From 8c6b53873120d6a90d03865e00f16bf06862e374 Mon Sep 17 00:00:00 2001 From: Andrew Ayer Date: Sat, 11 Apr 2020 15:14:15 -0400 Subject: [PATCH 1/2] s2example: include error details in HTTP responses This helps you understand what went wrong. --- s2example/demo.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/s2example/demo.go b/s2example/demo.go index 8ffe814..b6b27e2 100644 --- a/s2example/demo.go +++ b/s2example/demo.go @@ -86,23 +86,23 @@ func main() { http.HandleFunc("/v1/_saml_callback", func(rw http.ResponseWriter, req *http.Request) { err := req.ParseForm() if err != nil { - rw.WriteHeader(http.StatusBadRequest) + http.Error(rw, "Failed to parse form: "+err.Error(), http.StatusBadRequest) return } assertionInfo, err := sp.RetrieveAssertionInfo(req.FormValue("SAMLResponse")) if err != nil { - rw.WriteHeader(http.StatusForbidden) + http.Error(rw, "Failed to retrieve assertion info: "+err.Error(), http.StatusForbidden) return } if assertionInfo.WarningInfo.InvalidTime { - rw.WriteHeader(http.StatusForbidden) + http.Error(rw, "Invalid time", http.StatusForbidden) return } if assertionInfo.WarningInfo.NotInAudience { - rw.WriteHeader(http.StatusForbidden) + http.Error(rw, "Not in audience", http.StatusForbidden) return } From 8ce97fc029779cf956b4d9f7d3bf4e475e8b15f7 Mon Sep 17 00:00:00 2001 From: Andrew Ayer Date: Sat, 11 Apr 2020 15:14:56 -0400 Subject: [PATCH 2/2] s2example: also print the Issuer to provide to Okta One of the fields on the Okta test page is Issuer, and the default value doesn't match the Entity ID in their metadata. You have to change it for the demo to work. --- s2example/demo.go | 1 + 1 file changed, 1 insertion(+) diff --git a/s2example/demo.go b/s2example/demo.go index b6b27e2..5e71ab0 100644 --- a/s2example/demo.go +++ b/s2example/demo.go @@ -129,6 +129,7 @@ func main() { println(authURL) println("Supply:") + fmt.Printf(" Issuer : %s\n", sp.IdentityProviderIssuer) fmt.Printf(" SP ACS URL : %s\n", sp.AssertionConsumerServiceURL) err = http.ListenAndServe(":8080", nil)