mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-16 04:48:04 +00:00
81920e599b
# Which Problems Are Solved If SAML response validation in crewjam/saml fails, a generic "Authentication failed" error is thrown. This makes it challenging to determine the actual cause, since there are a variety of reasons response validation may fail. # How the Problems Are Solved Add a log statement if we receive a response validation error from crewjam/saml that logs the internal `InvalidResponseError.PrivateErr` error from crewjam/saml to stdout. We continue to return a generic error message to the client to prevent leaking data. Verified by running `go test -v ./internal/idp/providers/saml` in verbose mode, which output the following line for the "response_invalid" test case: ``` time="2024-10-03T14:53:10+01:00" level=info msg="invalid SAML response details" caller="/Users/sdouglas/Documents/thirdparty-repos/zitadel/internal/idp/providers/saml/session.go:72" error="cannot parse base64: illegal base64 data at input byte 2" ``` # Additional Changes None # Additional Context - closes #8717 --------- Co-authored-by: Stuart Douglas <sdouglas@hopper.com> |
||
---|---|---|
.. | ||
requesttracker | ||
mapper.go | ||
saml_test.go | ||
saml.go | ||
session_test.go | ||
session.go |