#177 Exception triggered when Ipsilon receives AuthnRequest via SOAP endpoint
Closed: Fixed None Opened 3 years ago by jdennis.

When a SAML AuthnRequest is posted to the SOAP endpoint Ipsilon responds with a 400 error because an exception is raised when an attempt is made to save transaction data.

The root cause of the problem is the transaction object created in provider/saml2/auth.AuthenticateRequest._preop() is not initialized.

    def _preop(self, *args, **kwargs):
        try:
            # generate a new id or get current one
            self.trans = Transaction('saml2', **kwargs)

slightly later when this code tries to update and save the transaction

                # SAML binding known, store in transaction
                data = {'saml2_binding': self.binding}
                self.trans.store(data)

an exception is thrown because the uninitialized Transaction object has no uuid associated with it, a requirement for storing the value.

As to why the transaction is uninitialized is a long and complicated story which will be the subject of another ticket.

But for now it appears the most expedient solution is to remove the following block of code from _preop

            if self.binding is None:
                # SAML binding is unknown, try to get it from transaction
                transdata = self.trans.retrieve()
                self.binding = transdata.get('saml2_binding')
            else:
                # SAML binding known, store in transaction
                data = {'saml2_binding': self.binding}
                self.trans.store(data)

because it's not actually accomplishing anything. No one references the saml2_binding value being stored in the transaction, it was put there for bullet-proofing. In hindsight it was probably a bad idea because the binding is a property of the current request, not a property of the series of requests forming a transaction.

This doesn't solve the problem of the uninitialized transaction, but the uninitialized transactions in this code block currently only occurs in the SOAP case, which is the one failing.


Fields changed

milestone: => 1.2
owner: => puiterwijk
status: new => assigned

Fields changed

owner: puiterwijk => jdennis
patch_available: 0 => 1

commit: f04fa82

resolution: => fixed
status: assigned => closed

Metadata Update from @nkinder:
- Issue assigned to jdennis
- Issue set to the milestone: 1.2

2 years ago

Login to comment on this ticket.

Metadata