Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-807

views/error.vm sends 500(internal server error) for common (client) errors.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.2.0
    • Component/s: Error Handling
    • Labels:
      None

      Description

      IdP(3.1.2) views/error.vm sends ($response.setStatus(500)) for common client "errors":
      (http://shibboleth.1660669.n2.nabble.com/idp3-quot-Message-was-expired-quot-and-http-status-code-500-td7618738.html)

      • client sends expired saml message:
        "Message was expired: message issue time was '2015-08-30T01:02:40.000Z',
        message expired at: '2015-08-30T01:08:40.000Z', current time:
        '2015-09-04T08:34:07.121+03:00'"
      • replayed message:
        [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:155
        ] - JSESSIONID=..removed.. - Message Handler: Replay detected of message...

      (there are probably other errors that should'nt report http status code 500 to client).
      AFAIK these errors should use 400 or 403 http status codes. (So for example:

      • #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied")
        + #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied" or
        $eventId == "MessageReplay")

      and

      • #elseif ($eventId == "UnableToDecode" || $eventId == "InvalidMessage")
        + #elseif ($eventId == "UnableToDecode" || $eventId == "InvalidMessage" ||
        $eventId == "MessageExpired")

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            jhuuskon@idp.protectnetwork.org jhuuskon@idp.protectnetwork.org
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m