More logging for SAML endpoints

2025-09-20 13:05:49 +02:00 · 2024-08-14 20:48:01 -07:00
parent 61b5bd569b
commit f6547a64a0
2 changed files with 22 additions and 4 deletions
--- a/backend/ee/danswer/server/saml.py
+++ b/backend/ee/danswer/server/saml.py
@@ -76,9 +76,13 @@ async def prepare_from_fastapi_request(request: Request) -> dict[str, Any]:
    if request.client is None:
        raise ValueError("Invalid request for SAML")

+    # Use X-Forwarded headers if available
+    http_host = request.headers.get("X-Forwarded-Host") or request.client.host
+    server_port = request.headers.get("X-Forwarded-Port") or request.url.port
+
    rv: dict[str, Any] = {
-        "http_host": request.client.host,
-        "server_port": request.url.port,
+        "http_host": http_host,
+        "server_port": server_port,
        "script_name": request.url.path,
        "post_data": {},
        "get_data": {},
@@ -126,16 +130,20 @@ async def saml_login_callback(
        )

    if not auth.is_authenticated():
+        detail = "Access denied. User was not authenticated"
+        logger.error(detail)
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Access denied. User was not Authenticated.",
+            detail=detail,
        )

    user_email = auth.get_attribute("email")
    if not user_email:
+        detail = "SAML is not set up correctly, email attribute must be provided."
+        logger.error(detail)
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail="SAML is not set up correctly, email attribute must be provided.",
+            detail=detail,
        )

    user_email = user_email[0]