search

Clever / saml2

Node module to abstract away the complexities of the SAML protocol behind an easy to use interface.
Apache License 2.0
352 stars 163 forks source link

sp.post_assert is throwing a 500 Internal Service Error #149

Open kogden opened 6 years ago

kogden commented 6 years ago

So my service was working correctly up until yesterday. Now our login service is working, but when it comes to asserting the login and sending the webpage files I'm receiving a: Internal Service Error

Here is the function throwing the error:

app.post("/dashboard", function (req, res) {
  console.log("sp: Asserting login");
  var options = { request_body: req.body };

  sp.post_assert(idp, options, function (err, saml_response) {
    if (err != null)
      return res.send(500);                     // currently throwing this error
    console.log('running post_assert func');
    // Save name_id and session_index for logout
    last_response = saml_response.user.attributes['urn:oid:2.5.4.42'];        // store username in variable
    name_id = saml_response.user.name_id;
    session_index = saml_response.user.session_index;
    console.log('running res.sendfile');

    res.sendfile("./dist/PROJECT_NAME/index.html");

    console.log('/dashboard post complete');
  });
});

The output is sp:Asserting login

and the rest isn't run. This code was working fine up until a couple days ago. Anyone got an idea?

kogden commented 6 years ago

update, this is the error printed;

Error: Expected 1 Assertion or 1 EncryptedAssertion; found 0
    at /Users/Kevin/Desktop/Coding/Projects/saml_sp/node_modules/saml2-js/lib-js/saml2.js:607:24
    at Timeout._onTimeout (/Users/Kevin/Desktop/Coding/Projects/saml_sp/node_modules/saml2-js/lib-js/saml2.js:321:17)
    at ontimeout (timers.js:498:11)
    at tryOnTimeout (timers.js:323:5)
    at Timer.listOnTimeout (timers.js:290:5)
kogden commented 6 years ago

We're not getting a saml_response for the assertion, but the SAMLResponse is showing up in the Network tab as Form Data:

SAMLResponse: PD94bWwgdmVyc2l...

chveragad commented 5 years ago

Any resolution on this one? I am encountering the same from our side but it is only for a specific scenario. It is when from an external website that the post request with the saml response is received that this error is received. This scenario is:

Main website with sso login —> click a link from the main website to invoke another app with post request of saml response —> Service provider (SP)

However the scenario below is fine is fine: SP —> IAM sso login —> SP it is working

Also, is cookie important in the saml response validation?

Regards