"Authentication module succeed but has not set $req->user" when using SAML Artifact mode with some, but not all IDPs
Concerned version
Version: 2.0.13
Summary
- Configure samltest.id as an IDP
- Try to login => Error
Logs
[debug] This module do not manage SSO request, see IssuerDBSAML
[error] Authentication module succeed but has not set $req->user
Possible fixes
This is caused by the following code:
# Request or response ?
if ( $message =~ /samlp:response/i ) {
$response = $message;
}
which only works if the XML document uses the expected namespace
We should find a more robust way to check the type of an artifact response. Or refactor checkMessage so that it won't try to detect the type, which should be known in advance from context.