Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17191

Misleading / inaccurate error message in SAML flows

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 14.1.1.8, 5.5.2, 14.1.2.5, 7.0.0, 14.1.2.11, 6.5.3, 7.0.1
    • None
    • SAML
    • any
    • Rank:
      1|i033kn:

      Description

      Bug description

      error message 'Issuer in Request is not valid' and 'Issuer in Response is not valid' are misleading in some cases

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. setup AM as hosted SAML IdP or hosted SP
      2. setup second AM as hosted SP or hosted IdP
      3. import remote SP / IdP meta data
      4. do not add remote SP / IdP to circle of trust
      5. perform SP-initiated SSO flow
      Expected behaviour
      Error message should tell the route cause. Ideally it says 'SP XYZ is not member of CoT ABC'
      
      Current behaviour
      only error message 'Issuer in Response is not valid' or 'Issuer in Request is not valid' is logged
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            bthalmayr Bernhard Thalmayr
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: