Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid Signature error throws browser in redirect loop #398

Open
christian-hawk opened this issue Dec 29, 2021 · 2 comments
Open

Invalid Signature error throws browser in redirect loop #398

christian-hawk opened this issue Dec 29, 2021 · 2 comments
Assignees
@kdhttps
Labels
bug med-priority

Comments

@christian-hawk
Copy link
Contributor

Actual Behaviour

When passport fails do validate encrypted assertion's signature, browser is thrown in loop and keep requesting token and trying to authenticate request.

2021-12-29T17:25:33.608Z [VERBOSE]  Issuing token
2021-12-29T17:25:33.610Z [INFO]     10.10.0.2 - GET /passport/token HTTP/1.1 200 201 - 1.339 ms
2021-12-29T17:25:33.706Z [VERBOSE]  Validating token
2021-12-29T17:25:33.706Z [VERBOSE]  Authenticating request against saml-default
2021-12-29T17:25:33.708Z [INFO]     46.101.228.95 - GET /passport/auth/saml-default/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiI0MjBlMzFkOC02MzA1LTQ4ODYtOTRiNS0yZGJiZTE2Zjc2ZTUiLCJpYXQiOjE2NDA3OTg3MzMsImV4cCI6MTY0MDc5ODg1M30.XFthRiIy1zonq61CS7Kqm23rBerchzg0SSgfDSzorGI HTTP/1.1 200 1870 - 1.965 ms
2021-12-29T17:25:34.572Z [VERBOSE]  Authenticating request against saml-default
2021-12-29T17:25:34.662Z [ERROR]    Error: Error: Invalid signature from encrypted assertion
2021-12-29T17:25:34.662Z [ERROR]    Error: Invalid signature from encrypted assertion

Expected behavior:

Handle error accordingly (message to oxauth error endpoint, maybe?)
@kdhttps
Copy link
Contributor

kdhttps commented Jan 4, 2022

@christian-hawk It only creates a problem when we pass preselectedExternalProvider in auth request. We need to add a fix in authentication scripts.

I found one way. After strategy failed or any other error. Passport redirects to oxauth with failure error in query param like Request URL:https://test.gluu.server.org/oxauth/auth/passport/passportlogin.htm?failure=An error occurred.

we can check if there is failure query param then stop redirection. let me know mate what your thoughts if all ok then I'll update script and make PR for community-edition-setup.

kdhttps added a commit to GluuFederation/community-edition-setup that referenced this issue Jan 6, 2022
@kdhttps
fix(SamlPassportScripts): handle preselectedExternalProvider automati…
21e3a32 
…c redirection problem

gluu-passport issue GluuFederation/gluu-passport#398
@kdhttps kdhttps mentioned this issue Jan 6, 2022
Open
@testadminusercnxy
Copy link

Invalid document signature ERROR

2024-05-31 12:39:15.018+0000 [INFO] Response received
2024-05-31 12:39:15.018+0000 [INFO] Configuration data has been parsed
2024-05-31 12:39:15.018+0000 [DEBUG] entered recreateHttpServer(serverURI=https://xxxxxxx,port=8090
2024-05-31 12:39:15.018+0000 [DEBUG] httpPort = 8090
2024-05-31 12:39:34.026+0000 [VERBOSE] Authenticating request against SAMLTest
2024-05-31 12:39:34.030+0000 [ERROR] Error: Error: Invalid document signature
2024-05-31 12:39:34.030+0000 [ERROR] Error: Invalid document signature
at SAML.validatePostResponseAsync (/opt/gluu/node/passport/node_modules/@node-saml/node-saml/lib/saml.js:510:23)
at runMicrotasks ()
at processTicksAndRejections (node:internal/process/task_queues:96:5)
2024-05-31 12:39:34.031+0000 [INFO] 49.249.100.2 - POST /passport/auth/saml/SAMLTest/callback HTTP/1.1 302 222 - 6.303 ms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kdhttps kdhttps

Labels
bug med-priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kdhttps @christian-hawk @testadminusercnxy