Adding a SAML Validation error when there is no registered certs

[Sgtpluck]

🎫 Ticket

Add "No Certs" Error

🛠 Summary of changes

Slack conversation here
Ursula bug ticket here

We have validations in the identity-idp-config repo to prevent partners from deploying non-pkce integrations without certificates to prod. However, we do not have those validations in the Partner Portal (because sometimes a partner doesn't have all the finalized details before creating an integration.)

This means that a partner could attempt to test an integration without a certificate, which currently blows up when we attempt to encrypt the response. This change adds a specific validation to ensure that a requesting service provider has registered a certificate, and if it has not, it returns an error.

[Sgtpluck]

the non-english versions of this error are just the blank_cert_element_req errors. since these will not be seen by users in prod, i think this should be fine (the errors won't make much sense to users in either case) -- but i am asking the UX team if they feel strongly about this.

[Sgtpluck]

they gave me the all-clear!

[h-m-m]

I'm satisfied that this checks for the condition we were concerned about.

As someone who's not too up on IDP, where could I expect to see this error after it happens?

[Sgtpluck]

@h-m-m the error happens in the same error page where you'd see all our current SAML integration errors. if you'd like to test it out:

• check out my branch
• run your local IdP and saml sample application
• go into the rails console and remove the existing cert

sp = ServiceProvider.find_by(issuer: 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost')
certs = sp.certs
sp.update(certs: nil)
# don't exit out! you can re-add the certs after you test it

• try to log in from your local saml app.

cleanup, in the rails console:

sp.update(certs: certs)