-
Notifications
You must be signed in to change notification settings - Fork 895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide debug hook point to trace original saml callback response #5401
Comments
BackgroundArmeria provides a saml integration module, which allows users to easily set up a Service Provider. The basic flow is as follows:
There is also an integration test which can be analyzed for this behavior: In terms of this issueIt can be difficult to debug why an assertion is not being processed correctly due to complex the inherent complexity of the SAML protocol. I think for normal cases, deserializing SAML messages is not a big pain point since 1) the SAML library provides good enough logging, and 2) the SAML message format is relatively straightforward. The bigger pain point is probably determining why a message refused to be processed. This would probably involve passing the parsed message in the following line: armeria/saml/src/main/java/com/linecorp/armeria/server/saml/SamlAssertionConsumerFunction.java Line 119 in db3973d
So in my opinion this suggestion by @imasahiro should be good enough for starters. i.e. return ssoHandler.loginFailed(ctx, req, messageContext, e); Note that this is simply how I would handle this issue if I were assigned - please feel free to think of any alternative ways to let users more easily debug this issue |
I'm looking this issue. 👀 |
…y in SamlAssertionConsumerFunction (#5622) Motivation: This PR addresses a code enhancement in the SamlAssertionConsumerFunction by initializing the messageContext variable at the beginning of the method. This change is intended to streamline the assignment and handling of messageContext, ensuring that it can be consistently used throughout the method, particularly in exception handling scenarios. Modifications: Declared messageContext at the method start to allow its use across the entire method scope, including within try and catch blocks. Result: - Closes #5401 - The refactor ensures messageContext is available for error handling.
Motivations:
MessageContext
, I needed to fork https://github.com/line/armeria/blob/armeria-1.26.4/saml/src/main/java/com/linecorp/armeria/server/saml/HttpPostBindingUtil.java#L105 to see original xml message sent from idp to understand what is going on.Suggestions:
The text was updated successfully, but these errors were encountered: