Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.5.6, 2.6.3, 2.7
-
None
-
Unknown
Description
The HolderOfKey check that is done when a SAML Assertion is received via a JAX-RS SAML interceptor does not work when TLS is used. This is due to the following check:
if (tlsCerts == null || sig == null)
"sig" will always be null for the TLS case.