Merge pull request #15277 from uberbrady/silence_saml_errors

Fixed: [sc-26355] Attempt to de-escalate SAML login and logout errors
This commit is contained in:
snipe 2024-08-13 15:51:03 +01:00 committed by GitHub
commit 72fd9977e5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 23 additions and 11 deletions

View file

@ -99,12 +99,18 @@ class SamlController extends Controller
{ {
$saml = $this->saml; $saml = $this->saml;
$auth = $saml->getAuth(); $auth = $saml->getAuth();
$saml_exception = false;
try {
$auth->processResponse(); $auth->processResponse();
} catch (\Exception $e) {
Log::warning("Exception caught in SAML login: " . $e->getMessage());
$saml_exception = true;
}
$errors = $auth->getErrors(); $errors = $auth->getErrors();
if (! empty($errors)) { if (!empty($errors) || $saml_exception) {
Log::error('There was an error with SAML ACS: '.implode(', ', $errors)); Log::warning('There was an error with SAML ACS: ' . implode(', ', $errors));
Log::error('Reason: '.$auth->getLastErrorReason()); Log::warning('Reason: ' . $auth->getLastErrorReason());
return redirect()->route('login')->with('error', trans('auth/message.signin.error')); return redirect()->route('login')->with('error', trans('auth/message.signin.error'));
} }
@ -132,12 +138,18 @@ class SamlController extends Controller
{ {
$auth = $this->saml->getAuth(); $auth = $this->saml->getAuth();
$retrieveParametersFromServer = $this->saml->getSetting('retrieveParametersFromServer', false); $retrieveParametersFromServer = $this->saml->getSetting('retrieveParametersFromServer', false);
$saml_exception = false;
try {
$sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true); $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true);
} catch (\Exception $e) {
Log::warning("Exception caught in SAML single-logout: " . $e->getMessage());
$saml_exception = true;
}
$errors = $auth->getErrors(); $errors = $auth->getErrors();
if (! empty($errors)) { if (!empty($errors) || $saml_exception) {
Log::error('There was an error with SAML SLS: '.implode(', ', $errors)); Log::warning('There was an error with SAML SLS: ' . implode(', ', $errors));
Log::error('Reason: '.$auth->getLastErrorReason()); Log::warning('Reason: ' . $auth->getLastErrorReason());
return view('errors.403'); return view('errors.403');
} }

View file

@ -337,12 +337,12 @@ class Saml
/** /**
* Get a setting. * Get a setting.
* *
* @author Johnson Yi <jyi.dev@outlook.com>
*
* @param string|array|int $key * @param string|array|int $key
* @param mixed $default * @param mixed $default
* *
* @return void * @return mixed
* @author Johnson Yi <jyi.dev@outlook.com>
*
*/ */
public function getSetting($key, $default = null) public function getSetting($key, $default = null)
{ {