check for triple slash in URL of endpoints #7

ghost · 2019-04-02T15:28:15Z

We had a case of an ACS endpoint that was https:///Shibboleth.sso/SAML2/ECP because the site administrator forgot the hostname. This caused problems with a downstream consumer of the metadata.

It would be good to check for and filter this form of malformed URL too.

nroy · 2019-04-02T18:38:43Z

I think we should check for correctly-formed schemes (http://, https://) and non-relative paths (/ immediately after https://, for example, is a relative path). We can't check for valid hostnames due to some people (validly) putting their IdP behind a firewall or in a local-only domain, which does not cause interop problems for front-channel flows.

iay · 2019-08-30T14:02:28Z

Sorry to take so long to comment, turned out I had forgotten to watch this version of the repository...

We should indeed check for valid URLs in endpoints. The current ad hoc checks miss a lot of possible errors. The good news is that we have a validation framework in place in inc-mda that will be upstreamed to the MDA 0.10 release, that will make writing this kind of more generic test (in Java, not in XSLT as the present ones are) much easier.

There's also a related issue here on ukf-mda.

iay · 2019-09-02T10:08:47Z

There's another related issue in the upstream GitLab (private). For my reference: ukf/ukf-meta#186.

InCommon / inc-meta

check for triple slash in URL of endpoints #7

check for triple slash in URL of endpoints #7

ghost commented Apr 2, 2019

nroy commented Apr 2, 2019

iay commented Aug 30, 2019

iay commented Sep 2, 2019

InCommon / inc-meta

check for triple slash in URL of endpoints #7

check for triple slash in URL of endpoints #7

Comments

ghost commented Apr 2, 2019

nroy commented Apr 2, 2019

iay commented Aug 30, 2019

iay commented Sep 2, 2019