TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
e90e1d00b7
zitadel/internal/api
History
Livio Spring 35df5f61fc
fix(saml): improve error handling (#8928) 
# Which Problems Are Solved

There are multiple issues with the metadata and error handling of SAML:
- When providing a SAML metadata for an IdP, which cannot be processed,
the error will only be noticed once a user tries to use the IdP.
- Parsing for metadata with any other encoding than UTF-8 fails.
- Metadata containing an enclosing EntitiesDescriptor around
EntityDescriptor cannot be parsed.
- Metadata's `validUntil` value is always set to 48 hours, which causes
issues on external providers, if processed from a manual down/upload.
- If a SAML response cannot be parsed, only a generic "Authentication
failed" error is returned, the cause is hidden to the user and also to
actions.

# How the Problems Are Solved

- Return parsing errors after create / update and retrieval of an IdP in
the API.
- Prevent the creation and update of an IdP in case of a parsing
failure.
- Added decoders for encodings other than UTF-8 (including ASCII,
windows and ISO, [currently
supported](efd25daf28/encoding/ianaindex/ianaindex.go (L156)))
- Updated parsing to handle both `EntitiesDescriptor` and
`EntityDescriptor` as root element
- `validUntil` will automatically set to the certificate's expiration
time
- Unwrapped the hidden error to be returned. The Login UI will still
only provide a mostly generic error, but action can now access the
underlying error.

# Additional Changes

None

# Additional Context

reported by a customer

(cherry picked from commit ffe9570776)
2024-12-03 11:42:58 +01:00
..
assets feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00
authz perf(milestones): refactor (#8788) 2024-10-28 08:29:34 +00:00
call fix: reset the call timestamp after a bulk trigger (#6080) 2023-07-07 08:15:05 +00:00
grpc fix(saml): improve error handling (#8928) 2024-12-03 11:42:58 +01:00
http feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
idp fix(saml): provide option to get internal as default ACS (#8888) 2024-11-15 09:35:06 +01:00
info fix: correct method and path for session api activity (#6880) 2023-11-22 12:12:23 +02:00
oidc fix(oidc): do not return access token for response type id_token (#8777) 2024-11-15 09:33:18 +01:00
robots_txt fix: introduce measures to avoid bots crawling and indexing activities (#5728) 2023-05-05 10:25:02 +02:00
saml fix(eventstore): revert precise decimal (#8527) (#8679) 2024-09-24 18:43:29 +02:00
service fix(eventstore): tests 2020-11-26 09:19:14 +01:00
ui fix(login): org register script references (#8842) 2024-10-31 10:16:30 +00:00
api.go feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00