[CI] SamlAuthenticatorTests testSuccessfullyParseContentFromEncryptedAssertion failing

[maxhniebergall]

Build scan: https://gradle-enterprise.elastic.co/s/dsizxhujmx6fi/tests/:x-pack:plugin:security:test/org.elasticsearch.xpack.security.authc.saml.SamlAuthenticatorTests/testSuccessfullyParseContentFromEncryptedAssertion

Reproduction line:

./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authc.saml.SamlAuthenticatorTests.testSuccessfullyParseContentFromEncryptedAssertion" -Dtests.seed=254140F5281C5412 -Dtests.locale=lt -Dtests.timezone=America/Argentina/ComodRivadavia -Druntime.java=22

Applicable branches: 7.17

Reproduces locally?: Didn't try

Failure history: Failure dashboard for org.elasticsearch.xpack.security.authc.saml.SamlAuthenticatorTests#testSuccessfullyParseContentFromEncryptedAssertion&_a=(controlGroupInput:(chainingSystem:HIERARCHICAL,controlStyle:twoLine,ignoreParentSettings:(ignoreFilters:!f,ignoreQuery:!f,ignoreTimerange:!f,ignoreValidations:!t),panels:('0c0c9cb8-ccd2-45c6-9b13-96bac4abc542':(explicitInput:(dataViewId:fbbdc689-be23-4b3d-8057-aa402e9ed0c5,enhancements:(),fieldName:task.keyword,grow:!t,id:'0c0c9cb8-ccd2-45c6-9b13-96bac4abc542',searchTechnique:wildcard,selectedOptions:!(),singleSelect:!t,title:'Gradle%20Task',width:medium),grow:!t,order:0,type:optionsListControl,width:small),'144933da-5c1b-4257-a969-7f43455a7901':(explicitInput:(dataViewId:fbbdc689-be23-4b3d-8057-aa402e9ed0c5,enhancements:(),fieldName:name.keyword,grow:!t,id:'144933da-5c1b-4257-a969-7f43455a7901',searchTechnique:wildcard,selectedOptions:!('testSuccessfullyParseContentFromEncryptedAssertion'),title:Test,width:medium),grow:!t,order:2,type:optionsListControl,width:medium),'4e6ad9d6-6fdc-4fcc-bf1a-aa6ca79e0850':(explicitInput:(dataViewId:fbbdc689-be23-4b3d-8057-aa402e9ed0c5,enhancements:(),fieldName:className.keyword,grow:!t,id:'4e6ad9d6-6fdc-4fcc-bf1a-aa6ca79e0850',searchTechnique:wildcard,selectedOptions:!('org.elasticsearch.xpack.security.authc.saml.SamlAuthenticatorTests'),title:Suite,width:medium),grow:!t,order:1,type:optionsListControl,width:medium)))))

Failure excerpt:

org.elasticsearch.ElasticsearchSecurityException: Rejecting SAML assertion's Authentication Statement because [2024-06-03T13:16:31.322585128Z] is on/after [2024-06-03T13:16:26.612Z]

  at __randomizedtesting.SeedInfo.seed([254140F5281C5412:BCBD115D3A194E0E]:0)
  at org.elasticsearch.xpack.security.authc.saml.SamlUtils.samlException(SamlUtils.java:107)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator.checkAuthnStatement(SamlAuthenticator.java:243)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator.processAssertion(SamlAuthenticator.java:209)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator.extractDetails(SamlAuthenticator.java:163)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator.authenticateResponse(SamlAuthenticator.java:103)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticator.authenticate(SamlAuthenticator.java:63)
  at org.elasticsearch.xpack.security.authc.saml.SamlAuthenticatorTests.testSuccessfullyParseContentFromEncryptedAssertion(SamlAuthenticatorTests.java:239)
  at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
  at java.lang.reflect.Method.invoke(Method.java:580)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:843)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:490)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:850)
  at java.lang.Thread.run(Thread.java:1570)

[elasticsearchmachine]

Pinging @elastic/es-security (Team:Security)

[tvernum]

The test execution stalled for more than two minutes

[2024-06-03T10:15:26,585][INFO ][o.e.x.s.a.s.SamlAuthenticatorTests] [testSuccessfullyParseContentFromEncryptedAssertion] before test [2024-06-03T10:17:31,263][INFO ][o.o.x.a.AlgorithmSupport ] [testSuccessfullyParseContentFromEncryptedAssertion] Mapping from algorithm URI http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p to key length not available

I don't know what BuildKite was doing for those 2 minutes, but it sucked the life out of this test. I'll make the assertions live longer so we're less susceptible to time disappearing on us, but it's pretty depressing that we have to do that.