search

omniauth / omniauth-saml

A generic SAML strategy for OmniAuth
https://github.com/omniauth/omniauth-saml
Other
331 stars 205 forks source link

rescue OpenSSL::X509::CertificateError #193

Closed sbauch closed 3 years ago

sbauch commented 3 years ago

In QAing an IDP integration, I've run into an issue where, if I persist and use a malformed x509 cert, I'm unable to rescue from that error since it gets raised before hitting my route

something like this doesn't work

post '/saml/:id/callback' do
#...

  attributes = env['omniauth.auth']&.
    extra&.
    response_object&.
    attributes
#...
rescue OpenSSL::X509::CertificateError
  @error = 'Malformed x509 Certificate'
  erb :error
end

I could see this also being addressed upstream in https://github.com/onelogin/ruby-saml or here, but wanted to first see if perhaps I'm misunderstanding something

sbauch commented 3 years ago

I'm validating the x509 cert when it gets persisted to avoid this, which is fine for me