Isn't it necessary to check the destination XML attribute of the root SAML element of the protocol? #335
Unanswered
dogharrycatpotter
asked this question in
Q&A
Replies: 1 comment 3 replies
-
It isn't implemented because no one has done it yet. There is no development team to implement feature requests. If you'd like to see this, please submit a PR referencing this Discussion and I'll do my best to help it get landed. |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The following is an excerpt from 3.5.5.2 Security Considerations on the site.
https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
This check is a MUST according to the Oasis text.
However, there currently appears to be no implementation of this check.
Are there any plans to add this check?
Also, if there are no plans to add it, why is it not implemented even though it is a MUST?
Beta Was this translation helpful? Give feedback.
All reactions