You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Login to SelfService with a registered WebAuthn or Tiqr token
Use "test a token" to start an authentication for the token
Cancel the authentication at the GSSP (I.e. tiqr or Webauthn)
SelfService shows a text screen with Authentication failure: An authentication exception occurred.: "Failed SAMLResponse parsing".
<samlp:Responsexmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"ID="_d77910bf1d874435f6a2b85a5eba2202b37e31dd31e1fc92f665d263b4b6"Version="2.0"IssueInstant="2024-11-27T16:50:18Z"Destination="https://sa.acc.surfconext.nl/authentication/consume-assertion"InResponseTo="_049c3a74586890564379c4efa7980538e29630f28209fc1e67576a116151"
>
<saml:Issuer>https://sa-gw.acc.surfconext.nl/authentication/metadata</saml:Issuer>
<samlp:Status>
<samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Responder">
<samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" />
</samlp:StatusCode>
<samlp:StatusMessage>Cannot process response, preconditions not met: "Responder/AuthnFailed User cancelled the request"</samlp:StatusMessage>
</samlp:Status>
</samlp:Response>
SelfService logs:
selfservice[790]: {"message":"No authenticated user and AuthnRequest pending, attempting to process SamlResponse","context":{"sari":"_049c3a74586890564379c4efa7980538e29630f28209fc1e67576a116151"},"level":250,"level_name":"NOTICE","channel":"app","datetime":"2024-11-27T17:50:18+01:00","extra":{"server":"sa.acc.surfconext.nl","application":"self-service","request_id":"17750d8d7bd1c9a9855e36ecac2f9db5"}}
selfservice[790]: {"message":"SAML Authentication failed at IdP: \"Cannot process response, preconditions not met: \"Responder/AuthnFailed Cannot process response, preconditions not met: \"Responder/AuthnFailed User cancelled the request\"\"\"","context":{"sari":"_049c3a74586890564379c4efa7980538e29630f28209fc1e67576a116151"},"level":250,"level_name":"NOTICE","channel":"app","datetime":"2024-11-27T17:50:18+01:00","extra":{"server":"sa.acc.surfconext.nl","application":"self-service","request_id":"17750d8d7bd1c9a9855e36ecac2f9db5"}}
selfservice[790]: {"message":"Authentication failure: An authentication exception occurred.: \"Failed SAMLResponse parsing\"","context":{},"level":250,"level_name":"NOTICE","channel":"app","datetime":"2024-11-27T17:50:18+01:00","extra":{"server":"sa.acc.surfconext.nl","application":"self-service","request_id":"17750d8d7bd1c9a9855e36ecac2f9db5"}}
Expected result:
The user should be redirected back to the token overview and the status (user canceled) is shown in the banner. If something actually was wrong with the response, a proper error page must be shown, not a white screen with some text.
The SAML Response seems correct, so parsing it should not fail.
The logs sown no error
The text was updated successfully, but these errors were encountered:
Reproduce:
SelfService shows a text screen with
Authentication failure: An authentication exception occurred.: "Failed SAMLResponse parsing"
.SelfService logs:
Expected result:
The text was updated successfully, but these errors were encountered: