Uncaught Exception: Detected use of DOCTYPE/ENTITY in XML, disabled to prevent

  • meenasekar

    (@meenasekar)


    1 year ago

    Hi,

    We are using the WP SAML AUTH plugin to login to the application. In this plugin, we are getting the following error message when logging in to the application:

    Fatal Error message: Uncaught Exception: Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks in wp-content\plugins\wp-saml-auth\vendor\onelogin\php-saml\src\Saml2\Utils.php:98

    Application details:
    WordPress Version: 6.3
    Php Version: 8.1.24
    Apache version: 2.4.56

    Please help us to resolve this issue.

    • This topic was modified 1 year ago by meenasekar.
Viewing 1 replies (of 1 total)
  • Plugin Contributor Chris Reynolds

    (@jazzs3quence)

    The XML file being read to validate login should not contain a <!DOCTYPE or <!ENTITY value in it as this can be a mechanism by which a bad actor could gain access to your site or a vector by which DDoS attacks could be staged (see https://github.com/SAML-Toolkits/php-saml/releases/tag/2.15.0). This error is telling you that the SAML auth library that the plugin uses found such a value in the XML file being processed and is blocking access as a result.

    I would recommend looking at your configuration and the emitted XML from your IdP to ensure that it does not include unexpected values.

Viewing 1 replies (of 1 total)
  • The topic ‘Uncaught Exception: Detected use of DOCTYPE/ENTITY in XML, disabled to prevent’ is closed to new replies.