View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005632 | Compliance Test Tool (CTT) Unified Architecture | 1 - Script Issue | public | 2020-05-08 06:47 | 2020-06-03 17:31 |
Reporter | Lauri Saurus | Assigned To | Alexander Allmendinger | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.04.09.394 | ||||
Fixed in Version | 1.03.341.396 | ||||
Summary | 0005632: Security User X509 017.js: Status code Bad_UserSignatureInvalid not accepted | ||||
Description | In test Security -> Security User X509 -> 017.js the only accepted result is Bad_IdentityTokenRejected. Our server currently returns Bad_UserSignatureInvalid. The specification states for Bad_UserSignatureInvalid: "The user token signature is missing or invalid. " I think Bad_UserSignatureInvalid should be the correct status code to return since even the test description says "Specify a valid/trusted user certificate and provide an invalid UserIdentitySignature.". | ||||
Tags | Security | ||||
Files Affected | |||||
related to | 0005625 | closed | Alexander Allmendinger | Security - Security User X509 - 016-js (also 017 and 018) |
|
For a session that is establish with a secure channel, the Bad_UserSignatureInvalid makes sense to return, but is there is not a secure channel (none) then masking what the user error is preferred. recommend to also allow Bad_UserSignatureInvalid |
|
Added the Bad_UserSignatureInvalid to the Accepted Results for Security User X509 / 016, 017 and 018 |
|
reviewed in CMP Call |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-05-08 06:47 | Lauri Saurus | New Issue | |
2020-05-08 06:47 | Lauri Saurus | Tag Attached: Security | |
2020-05-08 16:13 | Paul Hunkar | Note Added: 0012041 | |
2020-05-08 16:13 | Paul Hunkar | Assigned To | => Alexander Allmendinger |
2020-05-08 16:13 | Paul Hunkar | Status | new => assigned |
2020-05-08 16:30 | Paul Hunkar | Relationship added | related to 0005625 |
2020-05-25 20:07 | Alexander Allmendinger | Status | assigned => resolved |
2020-05-25 20:07 | Alexander Allmendinger | Resolution | open => fixed |
2020-05-25 20:07 | Alexander Allmendinger | Fixed in Version | => 1.03.341.396 |
2020-05-25 20:07 | Alexander Allmendinger | Note Added: 0012104 | |
2020-06-03 17:31 | Paul Hunkar | Status | resolved => closed |
2020-06-03 17:31 | Paul Hunkar | Note Added: 0012173 |