Project

General

Profile

Bug #89371

When using lasso as IDP, missing signature in redirect binding leads to a confusing error message

Added by Maxime Besson about 1 month ago. Updated about 1 month ago.

Status:
Résolu (à déployer)
Priority:
Normal
Category:
-
Target version:
-
Start date:
10 April 2024
Due date:
% Done:

0%

Estimated time:
Patch proposed:
No
Planning:
No

Description

I use Lasso in an IDP implementation (LemonLDAP::NG), and some SP are sometimes incorrectly configured to omit signatures.

When that happens, lasso_login_process_authn_request_msg returns LASSO_DS_ERROR_INVALID_SIGALG (Invalid signature algorithm) which is confusing: our users generally try to change signature algorithms and don't realize that the signature is just not there at all.

In my humble opinion, Lasso should return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND (Signature element not found) in this situation.

The code that causes this is https://dev.entrouvert.org/projects/lasso/repository/33/revisions/main/entry/lasso/xml/tools.c#L1031

I think the missing "Signature" parameter should be checked before the missing "SigAlg" parameter, so that if both are missing, "Signature element not found" is returned to the user as a hint that the signature is missing, and not just using the wrong algorithm.

When using POST binding, this issue is not present: "Signature element not found" is returned when the signature is missing.

Trivial patch attached


Files

missing-sig.diff (594 Bytes) missing-sig.diff Maxime Besson, 10 April 2024 06:30 PM

Associated revisions

Revision fe27e52d (diff)
Added by Benjamin Dauvergne about 1 month ago

misc: check for signature parameter before sigalg (#89371)

History

#1

Updated by Benjamin Dauvergne about 1 month ago

  • Assignee set to Benjamin Dauvergne
#2

Updated by Robot Gitea about 1 month ago

  • Status changed from Nouveau to Solution proposée

Benjamin Dauvergne (bdauvergne) a ouvert une pull request sur Gitea concernant cette demande :

#3

Updated by Robot Gitea about 1 month ago

  • Status changed from Solution proposée to Solution validée

Thomas NOËL (tnoel) a approuvé une pull request sur Gitea concernant cette demande :

#4

Updated by Robot Gitea about 1 month ago

  • Status changed from Solution validée to Solution proposée

Benjamin Dauvergne (bdauvergne) a demandé une relecture de Yann Weber (yweber) sur une pull request sur Gitea concernant cette demande :

#5

Updated by Robot Gitea about 1 month ago

  • Status changed from Solution proposée to Solution validée

Yann Weber (yweber) a approuvé une pull request sur Gitea concernant cette demande :

#6

Updated by Robot Gitea about 1 month ago

  • Status changed from Solution validée to Résolu (à déployer)

Benjamin Dauvergne (bdauvergne) a mergé une pull request sur Gitea concernant cette demande :

Also available in: Atom PDF