in login.jsp
-[SIDP-226] - Cross site scripting vulnerability
\ No newline at end of file
+[SIDP-226] - Cross site scripting vulnerability
+[SIDP-227] - Default relying-party.xml has SAML2-specific security policy rules included in SAML 1 security policies
\ No newline at end of file
<security:Rule xsi:type="samlsec:Replay"/>
<security:Rule xsi:type="samlsec:IssueInstant"/>
<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
- <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
- <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
<security:Rule xsi:type="security:MandatoryMessageAuthentication" />
<security:Rule xsi:type="samlsec:Replay"/>
<security:Rule xsi:type="samlsec:IssueInstant"/>
<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
- <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
- <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
<security:Rule xsi:type="security:MandatoryMessageAuthentication" />
projects / java-idp.git / commitdiff