Skip to content

Review status code caused by SAML exceptions #57331

New issue
New issue
Open
Open
Review status code caused by SAML exceptions#57331
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>enhancementTeam:SecurityMeta label for security team
@ywangd

Description

@ywangd
ywangd
opened on May 29, 2020

The methodSamlUtils#samlException(String msg, Object... args) is used to signify a SAML exception in many places. A large part of this exception is catched in SamlRealm#authenticate, where it is handled internally and not exposed directly to users.

There are however usages in many other places where this exception gets ultimately translated into a 500 status code, which does not always suitable. For example, when a SAML Request is not signed, it feels more appropriate to return 400. This issue proposes to review these usages and rationalise the status code in case of error.

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>enhancementTeam:SecurityMeta label for security team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions