Skip to content

check for triple slash in URL of endpoints #7

Open
ghost opened this issue Apr 2, 2019 · 3 comments
Open

check for triple slash in URL of endpoints #7

ghost opened this issue Apr 2, 2019 · 3 comments

Comments

@ghost
Copy link

@ghost ghost commented Apr 2, 2019

We had a case of an ACS endpoint that was https:///Shibboleth.sso/SAML2/ECP because the site administrator forgot the hostname. This caused problems with a downstream consumer of the metadata.

It would be good to check for and filter this form of malformed URL too.

@nroy
Copy link

@nroy nroy commented Apr 2, 2019

I think we should check for correctly-formed schemes (http://, https://) and non-relative paths (/ immediately after https://, for example, is a relative path). We can't check for valid hostnames due to some people (validly) putting their IdP behind a firewall or in a local-only domain, which does not cause interop problems for front-channel flows.

@iay
Copy link
Contributor

@iay iay commented Aug 30, 2019

Sorry to take so long to comment, turned out I had forgotten to watch this version of the repository...

We should indeed check for valid URLs in endpoints. The current ad hoc checks miss a lot of possible errors. The good news is that we have a validation framework in place in inc-mda that will be upstreamed to the MDA 0.10 release, that will make writing this kind of more generic test (in Java, not in XSLT as the present ones are) much easier.

There's also a related issue here on ukf-mda.

@iay
Copy link
Contributor

@iay iay commented Sep 2, 2019

There's another related issue in the upstream GitLab (private). For my reference: ukf/ukf-meta#186.

Sign in to join this conversation on GitHub.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.