There is a bug in the handling on client IP's to exclude from shared sign-on where it will match IP addresses the admin didn't intend to match. If the admin wishes to match, for example, 192.168.1.2, they will also match 192.168.1.20 and 192.168.1.200. This is because the form doesn't allow $ at the end of the address. Similarly 10.0.0.100 will also match 110.0.0.100 as the ^ symbol is not allowed at the start of the address.

While here I also added support for \ before .'s in the address to allow matches like ^192\.168\.1\...$ for all addresses starting with 192.168.1. followed by a 2 diget number. Without this the address 192.168.11.1 would also match.

CommentFileSizeAuthor
sso-extra-chars-ip.patch1.02 KBzxombie

Comments

duaelfr’s picture

duaelfr
he/him
Primary language French
Location Montpellier, France
commented
Status: Needs review » Closed (won't fix)

This version of Shared Sign-On is not supported anymore. The issue is closed for this reason.
Please upgrade to a supported version and feel free to reopen the issue on the new version if applicable.

This issue has been automagically closed by a script.