From 4edb204777b0b5ffe7540e1fb953e57cd2b1669b Mon Sep 17 00:00:00 2001
From: Thomas Darimont <thomas.darimont@googlemail.com>
Date: Tue, 28 May 2024 23:53:13 +0200
Subject: [PATCH] Add reason details in event before error event is submitted
 for broken SAML requests (#29948)

Previously the reason was omitted in the details because it was set after the event was already submitted.

Fixes #29948

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
---
 .../src/main/java/org/keycloak/protocol/saml/SamlService.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
index dca9bb97a9..e8c4cba0eb 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -291,8 +291,8 @@ public class SamlService extends AuthorizationEndpointBase {
                 event.event(EventType.LOGOUT);
             } else {
                 event.event(EventType.LOGIN);
-                event.error(Errors.INVALID_TOKEN);
                 event.detail(Details.REASON, "Unhandled SAML document type: " + (samlObject == null ? "<null>" : samlObject.getClass().getSimpleName()));
+                event.error(Errors.INVALID_TOKEN);
                 return error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
             }