Project

General

Profile

Bug #90568

Erreur 500 en activant Chiffrer le NameID

Added by Benjamin Renard 10 days ago. Updated 10 days ago.

Status:
Nouveau
Priority:
Normal
Assignee:
-
Category:
SAML
Target version:
-
Start date:
14 May 2024
Due date:
% Done:

0%

Estimated time:
Patch proposed:
No
Planning:
No

Description

En activant l'option "Chiffrer le NameID" d'un règlement des options de fournisseur de services, je rencontre l'erreur suivante lors d'une requête de connexion :

authentic2[228958]: 10.0.12.10 Admins Easter-eggs r:7F9430938750 ERROR Internal Server Error: /idp/saml2/sso
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 47, in inner
        response = get_response(request)
                   ^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 181, in _get_response
        response = wrapped_callback(request, *callback_args, **callback_kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f
        return func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/decorators.py", line 40, in f
        return func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
        response = view_func(request, *args, **kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
        return view_func(*args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 156, in f
        return func(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 635, in sso
        return sso_after_process_request(request, login, nid_format=nid_format)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 946, in sso_after_process_request
        name_id = build_assertion(request, login, provider, nid_format=nid_format)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 467, in build_assertion
        fill_assertion(request, login.request, assertion, login.remoteProviderId, nid_format)
      File "/usr/lib/python3/dist-packages/authentic2/idp/saml/saml2_endpoints.py", line 209, in fill_assertion
        assertion.subject.nameID.content = transient_id_content
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    AttributeError: 'NoneType' object has no attribute 'content'

Note : je précise que c'est non bloquant, car le SP en question fonctionne sans souci sans chiffrement du NameID, mais vu que je suis tombé sur ce qui ressemble à un bug, je vous le remonte :)

Also available in: Atom PDF