Bug 1397650

Summary: AuthnFailed replies are not handled properly
Product: [Community] Bugzilla Reporter: Jeff Fearn 🐞 <jfearn>
Component: ExtensionsAssignee: Bug Bot 🤖 <bugbot>
Extensions sub component: SAML2Auth QA Contact:
Status: NEW --- Docs Contact:
Severity: unspecified    
Priority: low CC: jbastian
Version: 5.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jeff Fearn 🐞 2016-11-23 04:44:59 UTC 
Description of problem:
When you get an AuthnFailed reply from an IDP the message is not handled properly and the user is presented with an incorrect message.

Version-Release number of selected component (if applicable):
5.0

How reproducible:
On IDP AuthnFailed

Steps to Reproduce:
1. Try to login with an IDP that will reply AuthnFailed

Actual results:
 The IDP's reply failed validation: Crypt::OpenSSL::VerifyX509::verify: x509 is not of type Crypt::OpenSSL::X509 at /usr/share/perl5/vendor_perl/Net/SAML2/Binding/POST.pm line 67. 

Expected results:
Your authentication with the IDP has failed with status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed

Additional info:
Comment 1 Jeff Fearn 🐞 2016-11-28 01:05:58 UTC 
Need to check status in Login.pm and set failure = AUTH_LOGINFAILED
Comment 2 Jeff Fearn 🐞 2018-06-26 01:24:30 UTC 
This bug has missed the BZ5 feature freeze and has been bumped to 5.x.