mirror of
https://github.com/zitadel/zitadel
synced 2024-11-21 16:30:53 +00:00
81920e599b
# Which Problems Are Solved If SAML response validation in crewjam/saml fails, a generic "Authentication failed" error is thrown. This makes it challenging to determine the actual cause, since there are a variety of reasons response validation may fail. # How the Problems Are Solved Add a log statement if we receive a response validation error from crewjam/saml that logs the internal `InvalidResponseError.PrivateErr` error from crewjam/saml to stdout. We continue to return a generic error message to the client to prevent leaking data. Verified by running `go test -v ./internal/idp/providers/saml` in verbose mode, which output the following line for the "response_invalid" test case: ``` time="2024-10-03T14:53:10+01:00" level=info msg="invalid SAML response details" caller="/Users/sdouglas/Documents/thirdparty-repos/zitadel/internal/idp/providers/saml/session.go:72" error="cannot parse base64: illegal base64 data at input byte 2" ``` # Additional Changes None # Additional Context - closes #8717 --------- Co-authored-by: Stuart Douglas <sdouglas@hopper.com> |
||
|---|---|---|
| .. | ||
| providers | ||
| provider.go | ||
| session.go | ||