Fixes #5079 - TLS verification does ignore timeouts and also runs if …

…deactivated.

app/models/setting/validation/saml/tls.rb

@@ -28,7 +28,9 @@ def check_tls_verification
       }
     )
 
-    return nil if resp.error.nil? || !resp.error.starts_with?('#<OpenSSL::SSL::SSLError')
+    return nil if resp.error.nil?
+
+    Rails.logger.error("SAML: TLS verification failed for '#{url}': #{resp.error}")
 
     __('The verification of the TLS connection failed. Please check the IDP certificate.')
   end

lib/omni_auth/strategies/saml_database.rb

@@ -6,8 +6,6 @@ class OmniAuth::Strategies::SamlDatabase < OmniAuth::Strategies::SAML
   def self.setup
     auth_saml_credentials = Setting.get('auth_saml_credentials') || {}
 
-    verify_tls(auth_saml_credentials)
-
     http_type = Setting.get('http_type')
     fqdn      = Setting.get('fqdn')
 
@@ -47,26 +45,6 @@ def initialize(app, *args, &)
     super
   end
 
-  def self.verify_tls(settings)
-    return if !settings[:ssl_verify]
-
-    url = settings[:idp_sso_target_url]
-    return if !url.starts_with?('https://')
-
-    resp = UserAgent.get(
-      url,
-      {},
-      {
-        verify_ssl: true,
-        log:        { facility: 'SAML' }
-      }
-    )
-
-    return if resp.error.blank? || !resp.error.starts_with?('#<OpenSSL::SSL::SSLError')
-
-    Rails.logger.error { 'SAML: The verification of the TLS connection failed. Please check the IDP certificate.' }
-  end
-
   def self.apply_security_settings(settings)
     security           = settings.delete(:security)           || {}
     private_key        = settings.delete(:private_key)        || ''
@@ -135,7 +113,6 @@ def self.apply_sign_only_settings(settings, security)
     apply_security_default_settings
     apply_encrypt_only_settings
     apply_sign_only_settings
-    verify_tls
   ].freeze
 
   private