Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
None
-
None
Description
The new OpenID server doesn't encode semicolons in the redirection back to the relying party. For example, a user with a full name of Hello;
&openid.ext1.fullname=Hello;
If the RP treats semicolons as separators (for example, Play!), then this won't pass signature validation. It should be:
&openid.ext1.fullname=Hello%3B