From 141a9a339345d8a54eaa636d9ad619b72ab12679 Mon Sep 17 00:00:00 2001 From: ThibaultHerard Date: Mon, 10 Oct 2022 09:26:22 +0000 Subject: [PATCH] feat(saml): fix to prevent null user id Signed-off-by: ThibaultHerard --- selfservice/strategy/saml/strategy_auth.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/selfservice/strategy/saml/strategy_auth.go b/selfservice/strategy/saml/strategy_auth.go index 2b7af9c380ee..15f422f0d48d 100644 --- a/selfservice/strategy/saml/strategy_auth.go +++ b/selfservice/strategy/saml/strategy_auth.go @@ -13,6 +13,11 @@ import ( // Handle SAML Assertion and process to either login or register func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider Provider, claims *Claims) (*flow.Flow, error) { + // If the user'ID is null, we have to handler error + if claims.Subject == "" { + return nil, s.handleError(w, r, loginFlow, provider.Config().ID, nil, errors.New("the user ID is empty: the problem probably comes from the mapping between the SAML attributes and the identity attributes")) + } + // This is a check to see if the user exists in the database i, c, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), identity.CredentialsTypeSAML, uid(provider.Config().ID, claims.Subject))