SAMLException unclear because of empty string.

[cheggerdev]

Describe the bug
I get an empty SAML Error description "Failed to process SAML assertion: "
In the source authentik/providers/saml/views/flows.py there is:

        try:
            response = AssertionProcessor(provider, request, auth_n_request).build_response()
        except SAMLException as exc:
            Event.new(
                EventAction.CONFIGURATION_ERROR,
                message=f"Failed to process SAML assertion: {str(exc)}",
                provider=provider,
            ).from_http(self.request)
            return self.executor.stage_invalid()

The issue is that {str(exc}} is an empty string.
I think that is because SAMLException has no str method as a look
in the source authentik/sources/saml/exceptions.py reveals:

class SAMLException(SentryIgnoredException):
    """Base SAML Exception"""

Expected behavior
The SAML error message should be clear about what the error actually is.

Screenshots
The screen shows me an Authentik User consent with Message "Request denied"

Logs
authentik-server-1 | {"action": "configuration_error", "auth_via": "session", "client_ip": "10.0.0.15", "context": {"http_request": {"args": {"RelayState": "https://zabbix.domain/index_sso.php", "SAMLRequest": "rVNNb9pAEL3zK5DveI0dlHQFrij0A4mCBaSHXqLxelxWtXfdnXVC+uu7tkmhUeRT92JpZt6bN0/PU4KyqPi8tke1w181kh0M3TuVhSLeNmdebRTXQJK4ghKJW8H3869rHvoBr4y2WujCewXrRwERGiu16mCr5czbbj6ut59Xm4cIbyANx+kY03wcQTqJ8ghDFLchAN5FNwLSPL+NoIN+Q0OOZ+Y5Wm/QsRHVuFJkQVlXD8LJKIhGYXAI7vj4HZ+E3zvo0h0rFdgWfrS2Is4YOCdQWfnTh8J/lAqfwWQjOoKfIYOqKqRoEaw5kv2GNJUnRqRZKlUm1Q9mMJMGhWXdkuTsz4eu3W/LmYP4l8MhGSXb/aEjmb/YtdCK6hLNHs2jFHi/W1+Ud1reku1Y8fTgRPrVsXoPgry4pZ02N/DWLhP/fwOm7Jr/srHiG3f5aplox/Xc1pv3SZsSbL9BTUVmo7wd5daAIunEen9J5kWhnxYGweLMs6ZGb8j+WX0OOWZt5J2fFk92uNBlBUZSkwQ8gbBnhy4uXY8vCpffHeZxb8QFF82cKyfu86RN1mTBGYPZoRFeaWPPFr1J3qlmPbLjwUv7+v+N/wA=", "inspector": "available"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/", "request_id": "8b80e1429b3f416990635973e3dfe303", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0"}, "message": "Failed to process SAML assertion: ", "provider": {"app": "authentik_providers_saml", "model_name": "samlprovider", "name": "Zabbix", "pk": 11}}, "domain_url": "authentik.domain", "event": "Created Event", "host": "authentik.domain", "level": "info", "logger": "authentik.events.models", "pid": 75, "request_id": "8b80e1429b3f416990635973e3dfe303", "schema_name": "public", "timestamp": "2025-03-20T08:19:52.831175", "user": {"email": "email@domain", "pk": 7, "username": "username"}}

Version and Deployment (please complete the following information):

• authentik version: 2025.2.2
• Deployment: docker-compose

Additional context
I use a Let's Encrypt wildcard certificate created with acme.

[sourdusk]

I'm also having this issue, also specifically with Zabbix, which makes me wonder if it isn't a Zabbix issue.

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[cheggerdev]

Issue still exists in 2025.4.1

[seanmuth]

Also running into this on 2025.6.0:

{"action": "configuration_error", "auth_via": "session", "client_ip": "<<>>", "context": {"asn": {"as_org": "<<>>"}, "geo": {<<>>}, "http_request": {"args": {"inspector": "available"}, "method": "GET", "path": "/api/v3/flows/executor/default-provider-authorization-explicit-consent/", "request_id": "01fdaf82e4344a5584f01c1da55a0e82", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"}, "message": "Failed to process SAML assertion: ", "provider": {"app": "authentik_providers_saml", "model_name": "samlprovider", "name": "Provider for Nextcloud", "pk": 4}}, "domain_url": "<<>>", "event": "Created Event", "host": "<<>>", "level": "info", "logger": "authentik.events.models", "pid": 65, "request_id": "01fdaf82e4344a5584f01c1da55a0e82", "schema_name": "public", "timestamp": "2025-06-05T04:11:02.531048", "user": {"email": "<<>>", "pk": 4, "username": "akadmin"}}

(<<>> = redacted)

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[cheggerdev]

Actually, there is PR #15562 waiting for approval...