zitadel

mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 20:08:02 +00:00

History

Stuart Douglas 81920e599b fix(SAML): log underlying error if SAML response validation fails (#8721 ) # Which Problems Are Solved If SAML response validation in crewjam/saml fails, a generic "Authentication failed" error is thrown. This makes it challenging to determine the actual cause, since there are a variety of reasons response validation may fail. # How the Problems Are Solved Add a log statement if we receive a response validation error from crewjam/saml that logs the internal `InvalidResponseError.PrivateErr` error from crewjam/saml to stdout. We continue to return a generic error message to the client to prevent leaking data. Verified by running `go test -v ./internal/idp/providers/saml` in verbose mode, which output the following line for the "response_invalid" test case: ``` time="2024-10-03T14:53:10+01:00" level=info msg="invalid SAML response details" caller="/Users/sdouglas/Documents/thirdparty-repos/zitadel/internal/idp/providers/saml/session.go:72" error="cannot parse base64: illegal base64 data at input byte 2" ``` # Additional Changes None # Additional Context - closes #8717 --------- Co-authored-by: Stuart Douglas <sdouglas@hopper.com>		2024-10-11 07:04:15 +00:00
..
requesttracker	feat: add SAML as identity provider (#6454 )	2023-09-29 11:26:14 +02:00
mapper.go	feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979 )	2024-05-23 05:04:07 +00:00
saml_test.go	feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979 )	2024-05-23 05:04:07 +00:00
saml.go	feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979 )	2024-05-23 05:04:07 +00:00
session_test.go	fix(SAML): check on empty nameID (#8714 )	2024-10-03 08:17:33 +00:00
session.go	fix(SAML): log underlying error if SAML response validation fails (#8721 )	2024-10-11 07:04:15 +00:00