Silently ignore NAI when ID selector provides invalid NAI
Bug #1500948 reported by
Mark Donnelly
This bug report is a duplicate of:
Bug #1500945: Issuer of issuer, user of user@issuer fails.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Project Moonshot |
New
|
Undecided
|
Unassigned |
Bug Description
When a user sets up an ID card with:
Issuer: user@domain
User: user
and then selects it for a service in the ID Selector, the selector emits user@user@domain, which is not a valid NAI. The end result is that the system silently rejects the invalid NAI and moves on to using the .gss_eap_id.
The system should notice that the ID selector attempted to provide an NAI, and log the invalid NAI provided. It should then fail the GSS session, as the result of moving on to .gss_eap_id will only ever give the result that the user wanted by coincidence.
To post a comment you must log in.