Truncate SAML Response in trace log (elastic#51237) (elastic#51283)

When not truncated, a long SAML response XML document can fill max line length and mask the actual exception message that the trace statement is meant to inform about. The same XML Document is also printed in full on trace level in SamlRequestHandler#parseSamlMessage() so there is no loss of information
original-brownbear · Jan 22, 2020 · a763214 · a763214
1 parent 4d0358c
commit a763214
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java b/...security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java
@@ -68,7 +68,8 @@ SamlAttributes authenticate(SamlToken token) {
             try {
                 return authenticateResponse(root, token.getAllowedSamlRequestIds());
             } catch (ElasticsearchSecurityException e) {
-                logger.trace("Rejecting SAML response {} because {}", SamlUtils.toString(root), e.getMessage());
+                logger.trace("Rejecting SAML response [{}...] because {}", Strings.cleanTruncate(SamlUtils.toString(root), 512),
+                    e.getMessage());
                 throw e;
             }
         } else {