feat: log errors on failed logout

omniauth · Jan 20, 2025 · 23ef364 · 23ef364
1 parent ca4d806
commit 23ef364
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
@@ -190,7 +190,7 @@ def handle_logout_request(raw_request, settings)
           logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, RelayState: slo_relay_state)
           redirect(logout_response)
         else
-          raise OmniAuth::Strategies::SAML::ValidationError.new("SAML failed to process LogoutRequest")
+          raise OmniAuth::Strategies::SAML::ValidationError.new("SAML failed to process LogoutRequest (#{logout_request.errors.join(', ')})")
         end
       end
 

diff --git a/spec/omniauth/strategies/saml_spec.rb b/spec/omniauth/strategies/saml_spec.rb
@@ -346,12 +346,13 @@ def post_xml(xml = :example_response, opts = {})
       context "when request is an invalid logout request" do
         before :each do
           allow_any_instance_of(OneLogin::RubySaml::SloLogoutrequest).to receive(:is_valid?).and_return(false)
+          allow_any_instance_of(OneLogin::RubySaml::SloLogoutrequest).to receive(:errors).and_return(['Blank logout request'])
         end
 
         # TODO: Maybe this should not raise an exception, but return some 4xx error instead?
         it "should raise an exception" do
           expect { subject }.
-            to raise_error(OmniAuth::Strategies::SAML::ValidationError, 'SAML failed to process LogoutRequest')
+            to raise_error(OmniAuth::Strategies::SAML::ValidationError, 'SAML failed to process LogoutRequest (Blank logout request)')
         end
       end