Error message shown when IDP response validation is invalid is a Symfony TypeError instead of the real error

[KenKodz]

Below is the error that is returned when the response from the IDP is determined to be invalid.

Symfony\Component\HttpFoundation\Response::setContent(): Argument #1 ($content) must be of type ?string, Illuminate\Routing\Redirector given, called in \vendor\laravel\framework\src\Illuminate\Http\Response.php on line 72

I came across this when I missed copying part of the IDP cert into idp_x509_cert.

I'm not sure this can be fixed in this package as it seems to be a Laravel issue, but I thought I'd put it here in case someone could figure out something. Worst case scenario, someone else who can't properly copy/paste (like me today) can fix the issue faster.

Currently using Laravel 10.7.1 and laravel-saml2 2.2.0

[nspaul]

@KenKodz I am seeing this same error while trying to set this up. I have double-checked my IDP cert in the tenant configuration, and it is correct. Can you expand on what you did to fix this? Are there any good tricks to help troubleshoot this?

FWIW, I also manually changed the tenant's uuid to the same value as key so that my login URL would stay the same. I am trying to migrate over from aacotroneo/laravel-saml2. I don't know if that has any direct effect on this specific error, but I though I should probably provide that info here for full context. I referenced this situation here: https://github.com/24Slides/laravel-saml2/issues/66

[KenKodz]

Basically, in my case, there was an error with the key exchange between my SP and IDP. This returns a error and tries to redirect to somewhere (didn't try to figure out where). This redirect causes the exception to be thrown.

The way I figured it out is totally the wrong way to do it, but it worked for me. I used dd() in the package code until I was able to figure out where in the code it was failing. It felt dirty, but it worked. LOL

[jamesratcliffe]

It looks like you need to specify a route to handle the error.

The Saml2Controller redirect if there's a SAML2 error:

return redirect(config('saml2.errorRoute'));

You have to set the SAML2_ERROR_URL env variable or update the published config file The SAML2 error is flashed to the session, so you won't see it unless the view renders them.