providers/saml: improve error handling for signature errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 12:51:42 +02:00 · 2021-06-14 12:51:42 +02:00 · 5b837c3ccc
parent 2580371f94
commit 5b837c3ccc
2 changed files with 3 additions and 3 deletions
--- a/authentik/providers/saml/processors/metadata_parser.py
+++ b/authentik/providers/saml/processors/metadata_parser.py
@ -120,7 +120,7 @@ class ServiceProviderMetadataParser:
                )
                ctx.key = key
                ctx.verify(signature_node)
-            except xmlsec.VerificationError as exc:
+            except xmlsec.Error as exc:
                raise ValueError("Failed to verify Metadata signature") from exc

    def parse(self, raw_xml: str) -> ServiceProviderMetadata:
--- a/authentik/providers/saml/processors/request_parser.py
+++ b/authentik/providers/saml/processors/request_parser.py
@ -108,7 +108,7 @@ class AuthNRequestParser:
                )
                ctx.key = key
                ctx.verify(signature_node)
-            except xmlsec.VerificationError as exc:
+            except xmlsec.Error as exc:
                raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc

        return self._parse_xml(decoded_xml, relay_state)
@ -160,7 +160,7 @@ class AuthNRequestParser:
                    sign_algorithm_transform,
                    b64decode(signature),
                )
-            except xmlsec.VerificationError as exc:
+            except xmlsec.Error as exc:
                raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc
        return self._parse_xml(decoded_xml, relay_state)