Bug 40787 – SAML tests fail in AD member setups

Bug 40787 - SAML tests fail in AD member setups


Summary:	SAML tests fail in AD member setups

Status:	NEW

Product:	UCS Test
Classification:	Unclassified
Component:	SAML
Version:	unspecified
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-02-27 14:34 CET by Stefan Gohmann
Modified:	2018-10-23 11:30 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2016-02-27 14:34:55 CET

The SAML tests mostly fail in AD member setups.

 [2016-02-26 18:10:48.521082]GET SAML login form at: https://admember226.AutoTest226.local/univention-management-console/saml/
[2016-02-26 18:10:49.381208]### FAIL ###
[2016-02-26 18:10:49.381264]Problem while reaching login dialog
[2016-02-26 18:10:49.381278]Wrong status code: 500, expected: 200
[2016-02-26 18:10:49.381311]###      ###

Comment 1 Stefan Gohmann

2016-02-29 07:04:52 CET

The following error message is shown if more debug is activated:

        <h2>Nicht abgefangene Code-Exception</h2>

Eine nicht abgefangene Code-Exception ist aufgetreten.
        <div class="trackidtext">
                Falls Sie diesen Fehler melden, teilen Sie bitte ebenfalls diese Tracking ID mit, dadurch ist es dem Administrator mÃ¶glich ihre Sitzung in den Logs zu finden:         <span class="trackid">981a159e81</span>
        </div>


                <h2>Debug Information</h2>
                <p>Die unten angegebene Debug-Information kann von Interesse fÃ¼r den Administrator oder das Helpdesk sein:</p>

                <div style="border: 1px solid #eee; padding: 1em; font-size: x-small">
                        <p style="margin: 1px">SimpleSAML_Error_Error: UNHANDLEDEXCEPTION</p>
                        <pre style=" padding: 1em; font-family: monospace; ">Backtrace:
1 /usr/share/simplesamlphp/www/_include.php:37 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: Exception: Unable to validate Signature
Backtrace:
6 /usr/share/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:157 (SAML2_Utils::validateSignature)
5 [builtin] (call_user_func)
4 /usr/share/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/Message.php:221 (SAML2_Message::validate)
3 /usr/share/simplesamlphp/modules/saml/lib/Message.php:194 (sspmod_saml_Message::checkSign)
2 /usr/share/simplesamlphp/modules/saml/lib/Message.php:251 (sspmod_saml_Message::validateMessage)
1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:305 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:18 (N/A)</pre>
                </div>

Comment 2 Florian Best

2016-02-29 13:00:46 CET

Maybe you can attach join.log /etc/apache2/sites-enabled/univention-saml /usr/share/univention-management-console/saml/idp/ucs-sso.*.xml and md5sum /etc/univention/ssl/ucs-sso.*/* /etc/simplesamlphp/ucs-sso.*.

Comment 3 Stefan Gohmann

2016-03-01 19:29:48 CET

ucs-test r67824:
* 82_saml/samltest.py: Added more debug (Bug #40787)

Comment 4 Stefan Gohmann

2016-03-04 07:29:17 CET

I've disabled various SAML tests in AD member mode: r67891

Comment 5 Jürn Brodersen

2018-10-23 11:30:10 CEST

This might be related to bug 47700