Handle a null KeyInfo being passed to the KeySelectorResult during a SAML AuthN response verification
Description
It is possible that the AuthN response does not contain a KeyInfo element. If that is the case we should attempt to use the default configured verification key in the SAML v2 IdP.
Currently if this event occurs we will fail the IdP reconcile and log an Error Event Log.
Unable to parse or validate SAML response. Exception: java.lang.NullPointerException at io.fusionauth.api.security.SAMLKeySelector.select(SAMLKeySelector.java:35) at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:556) at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:268) at io.fusionauth.samlv2.service.DefaultSAMLv2Service.verifyEmbeddedSignature(DefaultSAMLv2Service.java:962) at io.fusionauth.samlv2.service.DefaultSAMLv2Service.parseResponse(DefaultSAMLv2Service.java:596)
Affects versions
TBD
Steps to reproduce
Log into a SAML v2 IdP that does not return a KeyInfo element.
Expected behavior
Attempt to verify the AuthN response using the default verification key.
robotdan
commented
3 years ago
Handle a null KeyInfo being passed to the KeySelectorResult during a SAML AuthN response verification
Description
It is possible that the AuthN response does not contain a KeyInfo element. If that is the case we should attempt to use the default configured verification key in the SAML v2 IdP.
Currently if this event occurs we will fail the IdP reconcile and log an Error Event Log.
Affects versions
TBD
Steps to reproduce
Log into a SAML v2 IdP that does not return a
KeyInfoelement.Expected behavior
Attempt to verify the AuthN response using the default verification key.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Additional context
Add any other context about the problem here.