From 836335dc89baef9419959e8cd3df8927107859c2 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 16 Feb 2022 15:04:42 -0700 Subject: [PATCH] Collect All Validation Errors - OpenSaml4AuthenticationProvider now collects all validation errors instead of treating some as their own exception Issue gh-10220 --- .../authentication/OpenSaml4AuthenticationProvider.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java index ffac5f5bf1..afc61af57e 100644 --- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java @@ -380,8 +380,8 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, message)); } if (response.getAssertions().isEmpty()) { - throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, - "No assertions found in response.", null); + result = result.concat( + new Saml2Error(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response.")); } return result; }; @@ -505,10 +505,10 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv if (!responseSigned && !allAssertionsSigned) { String description = "Either the response or one of the assertions is unsigned. " + "Please either sign the response or all of the assertions."; - throw createAuthenticationException(Saml2ErrorCodes.INVALID_SIGNATURE, description, null); + result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, description)); } Assertion firstAssertion = CollectionUtils.firstElement(response.getAssertions()); - if (!hasName(firstAssertion)) { + if (firstAssertion != null && !hasName(firstAssertion)) { Saml2Error error = new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Assertion [" + firstAssertion.getID() + "] is missing a subject"); result = result.concat(error);