Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14430

SAML errors generate HTTP 500 Internal Server Error

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 14.0.0, 14.5.0, 6.0.0, 6.5.0
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None
    • Support Ticket IDs:

      Description

      Bug description

      Many SAML error scenarios return HTTP 500 errors to the browser. These should be handled more gracefully to provide a better user experience

      How to reproduce the issue

      1. Configure SP and IDP AM servers
      2. On the IDP server, do not register the remote SP metadata
      3. Send SP-init SAML request
      4. AM, as the IDP, throws Internal Server Error
      5. Clue in the logs: WARNING: UtilProxySAMLAuthenticator.authenticate: Issuer in Request is not valid.

      other scenario:

      1. Configure SP and IDP AM servers, correctly this time
      2. Link the demo user on both servers by running a successful SAML flow once
      3. Now on the SP, de-activate the demo account (set it to 'inactive')
      4. Run the SP-init SAML flow again.
      5. Now after authenticating at the IDP successfully, AM (the SP server) throws Internal Server Error after receiving the successful SAML response.

      another scenario: when Signature Algorithm is not supported. Internal Server Error shown.

      Expected behaviour
      Handle errors gracefully. Do not throw Internal Server Error
      
      Current behaviour
      HTTP 500 ? Internal Server Error
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                joe.starling Joe Starling
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: