Hi,
I'm working on the WSO2 public JIRA issue $subject [1].
In the Source code [2], when the SAML2 signature is validated and if
validation exception is catched, then the exception is logged as well as
debug message.
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("SAML Signature validation failed from domain : " +
domainName, e);
}
}
In the Source code [3], if validation exception is catched, then the
exception is logged as a warning message not as a debug message.
} catch (IdentitySAML2SSOException e) {
log.warn("Signature validation failed for the SAML Message :
Failed to construct the X509CredentialImpl for the alias " +
alias, e);
return false;
}
What is the best implementation way for handling this exception?
[1]Better if only warning is shown for signature verification failures (not
the whole exception) <https://wso2.org/jira/browse/IDENTITY-3355>
[2]
https://github.com/wso2-extensions/identity-carbon-auth-saml2/blob/v5.2.3/components/org.wso2.carbon.identity.authenticator.saml2.sso/src/main/java/org/wso2/carbon/identity/authenticator/saml2/sso/SAML2SSOAuthenticator.java#L509
[3]
https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/v5.3.0/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.java#L882
Thanks.
Regards,
*R. Sugirjan*
Software Engineering - Intern | WSO2
Email: [email protected]
Mobile: +94768489892
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
