#206 Starting IdP-Initiated logout with non-conforming SP returns server error
Closed: Fixed None Opened 3 years ago by puiterwijk.

If a user signed in to an SP that doesn't have a SingleLogout endpoint and then clicks sign out, Ipsilon crashes because it doesn't catch the error thrown by Ipsilon.

Traceback:

[Mon Jan 04 10:31:09.291512 2016] [:error] [pid 8011] [04/Jan/2016:10:31:09]  DEBUG(ipsilon/login/common.py:287 Logout.root()): Calling logout for provider saml2
[Mon Jan 04 10:31:09.292853 2016] [:error] [pid 8011] [04/Jan/2016:10:31:09]  DEBUG(ipsilon/providers/saml2idp.py:390 IdpProvider.idp_initiated_logout()): IdP-initiated SAML2 logout

[Mon Jan 04 10:31:09.391609 2016] [:error] [pid 8011] [04/Jan/2016:10:31:09] HTTP Traceback (most recent call last):
[Mon Jan 04 10:31:09.391648 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
[Mon Jan 04 10:31:09.391653 2016] [:error] [pid 8011]     response.body = self.handler()
[Mon Jan 04 10:31:09.391668 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
[Mon Jan 04 10:31:09.391673 2016] [:error] [pid 8011]     self.body = self.oldhandler(*args, **kwargs)
[Mon Jan 04 10:31:09.391676 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
[Mon Jan 04 10:31:09.391680 2016] [:error] [pid 8011]     return self.callable(*self.args, **self.kwargs)
[Mon Jan 04 10:31:09.391684 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__
[Mon Jan 04 10:31:09.391687 2016] [:error] [pid 8011]     return op(*args, **kwargs)
[Mon Jan 04 10:31:09.391691 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/ipsilon/login/common.py", line 289, in root
[Mon Jan 04 10:31:09.391694 2016] [:error] [pid 8011]     obj()
[Mon Jan 04 10:31:09.391698 2016] [:error] [pid 8011]   File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2idp.py", line 401, in idp_initiated_logout
[Mon Jan 04 10:31:09.391701 2016] [:error] [pid 8011]     logout.initRequest(session.provider_id)
[Mon Jan 04 10:31:09.391705 2016] [:error] [pid 8011]   File "/usr/lib64/python2.7/site-packages/lasso.py", line 2898, in initRequest
[Mon Jan 04 10:31:09.391708 2016] [:error] [pid 8011]     Error.raise_on_rc(rc)
[Mon Jan 04 10:31:09.391712 2016] [:error] [pid 8011]   File "/usr/lib64/python2.7/site-packages/lasso.py", line 62, in raise_on_rc
[Mon Jan 04 10:31:09.391715 2016] [:error] [pid 8011]     raise exception
[Mon Jan 04 10:31:09.391718 2016] [:error] [pid 8011] ProfileUnsupportedProfileError: <lasso.ProfileUnsupportedProfileError(-409): Unsupported protocol profile>
[Mon Jan 04 10:31:09.391722 2016] [:error] [pid 8011]

(traceback from version 1.0, issue happens in every version)


Fields changed

patch_available: 0 => 1
status: new => accepted
version: => 1.1.1

Perhaps we should consider backporting this to 1.1 or 1.0 release streams, given that this is quite easy to trigger.

This has been fixed with 58462e7

resolution: => fixed
status: accepted => closed

Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
- Issue set to the milestone: 1.2

2 years ago

Login to comment on this ticket.

Metadata