#166 Don't fail on unsigned logout requests

Created 2 years ago by rcritten
Modified 8 months ago

When testing a SimpleSAMLphp SP the logout was throwing a 500 on the Ipsilon IdP with this backtrace:

[Fri Sep 11 20:53:37.958295 2015] [wsgi:error] [pid 30518] [11/Sep/2015:20:53:37] HTTP Traceback (most recent call last):
[Fri Sep 11 20:53:37.958374 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 670, in respond
[Fri Sep 11 20:53:37.958428 2015] [wsgi:error] [pid 30518]     response.body = self.handler()
[Fri Sep 11 20:53:37.958479 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 217, in __call__
[Fri Sep 11 20:53:37.958531 2015] [wsgi:error] [pid 30518]     self.body = self.oldhandler(*args, **kwargs)
[Fri Sep 11 20:53:37.958602 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 61, in __call__
[Fri Sep 11 20:53:37.958655 2015] [wsgi:error] [pid 30518]     return self.callable(*self.args, **self.kwargs)
[Fri Sep 11 20:53:37.958705 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__
[Fri Sep 11 20:53:37.958757 2015] [wsgi:error] [pid 30518]     return op(*args, **kwargs)
[Fri Sep 11 20:53:37.958831 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/ipsilon/providers/common.py", line 90, in root
[Fri Sep 11 20:53:37.958897 2015] [wsgi:error] [pid 30518]     return op(*args, **kwargs)
[Fri Sep 11 20:53:37.958949 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2idp.py", line 143, in GET
[Fri Sep 11 20:53:37.959010 2015] [wsgi:error] [pid 30518]     samlresponse=response)
[Fri Sep 11 20:53:37.959078 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/logout.py", line 238, in logout
[Fri Sep 11 20:53:37.959151 2015] [wsgi:error] [pid 30518]     self._handle_logout_request(us, logout, saml_sessions, message)
[Fri Sep 11 20:53:37.959203 2015] [wsgi:error] [pid 30518]   File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/logout.py", line 50, in _handle_logout_request
[Fri Sep 11 20:53:37.959263 2015] [wsgi:error] [pid 30518]     raise InvalidRequest(msg)
[Fri Sep 11 20:53:37.959332 2015] [wsgi:error] [pid 30518] InvalidRequest: "Invalid SAML Request: <lasso.Samlp2LogoutRequest object at 0x7fcf6d0dbf10> (DsInvalidSigalgError() ['SAMLRequest=jZJPa%2BMwEMW%2FivE9sSX%2FF0kgqRMIZHfZpuxhL0Gxxq2oLWk1MrTffmW7gbaH0pPgaX5v3mi0Qt53hp30ox7cPfwbAF3w0ncK2XSzDgermOYokSneAzLXsPP2x4nRZcyM1U43ugvfIV8THBGsk1qFwbFeh5cszwpeNaRKxbWitI2vTZon15akKSmLhuZXLpKiigkNgz9g0ZPr0Bt5HHGAo0LHlfNSTLJFXC0IeaAxyxKWFH%2FDoPbTSMXdRD05Z5BFkTQoO62WjxZeNX9eNrqPpDDRGJ5G59Ov6B6EtNC4cLMaRTa1spubARrnfT%2FwKHvTwVgc9VoMHSzN0%2Bzoq6MeHBfc8UkU0PKhcws0q%2Bi9%2B9zqp3%2BxYx2Mx%2B%2BBd7KVYL8b%2FdYmDA7a9tx9vYlRkWLRTqXMWa5QgvIzX%2FI44aRNs7wo0rRsgQsoCc0oETRroSFvueeoc27DzoDjco5KwMvmsq%2FLNClpva12%2BaEqaZzsdnf7ZJ9syXYXH6rZ4hN1Ez98xs1%2F&RelayState=_6472ba5cd3b01ab1d8e6fae7a3aa23a5c6d029f8b1'])"
[Fri Sep 11 20:53:37.959393 2015] [wsgi:error] [pid 30518]

Fields changed

milestone: => 1.2

Fields changed

component: framework => Interoperability
owner: => rcritten
status: new => accepted

To reproduce set 'redirect.sign' => FALSE in metadata/saml20-idp-remote.php in the IdP configuration.

master: ee4d965

resolution: => fixed
status: accepted => closed

8 months ago

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.2

Login to comment on this ticket.

defect

Interoperability

0

1

cancel