GSSP incoming assertions generate error on selfservice

[phavekes]

This issue is imported from pivotal - Originaly created at Jan 16, 2024 by Bart Geesink

When I test a GSSP authentication, a 500 will be generated when the assertion is posted to the ACS location:authentication/consume-assertion

This is in the logs:

{"message":"Matched route \"selfservice_serviceprovider_consume_assertion\".","context":{"route":"selfservice_serviceprovider_consume_assertion","route_parameters":{"_route":"selfservice_serviceprovider_consume_assertion","_controller":"Surfnet\\StepupSelfService\\SelfServiceBundle\\Controller\\SamlController::consumeAssertion"},"request_uri":"https://sa.test2.surfconext.nl/authentication/consume-assertion","method":"POST"},"level":200,"level_name":"INFO","channel":"request","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"Read existing security token from the session.","context":{"key":"_security_saml_based","token_class":"Surfnet\\SamlBundle\\Security\\Authentication\\Token\\SamlToken"},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"User was reloaded from a user provider.","context":{"provider":"Surfnet\\StepupSelfService\\SelfServiceBundle\\Security\\Authentication\\Provider\\SamlProvider","username":"geesink"},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"Checking for authenticator support.","context":{"firewall_name":"saml_based","authenticators":1},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"Checking support on authenticator.","context":{"firewall_name":"saml_based","authenticator":"Surfnet\\SamlBundle\\Security\\Authentication\\SamlAuthenticator"},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"Uncaught PHP Exception TypeError: \"Surfnet\\SamlBundle\\Security\\Authentication\\Session\\SessionStorage::getRequestId(): Return value must be of type string, null returned\" at SessionStorage.php line 97","context":{"exception":{"class":"TypeError","message":"Surfnet\\SamlBundle\\Security\\Authentication\\Session\\SessionStorage::getRequestId(): Return value must be of type string, null returned","code":0,"file":"/var/www/html/vendor/surfnet/stepup-saml-bundle/src/Security/Authentication/Session/SessionStorage.php:97"}},"level":500,"level_name":"CRITICAL","channel":"request","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}
{"message":"Stored the security token in the session.","context":{"key":"_security_saml_based"},"level":100,"level_name":"DEBUG","channel":"security","datetime":"2024-01-16T07:48:12+00:00","extra":{"server":"sa.test2.surfconext.nl","application":"self-service","request_id":"08934e4aad74397fe9a182b6b6b2c5ca"}}

Similarly a validation with an unknown nonce (https://sa.test2.surfconext.nl/verify-email?n=a341bf2522c000f1208c57d7ee75d591) returns a 404.

[phavekes]

Fixed in: https://www.pivotaltracker.com/story/show/187086931 (Michiel Kodde - Feb 21, 2024)