SIDP-27: Default relying-party.xml has SAML2-specific security policy rules included...
authorputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Sep 2008 19:16:47 +0000 (19:16 +0000)
committerputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Sep 2008 19:16:47 +0000 (19:16 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2769 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/installer/resources/conf-tmpl/relying-party.xml

index bf1ce3b..6d13a54 100644 (file)
@@ -27,4 +27,5 @@ Changes in Release 2.1.0
 [SIDP-222] - Template engine used by LDAP and database connectors throw an NPE on startup
 [SIDP-224] - Add version information in library JAR manifest and provide command line tool to view it
 [SIDP-225] - Credential theft vulnerability in login.jsp
-[SIDP-226] - Cross site scripting vulnerability
\ No newline at end of file
+[SIDP-226] - Cross site scripting vulnerability
+[SIDP-227] - Default relying-party.xml has SAML2-specific security policy rules included in SAML 1 security policies
\ No newline at end of file
index ed623ea..07e950f 100644 (file)
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
         <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
         <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
         <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
         <security:Rule xsi:type="security:MandatoryMessageAuthentication" />