Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Settings for Destination URL Validation #371

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

cb-abhisek
Copy link

Add support to control & optionally disable Destination URL validation using a settings flag. The validation is enabled by default to ensure secure by default configuration. However provide an option to the library user to explicitly disable destination URL validation if required.

@cb-manideep
Copy link

+1 Need this feature for me as well. It is supported in php library: https://github.com/onelogin/php-saml

@mauromol
Copy link
Contributor

Disclaimer: I'm not a maintainer and I don't know whether this change is desirable or not. Maybe a hint on why one may desire to disable this validation (which is mandated by SAML specification) would help though to understand the usage scenario.

Just a little note: perhaps the setter should better be called Saml2Settings.setWantDestinationUrlValidation(String)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants