From 61a876b58244c302136826d552ffd2328f0a0f30 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 23 May 2022 22:02:52 +0200
Subject: [PATCH] providers/saml: handle parse error

AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/saml/processors/request_parser.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/saml/processors/request_parser.py b/authentik/providers/saml/processors/request_parser.py
index 6fbd14ed9..2e8875795 100644
--- a/authentik/providers/saml/processors/request_parser.py
+++ b/authentik/providers/saml/processors/request_parser.py
@@ -3,6 +3,7 @@ from base64 import b64decode
 from dataclasses import dataclass
 from typing import Optional
 from urllib.parse import quote_plus
+from xml.etree.ElementTree import ParseError  # nosec
 
 import xmlsec
 from defusedxml import ElementTree
@@ -175,7 +176,10 @@ class AuthNRequestParser:
                 )
             except xmlsec.Error as exc:
                 raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc
-        return self._parse_xml(decoded_xml, relay_state)
+        try:
+            return self._parse_xml(decoded_xml, relay_state)
+        except ParseError as exc:
+            raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc
 
     def idp_initiated(self) -> AuthNRequest:
         """Create IdP Initiated AuthNRequest"""