More details in Lasso lib related log error messages
LemonLDAP::NG version: 2.0.9
Operating system: CentOS 8 / Docker
Web server: Nginx
Currently, with lasso lib v2.6.1, we sometimes get error messages that are quite opaques, as they dont give much informations about the cause of the error. Also surroundings [info] messages don't help either. The only thing we know is that it's related to SAML SP/IDP somehow.
- Lasso error code -405: Invalid HTTP method
- Lasso error code -407: Invalid message
[2020/10/07 14:00:32] INFO: User ******* has been disconnected from AD (*.*.*.*) [2020/10/07 14:00:32] ERROR: Lasso error code -405: Invalid HTTP method [2020/10/07 14:00:32] INFO: Session cannot be tied: Object does not exist in data store. at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 66.
Those messages could mean different things: user's session could not be properly unset, user could not be disconnected for one or many SAML services, one or many SAML services are not properly configured (some bindings might be missing from their metadata...)
[2020/10/05 09:40:42] ERROR: Lasso error code -407: Invalid message [2020/10/05 09:40:42] ERROR: SSO: Fail to process authentication request
Those messages could mean: invalid user credentials (login or password), user does not exists or is not found in backend, account is disabled / lock, found multiple results in backend identity databases, backend identity databases are currently unavailable, timeout...
Backend identity storage is Redis
Adding some detailed informations in error log messages, such as:
- the action causing the error (single login, single logout)
- the user at the origin of this action
- the SAML service concerned
- the underlying error (missing bindings in metadata, misconfiguration, connection lost, request timeout, invalid response, remote service unavailable...)
Some messages about the SAML requests might be useful too.