Invalid Signature error throws browser in redirect loop

[christian-hawk]

Actual Behaviour

When passport fails do validate encrypted assertion's signature, browser is thrown in loop and keep requesting token and trying to authenticate request.

2021-12-29T17:25:33.608Z [VERBOSE]  Issuing token
2021-12-29T17:25:33.610Z [INFO]     10.10.0.2 - GET /passport/token HTTP/1.1 200 201 - 1.339 ms
2021-12-29T17:25:33.706Z [VERBOSE]  Validating token
2021-12-29T17:25:33.706Z [VERBOSE]  Authenticating request against saml-default
2021-12-29T17:25:33.708Z [INFO]     46.101.228.95 - GET /passport/auth/saml-default/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiI0MjBlMzFkOC02MzA1LTQ4ODYtOTRiNS0yZGJiZTE2Zjc2ZTUiLCJpYXQiOjE2NDA3OTg3MzMsImV4cCI6MTY0MDc5ODg1M30.XFthRiIy1zonq61CS7Kqm23rBerchzg0SSgfDSzorGI HTTP/1.1 200 1870 - 1.965 ms
2021-12-29T17:25:34.572Z [VERBOSE]  Authenticating request against saml-default
2021-12-29T17:25:34.662Z [ERROR]    Error: Error: Invalid signature from encrypted assertion
2021-12-29T17:25:34.662Z [ERROR]    Error: Invalid signature from encrypted assertion

Expected behavior:

Handle error accordingly (message to oxauth error endpoint, maybe?)

[kdhttps]

@christian-hawk It only creates a problem when we pass preselectedExternalProvider in auth request. We need to add a fix in authentication scripts.

I found one way. After strategy failed or any other error. Passport redirects to oxauth with failure error in query param like Request URL:https://test.gluu.server.org/oxauth/auth/passport/passportlogin.htm?failure=An error occurred.

we can check if there is failure query param then stop redirection. let me know mate what your thoughts if all ok then I'll update script and make PR for community-edition-setup.