Invalid <Organization> in SAML metadata can crash portal startup
Concerned version
Version: 2.0.14
Summary
If SAML metadata contains the following (invalid) element:
<Organization><OrganizationName>XXX</OrganizationName><OrganizationURL>https://www.xxx.fr</OrganizationURL></Organization>
The portal will crash on startup
Logs
Unable to load /usr/share/lemonldap-ng/portal/htdocs/index.psgi at /usr/sbin/llng-fastcgi-server line 96
[Thu Aug 11 11:26:43 2022] [LLNG:19331] [debug] Get Metadata for SP XXX
Can't use string ("XXX") as a HASH ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 829.
Possible fixes
- Wrap SAML provider load in an eval block
- Possibly try to handle this broken Organization