Internal error while processing a "access forbidden" SAML assertion
Affected version
Version: %2.17.2
Platform: any
Summary
During SAML authentication, the ForgeRock server sends a SAML assertion that contains a new attribute with a "accès refusé" content. Lemon doesn't catch XML error and displays an internal error
Logs
[Wed Dec 6 03:03:53 2023] [LLNG:164] [debug] Processing setAuthSessionInfo
2023/12/06 03:03:53 [error] 157#157: *25 FastCGI sent in stderr: ":1: namespace error : Namespaced Attribute type in 'http://www.w3.org/2001/XMLSchema-instance' redefined
://www.w3.org/2001/XMLSchema-instance" ns1:type="xs:string" xsi:type="xs:string"
^
XML::Simple called at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 1548" while reading response header from upstream, client: 1.2.3.4, server: auth.poc-mail-avocat.fr, request: "POST /saml/proxySingleSignOnPost HTTP/1.1", upstream: "fastcgi://unix:/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "auth.poc-mail-avocat.fr", referrer: "https://preprod-sso.cnb-prive.net/"
1.2.3.4 - - [06/Dec/2023:03:03:53 +0000] "POST /saml/proxySingleSignOnPost HTTP/1.1" 500 21 "https://preprod-sso.cnb-prive.net/" "Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0"
2023/12/06 03:03:55 [info] 157#157: *26 client closed connection while waiting for request, client: 54.36.52.8, server: 0.0.0.0:443