Description
SAML assertion validation doesn't validate roles that come in SAML attributes good enough.
It currently only checks that roles can be parsed (role syntax is ok), but doesn't check the semantics. For example, it doesn't check if roles have all required parameters.
This can lead to SAML authentication crash when those incorrect roles are used.
Attachments
Issue Links
- relates to
-
MB-24487 SAML SSO authentication for Couchbase Admin UI
- Closed
For Gerrit Dashboard: MB-60030 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
202179,8 | MB-60030: [SAML] Fix roles validation | master | ns_server | Status: MERGED | +2 | +1 |