From 8f0606ea27f784ffcf78874a6842682da7c34048 Mon Sep 17 00:00:00 2001 From: scantor Date: Mon, 21 Feb 2011 03:12:18 +0000 Subject: [PATCH] Tagging 2.4.2 release. git-svn-id: https://svn.shibboleth.net/cpp-sp/tags/2.4.2@3406 cb58f699-b61c-0410-a6fe-9272a202ed29 --- doc/README.txt | 2 -- shibsp/handler/impl/AbstractHandler.cpp | 6 +++++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/README.txt b/doc/README.txt index 4b7a0eb..1c88f88 100644 --- a/doc/README.txt +++ b/doc/README.txt @@ -1,5 +1,3 @@ -Version 2.4.1 - Welcome to Internet2's Shibboleth Shibboleth is a federated web authentication and attribute exchange system diff --git a/shibsp/handler/impl/AbstractHandler.cpp b/shibsp/handler/impl/AbstractHandler.cpp index 967351b..4944e0c 100644 --- a/shibsp/handler/impl/AbstractHandler.cpp +++ b/shibsp/handler/impl/AbstractHandler.cpp @@ -118,7 +118,7 @@ namespace shibsp { const PropertySet* sessionProps = application.getPropertySet("Sessions"); if (sessionProps) { pair relayStateLimit = sessionProps->getString("relayStateLimit"); - if (relayStateLimit.first) { + if (relayStateLimit.first && strcmp(relayStateLimit.second, "none")) { vector whitelist; if (!strcmp(relayStateLimit.second, "exact")) { // Scheme and hostname have to match. @@ -159,6 +159,10 @@ namespace shibsp { } } } + else { + log.warn("unrecognized relayStateLimit policy (%s), blocked redirect to (%s)", relayStateLimit.second, relayState); + throw opensaml::SecurityPolicyException("Unrecognized relayStateLimit setting."); + } for (vector::const_iterator w = whitelist.begin(); w != whitelist.end(); ++w) { if (XMLString::startsWithI(relayState, w->c_str())) { -- 2.1.4