Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-33770

No error recorded when SAML StatusCode is not Success

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.39.0
    • Fix Version/s: None
    • Component/s: Logging, SAML
    • Labels:
    • Notability:
      n/a

      Description

      SYMPTOM:

      When any SAML user failed to login to Nexus Repository Manager 3, the request.log records "500" status (Internal Server Error) like below:

      192.168.1.1 - - [27/Jun/2022:20:11:39 +0000] "POST /saml HTTP/1.1" 500 6075 78 3 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" [qtp1989468572-14672]
      

      But nothing in nexus.log, which makes troubleshooting this issue very hard.

      EXPECTED BEHAVIOUR:

      As users would think 5xx status code means server side error, nexus.log should record some ERROR to explain why Nexus returned 500.
      For example, if samlp:StatusCode is not "urn:oasis:names:tc:SAML:2.0:status:Success", it would be nice if Nexus logs the value and the StatusMessage as ERROR or WARN.

      ACTUAL BEHAVIOUR:

      No log lines with default configuration, and adding DEBUG for "org.keycloak.saml" logged like below:

      2022-06-27 20:11:39,144+0000 DEBUG [qtp1989468572-14672]  *UNKNOWN org.keycloak.saml.SAMLRequestParser - <samlp:Response Version="2.0" ...(snip)...><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/><samlp:StatusMessage>Signature required</samlp:StatusMessage></samlp:Status></samlp:Response>
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            hosako Hajime Osako
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title