Fatal error after update to `robrichards/xmlseclibs`

Created on 20 November 2024, 5 months ago

Problem/Motivation

After updating the Composer dependency `robrichards/xmlseclibs` to version 3.1.2, attempting to authenticate on a Drupal site running the `simplesamlphp_auth` module returns this error:

```
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
2 src/SimpleSAML/Error/ExceptionHandler.php:32 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler)
1 /code/vendor/symfony/error-handler/ErrorHandler.php:538 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: Exception: Failed to decrypt XML element.
Backtrace:
10 /code/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:538 (SAML2\Utils::decryptElement)
9 /code/vendor/simplesamlphp/saml2/src/SAML2/EncryptedAssertion.php:122 (SAML2\EncryptedAssertion::getAssertion)
8 modules/saml/src/Message.php:380 (SimpleSAML\Module\saml\Message::decryptAssertion)
7 modules/saml/src/Message.php:643 (SimpleSAML\Module\saml\Message::processAssertion)
6 modules/saml/src/Message.php:613 (SimpleSAML\Module\saml\Message::processResponse)
5 modules/saml/src/Controller/ServiceProvider.php:310 (SimpleSAML\Module\saml\Controller\ServiceProvider::assertionConsumerService)
4 /code/vendor/symfony/http-kernel/HttpKernel.php:181 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 /code/vendor/symfony/http-kernel/HttpKernel.php:76 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 /code/vendor/symfony/http-kernel/Kernel.php:197 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)
```

Pinning the Composer dependency for `robrichards/xmlseclibs` to 3.1.1 resolves the error.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

4.0

Component

Code

Created by

🇺🇸United States gravelpot

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @gravelpot
Comment 5 months ago →
🇺🇸United States gravelpot
Comment 5 months ago →
🇺🇸United States gravelpot
Update: I also reported this to the maintainers of `simplesamlphp`, and they have identified a commit in the 3.1.2 release of `xmlseclibs` as the root cause. See https://github.com/robrichards/xmlseclibs/commit/158c73571e395d7e50b366e....
Comment 5 months ago →
🇺🇸United States justcaldwell Austin, Texas
Thanks for posting this @gravelpot! Confirming same.

The offending commit was reverted in https://github.com/robrichards/xmlseclibs/releases/tag/3.1.3 -- updating to that release resolves the problem for us.
Comment 4 months ago →
🇨🇭Switzerland berdir Switzerland
Thanks for the heads up, but closing, since there's nothing to do here.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024