Issue 206 in openid4java: org.openid4java.server.IncrementalNonceGenerator is not cluster-safe
6 views
Skip to first unread message
codesite...@google.com
Dec 19, 2013, 8:47:11 AM12/19/13
to openid4java-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 206 by cedrik.l...@gmail.com:
org.openid4java.server.IncrementalNonceGenerator is not cluster-safe
http://code.google.com/p/openid4java/issues/detail?id=206
In case there are several OpenID providers in a cluster (e.g. using the
JdbcServerAssociationStore), the default IncrementalNonceGenerator can lead
to having the same openid.response_nonce for different requests. Additional
entropy is needed to prevent such a situation.
See attached file for a fix.
Attachments:
RandomNonceGenerator.java 1.2 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 206 by cedrik.l...@gmail.com:
org.openid4java.server.IncrementalNonceGenerator is not cluster-safe
http://code.google.com/p/openid4java/issues/detail?id=206
In case there are several OpenID providers in a cluster (e.g. using the
JdbcServerAssociationStore), the default IncrementalNonceGenerator can lead
to having the same openid.response_nonce for different requests. Additional
entropy is needed to prevent such a situation.
See attached file for a fix.
Attachments:
RandomNonceGenerator.java 1.2 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages