From 4b967213939da2948edd7c68a8f500ecec75f6d6 Mon Sep 17 00:00:00 2001
From: Brady Wetherington <bwetherington@grokability.com>
Date: Tue, 13 Aug 2024 14:55:13 +0100
Subject: [PATCH 1/2] Attempt to de-escalate SAML login and logout errors

---
 app/Http/Controllers/Auth/SamlController.php | 28 ++++++++++++++------
 app/Services/Saml.php                        |  6 ++---
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/app/Http/Controllers/Auth/SamlController.php b/app/Http/Controllers/Auth/SamlController.php
index 769f90349497..6a4c1f65b050 100644
--- a/app/Http/Controllers/Auth/SamlController.php
+++ b/app/Http/Controllers/Auth/SamlController.php
@@ -99,12 +99,18 @@ public function acs(Request $request)
     {
         $saml = $this->saml;
         $auth = $saml->getAuth();
-        $auth->processResponse();
+        $saml_exception = false;
+        try {
+            $auth->processResponse();
+        } catch (\Exception $e) {
+            Log::warning("Exception caught in SAML login: " . $e->getMessage());
+            $saml_exception = true;
+        }
         $errors = $auth->getErrors();
 
-        if (! empty($errors)) {
-            Log::error('There was an error with SAML ACS: '.implode(', ', $errors));
-            Log::error('Reason: '.$auth->getLastErrorReason());
+        if (!empty($errors) || $saml_exception) {
+            Log::warning('There was an error with SAML ACS: ' . implode(', ', $errors));
+            Log::warning('Reason: ' . $auth->getLastErrorReason());
 
             return redirect()->route('login')->with('error', trans('auth/message.signin.error'));
         }
@@ -132,12 +138,18 @@ public function sls(Request $request)
     {
         $auth = $this->saml->getAuth();
         $retrieveParametersFromServer = $this->saml->getSetting('retrieveParametersFromServer', false);
-        $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true);
+        $saml_exception = false;
+        try {
+            $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true);
+        } catch (\Exception $e) {
+            Log::warning("Exception caught in SAML single-logout: " . $e->getMessage());
+            $saml_exception = true;
+        }
         $errors = $auth->getErrors();
 
-        if (! empty($errors)) {
-            Log::error('There was an error with SAML SLS: '.implode(', ', $errors));
-            Log::error('Reason: '.$auth->getLastErrorReason());
+        if (!empty($errors) || $saml_exception) {
+            Log::warning('There was an error with SAML SLS: ' . implode(', ', $errors));
+            Log::warning('Reason: ' . $auth->getLastErrorReason());
 
             return view('errors.403');
         }
diff --git a/app/Services/Saml.php b/app/Services/Saml.php
index 8202868013ea..7ee60233e539 100644
--- a/app/Services/Saml.php
+++ b/app/Services/Saml.php
@@ -337,12 +337,12 @@ public function getAuth()
     /**
      * Get a setting.
      *
-     * @author Johnson Yi <jyi.dev@outlook.com>
-     *
      * @param string|array|int $key
      * @param mixed $default
      *
-     * @return void
+     * @return mixed
+     *@author Johnson Yi <jyi.dev@outlook.com>
+     *
      */
     public function getSetting($key, $default = null)
     {

From 10f35c682b3c21497801dd32c72f5d6bd1ccaa6a Mon Sep 17 00:00:00 2001
From: Brady Wetherington <bwetherington@grokability.com>
Date: Tue, 13 Aug 2024 15:49:51 +0100
Subject: [PATCH 2/2] Re-add space

---
 app/Services/Saml.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Services/Saml.php b/app/Services/Saml.php
index 7ee60233e539..860ec761717a 100644
--- a/app/Services/Saml.php
+++ b/app/Services/Saml.php
@@ -341,7 +341,7 @@ public function getAuth()
      * @param mixed $default
      *
      * @return mixed
-     *@author Johnson Yi <jyi.dev@outlook.com>
+     * @author Johnson Yi <jyi.dev@outlook.com>
      *
      */
     public function getSetting($key, $default = null)