Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12586

SAML failures in access.audit produce incorrect statusCode with a String

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0, 13.5.1, 5.5.1
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
      None
    • Target Version/s:
    • Rank:
      1|hzvjdr:
    • Sprint:
      AM Sustaining Sprint 50
    • Support Ticket IDs:

      Description

      Bug description

      When a SAML request fails, the audit log populates the statusCode with a seemingly hard-coded String, "Client". It should be a relevant number (500, etc)

      How to reproduce the issue

      (Possible pre-req: Go to Configure -> Global Services -> System -> Logging -> Set Log Status to Active)

      Hosted Idp configured on server 1
      On server 2, configure a hosted SP, and import the IDP metadata from server 1.
      Remote SP metadata NOT imported on server 1.
      Do SP-initiated SAML request from server 2 to produce an error.

      Expected behaviour
      {"realm":"/","client":{"ip":"192.168.56.1","port":61331},"server":{"ip":"192.168.56.10","port":18080},"http":{"request":{"secure":false,"method":"GET","path":"http://openam.example.com:18080/openam/SSORedirect/metaAlias/idp","queryParameters":{"SAMLRequest":["nVRNj9owEL3vr4h8hyQk200tQKKgqkjbNgXaQ2/GmXQtObbrmezSf187sIiqKw5cxzMv70uZoui044uenswGfveAlCSHThvkw8uM9d5wK1AhN6ID5CT5dvH5kU/GGXfekpVWs7v1asZwkgmZ5e39HgRAWVbZu7IqHx7KfA/FfVkV0Obv921e5iz5AR6VNTMWYFiyRuxhbZCEoTDK8mqUFaO82OUFL0teVj9ZsgrUlBE0XD0ROZ6m1kEgNYaD6JyGsbQdz6usyk4P6Xb7dQON8iAp7YDEQiuBqWocSz5aL2GQPWOt0AiRRS0Q1TOcJ/VJ3wdlGmV%2BXTdjf1xC/mm3q0cLT6oVkliyQAQfaS%2Btwb4DvwX/rCR83zyehaCbnFUYIF5cqogsX28vZKBj87tpTIkP/vmL3K4zFa%2BM2Dx8eJpeYJwQHf8Srtar2mol/9zSiGhwJ%2Bj6dpyoZtQOq9zFTiCBCaZt60jgWy%2B0ahX4UC43CVZqbV%2BWHgSFjMj3wOZH9v/yPYs4NRqaIejgIcGBbhGztJ0TXmHsXsgpxDo/On8JvNTB2A20t%2BRwdU1yGaHDOBb0xfomFjOUGpqdFwad9XRK8S0%2BZ4/etCOYlf7/E5j/BQ%3D%3D"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"host":["openam.example.com:18080"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7"]},"cookies":{"JSESSIONID":"28C9972857844F71D80A4F2138A47764","amlbcookie":"01","i18next":"en-GB"}}},"transactionId":"f2db2855-8714-4b2e-a753-6d1b1f5d6884-920","component":"SAML2","userId":null,"request":{"protocol":"SAML2","operation":"idpSSOFederate"},"timestamp":"2018-03-13T13:44:48.294Z","eventName":"AM-ACCESS-OUTCOME","response":{"status":"FAILED","statusCode":"500","elapsedTime":3,"elapsedTimeUnits":"MILLISECONDS","detail":{"reason":"The SAML Request is invalid."}},"trackingIds":["s20ac01f5beaee448064847741be35483ef19bf141","28C9972857844F71D80A4F2138A47764"],"_id":"f2db2855-8714-4b2e-a753-6d1b1f5d6884-922"}
      Current behaviour
      {"realm":"/","client":{"ip":"192.168.56.1","port":61331},"server":{"ip":"192.168.56.10","port":18080},"http":{"request":{"secure":false,"method":"GET","path":"http://openam.example.com:18080/openam/SSORedirect/metaAlias/idp","queryParameters":{"SAMLRequest":["nVRNj9owEL3vr4h8hyQk200tQKKgqkjbNgXaQ2/GmXQtObbrmezSf187sIiqKw5cxzMv70uZoui044uenswGfveAlCSHThvkw8uM9d5wK1AhN6ID5CT5dvH5kU/GGXfekpVWs7v1asZwkgmZ5e39HgRAWVbZu7IqHx7KfA/FfVkV0Obv921e5iz5AR6VNTMWYFiyRuxhbZCEoTDK8mqUFaO82OUFL0teVj9ZsgrUlBE0XD0ROZ6m1kEgNYaD6JyGsbQdz6usyk4P6Xb7dQON8iAp7YDEQiuBqWocSz5aL2GQPWOt0AiRRS0Q1TOcJ/VJ3wdlGmV%2BXTdjf1xC/mm3q0cLT6oVkliyQAQfaS%2Btwb4DvwX/rCR83zyehaCbnFUYIF5cqogsX28vZKBj87tpTIkP/vmL3K4zFa%2BM2Dx8eJpeYJwQHf8Srtar2mol/9zSiGhwJ%2Bj6dpyoZtQOq9zFTiCBCaZt60jgWy%2B0ahX4UC43CVZqbV%2BWHgSFjMj3wOZH9v/yPYs4NRqaIejgIcGBbhGztJ0TXmHsXsgpxDo/On8JvNTB2A20t%2BRwdU1yGaHDOBb0xfomFjOUGpqdFwad9XRK8S0%2BZ4/etCOYlf7/E5j/BQ%3D%3D"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"host":["openam.example.com:18080"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7"]},"cookies":{"JSESSIONID":"28C9972857844F71D80A4F2138A47764","amlbcookie":"01","i18next":"en-GB"}}},"transactionId":"f2db2855-8714-4b2e-a753-6d1b1f5d6884-920","component":"SAML2","userId":null,"request":{"protocol":"SAML2","operation":"idpSSOFederate"},"timestamp":"2018-03-13T13:44:48.294Z","eventName":"AM-ACCESS-OUTCOME","response":{"status":"FAILED","statusCode":"Client","elapsedTime":3,"elapsedTimeUnits":"MILLISECONDS","detail":{"reason":"The SAML Request is invalid."}},"trackingIds":["s20ac01f5beaee448064847741be35483ef19bf141","28C9972857844F71D80A4F2138A47764"],"_id":"f2db2855-8714-4b2e-a753-6d1b1f5d6884-922"}

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              joe.starling Joe Starling
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: