TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
next
zitadel/internal/api/grpc/management
History
Livio Spring 35df5f61fc
fix(saml): improve error handling (#8928) 
# Which Problems Are Solved

There are multiple issues with the metadata and error handling of SAML:
- When providing a SAML metadata for an IdP, which cannot be processed,
the error will only be noticed once a user tries to use the IdP.
- Parsing for metadata with any other encoding than UTF-8 fails.
- Metadata containing an enclosing EntitiesDescriptor around
EntityDescriptor cannot be parsed.
- Metadata's `validUntil` value is always set to 48 hours, which causes
issues on external providers, if processed from a manual down/upload.
- If a SAML response cannot be parsed, only a generic "Authentication
failed" error is returned, the cause is hidden to the user and also to
actions.

# How the Problems Are Solved

- Return parsing errors after create / update and retrieval of an IdP in
the API.
- Prevent the creation and update of an IdP in case of a parsing
failure.
- Added decoders for encodings other than UTF-8 (including ASCII,
windows and ISO, [currently
supported](efd25daf28/encoding/ianaindex/ianaindex.go (L156)))
- Updated parsing to handle both `EntitiesDescriptor` and
`EntityDescriptor` as root element
- `validUntil` will automatically set to the certificate's expiration
time
- Unwrapped the hidden error to be returned. The Login UI will still
only provide a mostly generic error, but action can now access the
underlying error.

# Additional Changes

None

# Additional Context

reported by a customer

(cherry picked from commit ffe9570776)
2024-12-03 11:42:58 +01:00
..
integration_test chore: improve integration tests (#8727) 2024-10-17 21:20:57 +00:00
actions_converter.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
actions.go fix: error handling to prevent panics (#8248) 2024-07-04 14:11:06 +00:00
auth_checks.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
custom_text_converter.go feat: invite user link (#8578) 2024-09-11 10:53:55 +00:00
custom_text.go feat: invite user link (#8578) 2024-09-11 10:53:55 +00:00
flow.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
iam.go fix(query): realtime data on defined requests (#3726) 2022-06-14 07:51:00 +02:00
idp_converter_test.go feat: V2 alpha import and export of organizations (#3798) 2022-07-28 13:42:35 +00:00
idp_converter.go fix(saml): improve error handling (#8928) 2024-12-03 11:42:58 +01:00
idp.go fix: generalise permission check for query user information (#8458) 2024-08-23 06:44:18 +00:00
information.go feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00
language.go refactor(fmt): run gci on complete project (#7557) 2024-04-03 10:43:43 +00:00
oneof.go feat: protos refactoring 2021-03-09 10:30:11 +01:00
org_converter.go fix(api): correct mapping of metadata queries (#7609) 2024-03-21 14:56:58 +00:00
org.go feat: org v2 ListOrganizations (#8411) 2024-08-15 06:37:06 +02:00
policy_label_converter.go feat: add attribute to only enable specific themes (#6798) 2023-10-26 05:54:09 +00:00
policy_label.go feat: remove org (#4148) 2022-11-30 17:01:17 +01:00
policy_lockout_converter.go feat: provide option to limit (T)OTP checks (#7693) 2024-04-10 09:14:55 +00:00
policy_lockout.go feat: provide option to limit (T)OTP checks (#7693) 2024-04-10 09:14:55 +00:00
policy_login_converter.go feat: allow to force MFA local only (#6234) 2023-07-20 04:06:16 +00:00
policy_login.go fix: keep user idp links (#7079) 2023-12-19 10:25:50 +00:00
policy_notification.go feat: add notification policy and password change message (#5065) 2023-01-25 09:49:41 +01:00
policy_password_age_converter.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
policy_password_age.go feat: remove org (#4148) 2022-11-30 17:01:17 +01:00
policy_password_complexity_converter.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
policy_password_complexity.go feat: remove org (#4148) 2022-11-30 17:01:17 +01:00
policy_privacy_converter.go feat(cnsl): docs link can be customized and custom button is available (#7840) 2024-05-13 16:01:50 +02:00
policy_privacy.go feat: remove org (#4148) 2022-11-30 17:01:17 +01:00
project_application_converter.go feat(OIDC): add back channel logout (#8837) 2024-10-31 15:57:17 +01:00
project_application.go feat(crypto): use passwap for machine and app secrets (#7657) 2024-04-05 09:35:49 +00:00
project_converter.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
project_grant_converter.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
project_grant.go perf: user grant owner removed (#6962) 2024-01-08 15:26:30 +00:00
project.go perf: user grant owner removed (#6962) 2024-01-08 15:26:30 +00:00
replacer.md feat: protos refactoring 2021-03-09 10:30:11 +01:00
server.go feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00
user_converter.go feat: allow machine user id to be set during creation (#8265) 2024-07-16 09:27:37 +02:00
user_grant_converter.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
user_grant.go perf: user grant owner removed (#6962) 2024-01-08 15:26:30 +00:00
user.go fix: generalise permission check for query user information (#8458) 2024-08-23 06:44:18 +00:00