From e69c778fc0a9a1570e2b907021ef6996c6563990 Mon Sep 17 00:00:00 2001
From: Zac Bergquist <zac.bergquist@goteleport.com>
Date: Mon, 22 Apr 2024 15:48:39 +0100
Subject: [PATCH] lib/services/saml: ensure response body is closed (#40725)

---
 lib/services/saml.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/services/saml.go b/lib/services/saml.go
index e0c505fb66f51..2336ed135cbd2 100644
--- a/lib/services/saml.go
+++ b/lib/services/saml.go
@@ -51,10 +51,11 @@ func ValidateSAMLConnector(sc types.SAMLConnector, rg RoleGetter) error {
 		if err != nil {
 			return trace.WrapWithMessage(err, "unable to fetch entity descriptor from %v for SAML connector %v", sc.GetEntityDescriptorURL(), sc.GetName())
 		}
+		defer resp.Body.Close()
+
 		if resp.StatusCode != http.StatusOK {
 			return trace.BadParameter("status code %v when fetching from %v for SAML connector %v", resp.StatusCode, sc.GetEntityDescriptorURL(), sc.GetName())
 		}
-		defer resp.Body.Close()
 		body, err := utils.ReadAtMost(resp.Body, teleport.MaxHTTPResponseSize)
 		if err != nil {
 			return trace.Wrap(err)