Univention Bugzilla – Bug 42174
Outsource UMC login into separate and global login page
Last modified: 2020-11-26 21:35:07 CET
The UMC login should be available on a single HTML page (instead of integrated into the UMC Javascript application). It should by default use the Single-Sign-On login. The login should be integrated into the menu. Browsers should be able to store the password.
Created attachment 8261 [details] Screenshot Amazon login Idea: it would be nice if we could show, e.g., a banner for the Univention summit on that login page. See attached screenshot for Amazon as an example.
We agreed on the following details for now... Login at UMC server directly: * The session ID will be valid for 8h by default, session information (including credentials) will be stored in the umc-web-server. * The "session socket" between umc-web-server and umc-server will close after the current timeout. It can be re-established if needed using the stored session information. * If the session is not valid anymore (after 8h of inactivity or after UMC web server restart), UMC shows a dialog and will redirect after confirmation to the login site (which may be opened in a separate tab). * If being logged in with 2-factor authentication, the user will be redirected to the login page after 5 minutes of inactivity (as a new token needs to be specified for each authentication request). SSO login via simpleSAMLphp: * If being logged in via SAML, it may be necessary for certain requests (e.g., global app center, school installer) to request the username and password. This behaviour is similar to 4.1-x.
@Alex I can remove all animations, right? Where/How to display error messages like?: * Please enable cookies: Browser cookies are necessary for working with Univention Management Console. Please activate cookies in your browser. * Authentication failure: … * The password is expired: … * One time password required: … * Changing password failed: The passwords do not match, please retype again. * Your browser is outdated: Your browser is outdated and should be updated. You may continue to use Univention Management Console but you may experience performance issues and other problems. * Insecure Connection: This network connection is not encrypted. All personal or sensitive data will be transmitted in plain text. Please follow %s this link</a> to use a secure SSL connection. → This one should be only a short link "Secure connection" with a tooltip showing the old text?
(In reply to Florian Best from comment #3) > @Alex > I can remove all animations, right? Please leave the animation of the UCS logo. > Where/How to display error messages like?: As discussed, we can display the various error/info messages as follows: Error messages at login → displayed in red color within the login dialog and below the input fields: * Authentication failure: … * The password is expired: … * The server cannot be reached... * Changing password failed: The passwords do not match, please retype again. * Please enable your browser cookies which are necessary for Univention Services. → This one will be shown prior to entering any information in the input fields Notification for a second step within the login process → text (in black) within the login dialog and above the input fields * One time password required: … * Please enter your new password... General help and info → short text in green below the login dialog: * How do I login? * Forgot your password? Warnings → short paragraphs in red above the "general help and info" messages and below the login dialog * Your browser is outdated! You may experience performance issues and other problems when using Univention Services. * This network connection is not encrypted. Click here for an HTTPS connection.
Another feature that we need: Pre-filled username, e.g., when login for the setup wizard, we need to predefine that username will be "root" (up to now this was possible with username=root in the querystring).
Created attachment 8436 [details] Screenshot login page Error messages are escaped.
I moved some logic from management/main.js into login/main.js and I added a deferred which is returned in login.start(). univention-management-console (9.0.38-3): r76988 | Bug #42174: Return deferred in login/start() + move logic into login
univention-updater (12.0.3-7A~4.2.0.201702221826) r77007: changed dependency from "umc/login" to "login"
I moved the logic for logout into univention/login/main.js and adapted two other calls in App Center and the domain join module. univention-management-console (9.0.39-5): r77017 | Bug #42174: moved logout logic into login site univention-appcenter (6.0.1-34): r77016 | Bug #42174: adjust call for relogin univention-join (9.0.2-3): r77018 | Bug #42174: adjust call for relogin
I observed in the system setup wizard that pops up after the Debian installer that there was shown a warning "Session timeout! Please login again" (maybe after 5-10min). AFAIS, this should not happen as (a) we discussed that sessions will be open for a longer while and (b) as username + password are given via the QueryString.
I observed sometimes that I was redirected to /univention/login/login.html after entering my credentials at /univention/login. Not sure what could be the reason for that.
I am currently observing that when loading UMC without being logged in, many ucr request are constantly being sent to the backend although 401 status is returned. Reason for this is that umc.tools._request() tries to resend the request again: > return this._request.apply(this, [args]); It seems that the behaviour has been changed. This mechanism used to wait until the login was successful.
TODO: redirection handling after login and logout: get back to the previous location.
AFAIS, the SAML login does not work properly (at least out of the box). In my umc-web-server.log I always find the following errors: > 19.02.17 18:59:54.542 MAIN ( WARN ) : Startup of SAML2.0 service provider failed: > Traceback (most recent call last): > File "/usr/sbin/univention-management-console-web-server", line 1115, in reload > self.__sp = Saml2Client(config_file=self.configfile) > File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 99, in __init__ > Entity.__init__(self, "sp", config, config_file, virtual_organization) > File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 128, in __init__ > self.config = config_factory(entity_type, config_file) > File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 545, in config_factory > conf = SPConfig().load_file(filename) > File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 381, in load_file > return self.load(copy.deepcopy(mod.CONFIG), metadata_construction) > File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 360, in load > self.load_complex(cnf, metadata_construction=metadata_construction) > File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 300, in load_complex > self.load_metadata(cnf["metadata"])) > File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 405, in load_metadata > mds.imp(metadata_conf) > File "/usr/lib/python2.7/dist-packages/saml2/mdstore.py", line 835, in imp > self.load(key, val) > File "/usr/lib/python2.7/dist-packages/saml2/mdstore.py", line 821, in load > _md.load() > File "/usr/lib/python2.7/dist-packages/saml2/mdstore.py", line 596, in load > return self.parse_and_check_signature(_txt) > File "/usr/lib/python2.7/dist-packages/saml2/mdstore.py", line 560, in parse_and_check_signature > self.parse(txt) > File "/usr/lib/python2.7/dist-packages/saml2/mdstore.py", line 409, in parse > self.entities_descr = md.entities_descriptor_from_string(xmlstr) > File "/usr/lib/python2.7/dist-packages/saml2/md.py", line 1859, in entities_descriptor_from_string > return saml2.create_class_from_xml_string(EntitiesDescriptor, xml_string) > File "/usr/lib/python2.7/dist-packages/saml2/__init__.py", line 89, in create_class_from_xml_string > tree = defusedxml.ElementTree.fromstring(xml_string) > File "/usr/lib/python2.7/dist-packages/defusedxml/common.py", line 159, in fromstring > parser.feed(text) > File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1642, in feed > self._raiseerror(v) > File "/usr/lib/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror > raise err > ParseError: syntax error: line 1, column 49 > > 19.02.17 18:59:55.237 MAIN ( ERROR ) : Traceback (most recent call last): > File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond > response.body = self.handler() > File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__ > self.body = self.oldhandler(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/cherrypy/_cperror.py", line 411, in __call__ > raise self > NotFound: (404, "The path '/login/i18n/de/main.json' was not found.")
(In reply to Alexander Kläser from comment #12) > I am currently observing that when loading UMC without being logged in, many > ucr request are constantly being sent to the backend although 401 status is > returned. Reason for this is that umc.tools._request() tries to resend the > request again: > > > return this._request.apply(this, [args]); > > It seems that the behaviour has been changed. This mechanism used to wait > until the login was successful. I added a deferred for now. The new login dialog should return that in the future. r77209: prevent umcpCommand loops during session timeout
Created attachment 8494 [details] current sso login screen The current sso login screen styling needs another iteration * location of textfields * margins * missing: 'how do i login' helptext
It seems a single sign on session timeout is not registered correctly, which leads to the following issue: Login via SSO, wait some time (>10 minutes?) Try to open the app center -> * Endless loading animation * Endless logfile entries multiple times a second: ==> /var/log/univention/management-console-web-server.log <== 06.03.17 13:28:16.415 MAIN ( PROCESS ) : CPGet (192.168.0.249:43348) response status code: 401 06.03.17 13:28:16.415 MAIN ( PROCESS ) : CPGet (192.168.0.249:43348) response message: For using this request a login is required. 06.03.17 13:28:16.415 MAIN ( PROCESS ) : CPGet (192.168.0.249:43348) response result: None ==> /var/log/univention/management-console-server.log <== 06.03.17 13:28:16.552 MODULE ( PROCESS ) : For using this request a login is required. * It seems this opens a new connection each time, which is not terminated, and after a while this traceback is shown: Traceback (most recent call last): File "/usr/sbin/univention-management-console-web-server", line 278, in check_queue File "/usr/sbin/univention-management-console-web-server", line 294, in dispatch File "/usr/sbin/univention-management-console-web-server", line 129, in __init__ File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/client.py", line 116, in __init__ File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/client.py", line 140, in _init_socket File "/usr/lib/python2.7/socket.py", line 187, in __init__ error: [Errno 24] Too many open files
