From 141a9a339345d8a54eaa636d9ad619b72ab12679 Mon Sep 17 00:00:00 2001
From: ThibaultHerard <thibaultherard10@gmail.com>
Date: Mon, 10 Oct 2022 09:26:22 +0000
Subject: [PATCH] feat(saml): fix to prevent null user id

Signed-off-by: ThibaultHerard <thibaultherard10@gmail.com>
---
 selfservice/strategy/saml/strategy_auth.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/selfservice/strategy/saml/strategy_auth.go b/selfservice/strategy/saml/strategy_auth.go
index 2b7af9c380ee..15f422f0d48d 100644
--- a/selfservice/strategy/saml/strategy_auth.go
+++ b/selfservice/strategy/saml/strategy_auth.go
@@ -13,6 +13,11 @@ import (
 // Handle SAML Assertion and process to either login or register
 func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider Provider, claims *Claims) (*flow.Flow, error) {
 
+	// If the user'ID is null, we have to handler error
+	if claims.Subject == "" {
+		return nil, s.handleError(w, r, loginFlow, provider.Config().ID, nil, errors.New("the user ID is empty: the problem probably comes from the mapping between the SAML attributes and the identity attributes"))
+	}
+
 	// This is a check to see if the user exists in the database
 	i, c, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), identity.CredentialsTypeSAML, uid(provider.Config().ID, claims.Subject))