From 4b967213939da2948edd7c68a8f500ecec75f6d6 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Tue, 13 Aug 2024 14:55:13 +0100 Subject: [PATCH] Attempt to de-escalate SAML login and logout errors --- app/Http/Controllers/Auth/SamlController.php | 28 ++++++++++++++------ app/Services/Saml.php | 6 ++--- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/app/Http/Controllers/Auth/SamlController.php b/app/Http/Controllers/Auth/SamlController.php index 769f903494..6a4c1f65b0 100644 --- a/app/Http/Controllers/Auth/SamlController.php +++ b/app/Http/Controllers/Auth/SamlController.php @@ -99,12 +99,18 @@ class SamlController extends Controller { $saml = $this->saml; $auth = $saml->getAuth(); - $auth->processResponse(); + $saml_exception = false; + try { + $auth->processResponse(); + } catch (\Exception $e) { + Log::warning("Exception caught in SAML login: " . $e->getMessage()); + $saml_exception = true; + } $errors = $auth->getErrors(); - if (! empty($errors)) { - Log::error('There was an error with SAML ACS: '.implode(', ', $errors)); - Log::error('Reason: '.$auth->getLastErrorReason()); + if (!empty($errors) || $saml_exception) { + Log::warning('There was an error with SAML ACS: ' . implode(', ', $errors)); + Log::warning('Reason: ' . $auth->getLastErrorReason()); return redirect()->route('login')->with('error', trans('auth/message.signin.error')); } @@ -132,12 +138,18 @@ class SamlController extends Controller { $auth = $this->saml->getAuth(); $retrieveParametersFromServer = $this->saml->getSetting('retrieveParametersFromServer', false); - $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true); + $saml_exception = false; + try { + $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true); + } catch (\Exception $e) { + Log::warning("Exception caught in SAML single-logout: " . $e->getMessage()); + $saml_exception = true; + } $errors = $auth->getErrors(); - if (! empty($errors)) { - Log::error('There was an error with SAML SLS: '.implode(', ', $errors)); - Log::error('Reason: '.$auth->getLastErrorReason()); + if (!empty($errors) || $saml_exception) { + Log::warning('There was an error with SAML SLS: ' . implode(', ', $errors)); + Log::warning('Reason: ' . $auth->getLastErrorReason()); return view('errors.403'); } diff --git a/app/Services/Saml.php b/app/Services/Saml.php index 8202868013..7ee60233e5 100644 --- a/app/Services/Saml.php +++ b/app/Services/Saml.php @@ -337,12 +337,12 @@ class Saml /** * Get a setting. * - * @author Johnson Yi - * * @param string|array|int $key * @param mixed $default * - * @return void + * @return mixed + *@author Johnson Yi + * */ public function getSetting($key, $default = null) {