saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

Handle malformed Kmsi form field in ADFS

Open dboitnot opened this issue 3 years ago • 1 comments

I've encountered a situation where the value for Kmsi is "true " (with trailing space). This leads to:

DEBU[0003] HTTP Req URL="https://<redacted>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn%3Aamazon%3Awebservices&client-request-id=3b.." http=client method=POST
DEBU[0003] HTTP Res Status="500 Internal Server Error" http=client
unable to classify response from auth server

Apparently this value is being pulled directly from the server's response:

https://github.com/Versent/saml2aws/blob/df3f6cf6757279e92c1dfe7e0155f0a60ec68d6b/pkg/provider/adfs/adfs.go#L75

dboitnot avatar Jul 09 '22 14:07 dboitnot

It turns out that, at least in my case, it's not trailing white space but a second, empty value for Kmsi in the form:

len(authForm["Kmsi"]) // == 2

dboitnot avatar Jul 09 '22 14:07 dboitnot

Just out of curiosity, is that issue also persisting with the version out of #795 ? In that case I would adopt the referenced fix.

christianmeyer avatar Mar 17 '23 11:03 christianmeyer