default value of <Errors> metadata attribute not used

Description

Just tested blacklisting an IdP. The resulting error page should use metadataError.html template, but uses the generic sessionError.html instead.

used error config in shibboleth2.xml:

<Errors supportContact="<contact-address>" helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/>

Scott already had a look at in and stated this on the mailing list:

Since you're looking at the code, the bug is here: // If there's still no template to use, just use pageError.html unless it's an access issue. string fname; if (!pathname.first) { if (!accesserror) { fname = string(page) + "Error.html"; pathname.second = fname.c_str(); } } else { fname = pathname.second; } There's no check for the mderror boolean, and so it doesn't default to using "metadata" as the page name in that final bit of code.

Environment

Ubuntu trusty, libapache2-mod-shib2 version 2.5.2+dfsg-2

Activity

Show:

Rod Widdowson January 29, 2018 at 5:41 PM

Cherry picked into master

Scott Cantor November 13, 2017 at 2:09 AM

Opening back up, over to Rod to apply to master.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Rod Widdowson

Reporter

Fix versions

Affects versions

Created January 6, 2017 at 1:23 PM
Updated July 17, 2018 at 2:48 PM
Resolved January 29, 2018 at 5:41 PM

Flag notifications