CSA-6 Fix/remove artifact binding (#1885)

* Remove artifact binding, add validation * Re-add JSON properties but eviscerate them
2025-12-22 19:23:45 +00:00 · 2022-02-28 13:43:49 -05:00
parent 3cefd5fd5d
commit a7a39fb54d
5 changed files with 10 additions and 21 deletions
--- a/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
+++ b/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
@@ -400,10 +400,6 @@ namespace Bit.Core.Business.Sso
            {
                idp.SingleLogoutServiceUrl = new Uri(config.IdpSingleLogoutServiceUrl);
            }
-            if (!string.IsNullOrWhiteSpace(config.IdpArtifactResolutionServiceUrl))
-            {
-                idp.ArtifactResolutionServiceUrls.TryAdd(0, new Uri(config.IdpArtifactResolutionServiceUrl));
-            }
            if (!string.IsNullOrWhiteSpace(config.IdpOutboundSigningAlgorithm))
            {
                idp.OutboundSigningAlgorithm = config.IdpOutboundSigningAlgorithm;
@@ -413,6 +409,7 @@ namespace Bit.Core.Business.Sso
                var cert = CoreHelpers.Base64UrlDecode(config.IdpX509PublicCert);
                idp.SigningKeys.AddConfiguredKey(new X509Certificate2(cert));
            }
+            idp.ArtifactResolutionServiceUrls.Clear();
            // This must happen last since it calls Validate() internally.
            idp.LoadMetadata = false;

@@ -461,7 +458,6 @@ namespace Bit.Core.Business.Sso
            {
                Saml2BindingType.HttpRedirect => Sustainsys.Saml2.WebSso.Saml2BindingType.HttpRedirect,
                Saml2BindingType.HttpPost => Sustainsys.Saml2.WebSso.Saml2BindingType.HttpPost,
-                Saml2BindingType.Artifact => Sustainsys.Saml2.WebSso.Saml2BindingType.Artifact,
                _ => Sustainsys.Saml2.WebSso.Saml2BindingType.HttpPost,
            };
        }