Ticket #59 (closed enhancement: fixed)

Opened 10 months ago

Last modified 10 months ago

Provide a configuration option for RPs to automatically reject unsolicited assertions

Reported by: http://blog.nerdbank.net/ Owned by: http://blog.nerdbank.net/
Priority: major Milestone: v3.2 RTW
Component: OpenID Version:
Keywords: Cc:

Description

The government security profile may require that RPs reject unsolicited assertions. While RPs using DNOA today can already do that, we can help mitigate DoS attacks by skipping the check_auth step if it is determined that the incoming assertion was unsolicited anyway.

Change History

Changed 10 months ago by http://blog.nerdbank.net/

Perhaps generalize this to allow RPs to filter all assertions before check_auth messages are sent, so that assertions that don't meet the RP's custom requirements don't bog down the system with outgoin check_auth messages whose result won't be used anyway.

Changed 10 months ago by http://blog.nerdbank.net/

  • status changed from new to accepted

Feature written. Tests to still write.

Changed 10 months ago by http://blog.nerdbank.net/

  • status changed from accepted to closed
  • resolution set to fixed

master 9c9792d

Note: See TracTickets for help on using tickets.