-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure that SAML1 and SAML2 names are not empty in attribute's metadata at all times #2417
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
This issue is an enhancement proposal. As was recently discovered while troubleshooting issue 11761, when attribute's metadata's properties "gluuSAML1URI" and "gluuSAML2URI" are not assigned a value, that leads to oxTrust crash during startup, due to its inability to gather all required data to generate configuration files for Shibboleth IDP. The issue has been confirmed for Gluu Server using SQL db for persistence so far.
Steps To Reproduce
Results
oxTrust fails to start, and error like shown below is displayed:
SQL request like this -
select gluuSAML1URI,gluuSAML2URI from gluuAttribute where gluuAttributeName = "birthdate";
returns next output:Conclusion
As these properties seem to be mandatory, it would make sense to add a safeguard to oxTrust's code preventing user from assigning an empty value to them - both from web UI and from oxTrust API. Otherwise it may result in admin locked out of admin console due to some arbitrary configuration edit (that's what happened in the original ticket).
The text was updated successfully, but these errors were encountered: