Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-11072

Allow customization of request parameter used to check CSRF state

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.3
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      In OAuth standard, the request parameter to check the CSRF state in the callback is "state".
      But in other authentication system, for instance SAML, this parameter is different ("RelayState" in the case of SAML).

      The IdentityProvider API should then allow to customize this parameter.

        Attachments

          Activity

            People

            Assignee:
            julien.lancelot Julien Lancelot
            Reporter:
            julien.lancelot Julien Lancelot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: