Uploaded image for project: 'mod-login-saml'
  1. mod-login-saml
  2. MODLOGSAML-46

Error saving SSO setings.Take 2. "Response content-type is not XML"

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • P2
    • Resolution: Done
    • None
    • 1.2.2
    • Concorde - Sprint 69
    • Prokopovych

    Description

      Overview: FOLIO throws an error if you save an Identity Provider URL that returns a content type header of application/xml;charset=UTF-8

      Steps to Reproduce:

      1. Login to a FOLIO instance.
      2. Go to Settings>organization>SSO settings
      3. put in a URL that returns a header with content-type application/xml;charset=UTF-8 (ask ttolstoy for that URL)
      4. Add some data in the other fields in order to prevent form warnings
      5. If Identity Provider URL field is red, remove one character from the url and then type it back. Now you should be able to hit save.
      6. Click save
        Expected Results: The SSO configuration is successfully saved.

      Actual Results: Error is returned, saying "Response content-type is not XML"

      Additional Information:
      Hitting the URL, you can see that the content-type returned is application/samlmetadata+xml Allowing that one together would most likely solve the issue.

      Seems to me that row 40 in https://github.com/folio-org/mod-login-saml/blob/master/src/main/java/org/folio/util/UrlUtil.javaUrlUtil.java should be a bit more allowing. Perhaps a "contains" instead of the endsWith. Or even better, to check if the actual response is valid XML.

      TestRail: Results

        Attachments

          Issue Links

            clones

            Bug - A problem which impairs or prevents the functions of the product. UIORG-72 Error saving SSO setings. "Response content-type is not XML"

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. MODLOGSAML-40 api fails to validate idpurl if the content type contains charset

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. MODLOGSAML-30 Consider to enhance checkIdpUrl by more than HTTP header

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                Unassigned Unassigned
                ttolstoy Theodor (EBSCO)
                Theodor (EBSCO) Theodor (EBSCO)
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases