goauthentik
SAMLException unclear because of empty string.
Describe the bug I get an empty SAML Error description "Failed to process SAML assertion: " In the source authentik/providers/saml/views/flows.py there is:
try:
response = AssertionProcessor(provider, request, auth_n_request).build_response()
except SAMLException as exc:
Event.new(
EventAction.CONFIGURATION_ERROR,
message=f"Failed to process SAML assertion: {str(exc)}",
provider=provider,
).from_http(self.request)
return self.executor.stage_invalid()
The issue is that {str(exc}} is an empty string. I think that is because SAMLException has no str method as a look in the source authentik/sources/saml/exceptions.py reveals:
class SAMLException(SentryIgnoredException):
"""Base SAML Exception"""
Expected behavior The SAML error message should be clear about what the error actually is.
Screenshots The screen shows me an Authentik User consent with Message "Request denied"
Logs authentik-server-1 | {"action": "configuration_error", "auth_via": "session", "client_ip": "10.0.0.15", "context": {"http_request": {"args": {"RelayState": "https://zabbix.domain/index_sso.php", "SAMLRequest": "rVNNb9pAEL3zK5DveI0dlHQFrij0A4mCBaSHXqLxelxWtXfdnXVC+uu7tkmhUeRT92JpZt6bN0/PU4KyqPi8tke1w181kh0M3TuVhSLeNmdebRTXQJK4ghKJW8H3869rHvoBr4y2WujCewXrRwERGiu16mCr5czbbj6ut59Xm4cIbyANx+kY03wcQTqJ8ghDFLchAN5FNwLSPL+NoIN+Q0OOZ+Y5Wm/QsRHVuFJkQVlXD8LJKIhGYXAI7vj4HZ+E3zvo0h0rFdgWfrS2Is4YOCdQWfnTh8J/lAqfwWQjOoKfIYOqKqRoEaw5kv2GNJUnRqRZKlUm1Q9mMJMGhWXdkuTsz4eu3W/LmYP4l8MhGSXb/aEjmb/YtdCK6hLNHs2jFHi/W1+Ud1reku1Y8fTgRPrVsXoPgry4pZ02N/DWLhP/fwOm7Jr/srHiG3f5aplox/Xc1pv3SZsSbL9BTUVmo7wd5daAIunEen9J5kWhnxYGweLMs6ZGb8j+WX0OOWZt5J2fFk92uNBlBUZSkwQ8gbBnhy4uXY8vCpffHeZxb8QFF82cKyfu86RN1mTBGYPZoRFeaWPPFr1J3qlmPbLjwUv7+v+N/wA=", "inspector": "available"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/", "request_id": "8b80e1429b3f416990635973e3dfe303", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0"}, "message": "Failed to process SAML assertion: ", "provider": {"app": "authentik_providers_saml", "model_name": "samlprovider", "name": "Zabbix", "pk": 11}}, "domain_url": "authentik.domain", "event": "Created Event", "host": "authentik.domain", "level": "info", "logger": "authentik.events.models", "pid": 75, "request_id": "8b80e1429b3f416990635973e3dfe303", "schema_name": "public", "timestamp": "2025-03-20T08:19:52.831175", "user": {"email": "email@domain", "pk": 7, "username": "username"}}
Version and Deployment (please complete the following information):
- authentik version: 2025.2.2
- Deployment: docker-compose
Additional context I use a Let's Encrypt wildcard certificate created with acme.
I'm also having this issue, also specifically with Zabbix, which makes me wonder if it isn't a Zabbix issue.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![authentik-automation[bot] avatar](https://avatars.githubusercontent.com/in/340695?v=4 "Published by a pub.dev verified publisher"){kind=small}
Also running into this on 2025.6.0:
{"action": "configuration_error", "auth_via": "session", "client_ip": "<<>>", "context": {"asn": {"as_org": "<<>>"}, "geo": {<<>>}, "http_request": {"args": {"inspector": "available"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-explicit-consent/", "request_id": "01fdaf82e4344a5584f01c1da55a0e82", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"}, "message": "Failed to process SAML assertion: ", "provider": {"app": "authentik_providers_saml", "model_name": "samlprovider", "name": "Provider for Nextcloud", "pk": 4}}, "domain_url": "<<>>", "event": "Created Event", "host": "<<>>", "level": "info", "logger": "authentik.events.models", "pid": 65, "request_id": "01fdaf82e4344a5584f01c1da55a0e82", "schema_name": "public", "timestamp": "2025-06-05T04:11:02.531048", "user": {"email": "<<>>", "pk": 4, "username": "akadmin"}}
(<<>> = redacted)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.