SAML: Not getting error output when running inside PF process

[julsemaan]

Seems the output of the Lasso errors is lost when running inside a PacketFence process

Using a pure perl one line gives the output. Not within pfcmd.

In the example below, the idp.xml file had a bad xml header.

[maml]
description=SAML source
idp_ca_cert_path=/usr/local/pf/conf/ssl/idp-ca.crt
idp_entity_id=https://idp.testshib.org/idp/shibboleth
idp_metadata_path=/usr/local/pf/conf/idp.xml
username_attribute=urn:oid:0.9.2342.19200300.100.1.1
dynamic_routing_module=AuthModule
idp_cert_path=/usr/local/pf/conf/ssl/idp.crt
sp_entity_id=pf-julien.inverse.ca
type=SAML
authorization_source_id=inverse
sp_cert_path=/usr/local/pf/conf/ssl/server.crt
sp_key_path=/usr/local/pf/conf/ssl/server.key

Then the difference between both commands:

# perl -Ilib -Mpf::authentication -e 'print getAuthenticationSource("maml")->sso_url'`

(process:12545): Lasso-CRITICAL **: libxml2: Start tag expected, '<' not found\n

(process:12545): Lasso-WARNING **: 2016-08-11 12:59:26  Cannot load metadata from /usr/local/pf/conf/idp.xml
Can't create Single-Sign-On URL : Failed to add new provider.

# bin/pfcmd saml testsource maml
You should see the SSO URL below, otherwise, there are errors in your configuration:
Can't create Single-Sign-On URL. Check server side logs for details and validate the SAML configuration. at /usr/local/pf/lib/pf/Authentication/Source/SAMLSource.pm line 158.

[julsemaan]

To add to this issue, a valid configuration will succeed when called in non-tainted mode vs tainted (which may explain the lack of output in the commands shown above)

[dwlfrth]

See if there is options to address this with golang