itop saml error when session expired

[Sergi]

Hi,

We are using saml integration and we are running into an error when user's session expires, instead of redirecting to the page with the message "your session has expired, click here to log in again", itop produces an error. Users get a white screen with the message "iTop: An error occurred, check server error log for more information" and the url is xxx.com/iTop/env-production/combodo-saml/acs.php?doNSAUTHPost=1

Users then need to re-write the url to iTop/pages/UI.php to get the message "your session has expired, click here.."

in the error log I can see:

Uncaught OneLogin\Saml2\ValidationError: SAML Response could not be processed in /iTop/env-production/combodo-saml/vendor/onelogin/php-saml/src/Saml2/Response.php:103

and

Uncaught OneLogin\Saml2\Error: SAML Response not found, Only supported HTTP_POST Binding in /iTop/env-production/combodo-saml/vendor/onelogin/php-saml/src/Saml2/Auth.php:246

On the saml.log shows:

POST SAMLResponse is:
<samlp:Response..........<nameid format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">User</nameid><SubjectConfirmation Method="

It ends abruptly.

And this only happens on and open window when your session has expired, doesn´t happen at first log in or when you are in the "your session has expired, click here to log in again".

Any hint will be welcome

Itop 2.7.10
combodo-saml 1.1.2

Regards

[Jeffrey Bostoen]

If the response can't be processed - it may be worth trying to capture it around that line 103 that you're referring to?

Something similar for line 246 - Would be worth checking out if it accidentally makes a GET request somehow.

Since you (with good reason) censored a lot of the SAML response, it's also difficult to know if it's a proper one or at what point it was processed.