[Openid-specs-ab] Issue #872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki (openid/connect)
Phuong Le
issues-reply at bitbucket.org
Tue Sep 17 15:43:58 UTC 2013
New issue 872: session 4.1. Opbs is unclear and conflict with "session management memo" on wiki
https://bitbucket.org/openid/connect/issue/872/session-41-opbs-is-unclear-and-conflict
Phuong Le:
Regarding to the spec on [openid-connect-session-1_0-15.html](http://openid.net/specs/openid-connect-session-1_0-15.html), The session_state = CryptoJS.SHA256(client_id + ' ' + e.origin + ' ' +
opbs + [' ' + salt]) [+ "." + salt]
where opbs is browser state. Besides, opbs' type is unclear, I am not sure if it is a random string or not.
Ortherwise, regarding to the "session management memo" on [https://bitbucket.org/openid/connect/wiki/session%20management%20memo](https://bitbucket.org/openid/connect/wiki/session%20management%20memo), the session_state = sha256(client_id + origin + idp_session_state + salt) + "." + salt.
where obps above is replaced with "idp_session_state" and its value is defined as 1 of 3 values only.
Could you please make it clear?
Responsible: mbj
More information about the Openid-specs-ab
mailing list