Graceful failure (log) with SSO Connector loading#35528
Conversation
)" This reverts commit 27b79a2.
…nectors from working
jentfoo
requested review from
Joerger,
Tener,
avatus,
codingllama,
lxea,
mdwn,
r0mant,
rosstimothy and
zmb3
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
public-teleport-github-review-bot
Bot
removed request for
Joerger,
Tener,
codingllama,
lxea,
r0mant,
rosstimothy,
stevenGravy and
zmb3
There was a problem hiding this comment.
This looks good to me, I think it would also be good to remove the Validate from Marshall and Unmarshall
Here https://github.com/gravitational/teleport/blob/master/lib/services/saml.go#L306-L308
and here: https://github.com/gravitational/teleport/blob/master/lib/services/saml.go#L328-L330
All the callers where it makes sense to validate do so manually already, and it doesnt seem right to have a http request in a marshaller
codingllama
left a comment
codingllama
left a comment
There was a problem hiding this comment.
A few minor comments.
jentfoo
force-pushed
the
jent/saml_graceful_fail
branch
from
ce08e5e to
b9c4e27
Compare
6 participants
This PR fixes https://github.com/gravitational/security-findings/issues/47
This was originally attempted to be fixed in #34896, however this PR reverts those changes. The validation logic prior to #34896 was correct, and we should not attempt to fix this issue by making validation more lenient.
Instead a second commit provides an alternative fix where the connectors are being looped over and unmarshaled. Errors at that point will be logged rather than returned.
changelog: Fixed bug where configuration errors with an individual SSO connector impacted other connectors.