Release NotesFederation Security Services Release NotesDefects Fixed in the Web Agent 6.x QMR 5 Option PackFixes for Web Agent 6.x QMR 5 Option Pack › Single Sign-on Error Messages Displayed in the Browser Were Too Detailed (74355)

Previous Topic: FWS Log Incorrectly Displayed Cause of Error (84060)

Next Topic: SAML 2.0 Autopost Forms Required JavaScript (73858)
Single Sign-on Error Messages Displayed in the Browser Were Too Detailed (74355)

Symptom:

When requests to the SAML 2.0 Single Sign-on Service contain incorrect parameters for the Service Provider ID or the protocol binding in the request URL, an error message is displayed in the browser that contains too much detail and might allow an unauthorized user to gain information on which SP ID and protocol bindings are valid.

Solution:

The code has been modified to send a generic error message along with the HTTP error code to the browser and write the SiteMinder error detail only to the FWS Trace log.