Previous Topic: SAML 2.0 Autopost Forms No Longer Require JavaScript (73858, 83123)Next Topic: Authentication URL Open to Malicious Attacks (74278, 76976, 83114, 83117)

Release NotesFederation Security Services Release NotesFixes in r12 SP1 and SP2SAML 2.0 Error Message For SSO Service Too Detailed (74355, 83122)

SAML 2.0 Error Message For SSO Service Too Detailed (74355, 83122)

Symptom:

Calls to the SAML 2.0 Single Sign-on service that contain incorrect parameters for the Service Provider ID and/or the protocol binding display too much detail in the error message.

STAR Issue: 17444140-01

Solution:

A more generic error message is now displayed in the browser to eliminate any possibility of an attacker gaining information on the correct values of the Service Provider IDs and protocol bindings. The more detailed error message is still logged.