SATOSA icon indicating copy to clipboard operation
SATOSA copied to clipboard

Published 20 hours ago verified publisher icon IdentityPython

[Debug enhancement] IncorrectlySigned exception on AuthnRequest when MDQ server is down

Open peppelinux opened this issue 6 years ago • 1 comments

When we use a SAML backend with metadata from mdq server and the mdq server is unavailable, SATOSA raises a UnkownError. In the debug log we can read the exception message "IncorrectlySigned". This means that the metadata was not retrieved correctly.

Code Version

master branch

Expected Behavior

Probably a detailed message like "MDQ server is unavailable" would be better.

Current Behavior

  File "Django-Identity.env/lib/python3.5/site-packages/saml2/server.py", line 231, in parse_authn_request
    "single_sign_on_service", binding)
  File "Django-Identity.env/lib/python3.5/site-packages/saml2/entity.py", line 860, in _parse_request
    must=must, only_valid_cert=only_valid_cert)
  File "Django-Identity.env/lib/python3.5/site-packages/saml2/request.py", line 96, in loads
    only_valid_cert=only_valid_cert)
  File "Django-Identity.env/lib/python3.5/site-packages/saml2/request.py", line 59, in _loads
    raise IncorrectlySigned()
saml2.response.IncorrectlySigned

peppelinux avatar Apr 20 '19 12:04 peppelinux

This issue is related to pysaml2 mdstore and not directly to SATOSA but it could be handled in a better way instead of expose an error 500 if you agree

peppelinux avatar Jul 09 '19 12:07 peppelinux