From 84db6ccce3d7ed2e022ae592fb37900888d0a76c Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Fri, 27 Aug 2021 16:02:53 +0000
Subject: [PATCH] admin: Do not fail with an Exception if user has enabled
 saml20.idp but no hosted md found

---
 modules/admin/lib/Controller/Config.php | 37 ++++++++++++++++---------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/modules/admin/lib/Controller/Config.php b/modules/admin/lib/Controller/Config.php
index 99f49802e..b94d40f6d 100644
--- a/modules/admin/lib/Controller/Config.php
+++ b/modules/admin/lib/Controller/Config.php
@@ -346,25 +346,36 @@ class Config
         // perform some sanity checks on the configured certificates
         if ($this->config->getBoolean('enable.saml20-idp', false) !== false) {
             $handler = MetaDataStorageHandler::getMetadataHandler();
-            $metadata = $handler->getMetaDataCurrent('saml20-idp-hosted');
-            $metadata_config = Configuration::loadfromArray($metadata);
-            $private = $cryptoUtils->loadPrivateKey($metadata_config, false);
-            $public = $cryptoUtils->loadPublicKey($metadata_config, false);
+            try {
+                $metadata = $handler->getMetaDataCurrent('saml20-idp-hosted');
+            } catch (\Exception $e) {
+                 $matrix[] = [
+                     'required' => 'required',
+                     'descr' => Translate::noop('Hosted IdP metadata present'),
+                     'enabled'=>false
+                 ];
+            }
 
-            $matrix[] = [
-                'required' => 'required',
-                'descr' => Translate::noop('Matching key-pair for signing assertions'),
-                'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']),
-            ];
+            if(isset($metadata)) {
+                $metadata_config = Configuration::loadfromArray($metadata);
+                $private = $cryptoUtils->loadPrivateKey($metadata_config, false);
+                $public = $cryptoUtils->loadPublicKey($metadata_config, false);
 
-            $private = $cryptoUtils->loadPrivateKey($metadata_config, false, 'new_');
-            if ($private !== null) {
-                $public = $cryptoUtils->loadPublicKey($metadata_config, false, 'new_');
                 $matrix[] = [
                     'required' => 'required',
-                    'descr' => Translate::noop('Matching key-pair for signing assertions (rollover key)'),
+                    'descr' => Translate::noop('Matching key-pair for signing assertions'),
                     'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']),
                 ];
+
+                $private = $cryptoUtils->loadPrivateKey($metadata_config, false, 'new_');
+                if ($private !== null) {
+                    $public = $cryptoUtils->loadPublicKey($metadata_config, false, 'new_');
+                    $matrix[] = [
+                        'required' => 'required',
+                        'descr' => Translate::noop('Matching key-pair for signing assertions (rollover key)'),
+                        'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']),
+                    ];
+                }
             }
         }
 
-- 
GitLab