I just observed the following behaviour: * Valid session from VPN access (IP address 10.*.*.*) * Switch to cable access (IP addres 192.*.*.*) * Login via SAML → after entering credentials endless POST loop on ucs-sso * Login via /unvention/login → credentials not accepted, no error message shown and I cannot login Output from umc-web-server.log: > 08.03.17 11:08:58.234 MAIN ( INFO ) : CPAuth/auth: got new auth request (192.*.*.*:58622 <=> ) > 08.03.17 11:08:58.234 MAIN ( INFO ) : auth: request: command=/auth > 08.03.17 11:08:58.234 MAIN ( INFO ) : CPAuth (192.*.*.*:58622) pushed request(0x7fbde6d88a10) to queue(0x7fbde6ec5878) - waiting for response > 08.03.17 11:08:58.258 MAIN ( INFO ) : UMCP_Dispatcher: check_queue: new request: 0x7fbde6d88a10 > 08.03.17 11:08:58.258 MAIN ( WARN ) : The sessionid (ip=10.*.*.*) is not valid for this IP address (192.*.*.*) > 08.03.17 11:08:58.258 MAIN ( INFO ) : CPAuth (192.*.*.*:58622) got response(0x7fbde6d1ff10) from queue(0x7fbde6ec5878): status=401 > 08.03.17 11:08:58.258 MAIN ( PROCESS ) : CPAuth (192.*.*.*:58622) response status code: 401 > 08.03.17 11:08:58.259 MAIN ( PROCESS ) : CPAuth (192.*.*.*:58622) response message: None > 08.03.17 11:08:58.259 MAIN ( PROCESS ) : CPAuth (192.*.*.*:58622) response result: None
Please use the umcLoginLoading CSS class in the body element. You can add it to the body element in univentiontheme/themes/univention/default/includes/header.php and than to saml-config.js: var umcConfig = { deps: [ "login/dialog", "dojo/dom-class" ], callback: function(dialog, domClass) { dialog.renderLoginDialog(); domClass.remove(document.body, 'umcLoginLoading'); } }; And then you need to re-add the class when the form is submitted.
Created attachment 8512 [details] Login screenshot The error message seems to be broken.
* Start at http://<server>/univention/server-overview * Redirect to ucs-sso + log in * Redirect to http://<server>/univention/management → yet it should be /univention/server-overview
I added a patch to change "Nutzer" to "Benutzer". r17387 | Bug #42174: Change German translation "Nutzer" to "Benutzer"
The dependencies for the new package version are incorrect for Debian jessie: --------- 8< ---------- apt-get install simplesamlphp Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: simplesamlphp : Depends: php but it is not installable Depends: php-mcrypt but it is not installable Recommends: php-cli but it is not installable Recommends: php-json but it is not installable E: Unable to correct problems, you have held broken packages. --------- 8< ---------- It is probably fine to use the dependencies from the previous version: --------- 8< ---------- apt-cache show simplesamlphp | grep -e Package -e Depends -e Version Package: simplesamlphp Version: 1.14.11-1A~4.2.0.201703101201 Depends: php, php-mcrypt, apache2 | httpd Package: simplesamlphp Version: 1.13.2-1.14.201509241359 Depends: php5, libapache2-mod-php5 | php5-cgi, openssl (>= 0.9.8g), php-xml-parser (>= 1.2.8), zlib1g, php5-mhash, php5-mcrypt, php-openid, apache2 | httpd Package: simplesamlphp Version: 1.9.2-1.12.201403192024 Depends: php5, libapache2-mod-php5 | php5-cgi, openssl (>= 0.9.8g), php-xml-parser (>= 1.2.8), zlib1g, php5-mhash, php5-mcrypt, php-openid, apache2 | httpd --------- 8< ----------
I logged in to UMC via SAML and received the following traceback when opening after a while of inactivity a UDM UMC module: > Traceback (most recent call last): > File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv > self.handle(msg) > File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv > self.handle(msg) > File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 286, in handle > self.__handler.init() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 157, in init > self.settings = UDM_Settings() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 886, in __init__ > self.read() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 889, in read > self._read_directories() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 88, in _decorated > return method(*args, **kwargs) > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 140, in _decorated > kwargs[loarg], kwargs[poarg] = lo, po = getter() > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 130, in getter > conn = connection() > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 53, in connection > bind(lo) > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 173, in bind_user_connection > super(Instance, self).bind_user_connection(lo) > File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 346, in bind_user_connection > lo.lo.bind_saml(self._password) > File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 175, in bind_saml > self.lo.sasl_interactive_bind_s('', saml) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 892, in sasl_interactive_bind_s > res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s > return func(self,*args,**kwargs) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 236, in sasl_interactive_bind_s > return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call > result = func(*args,**kwargs) > INVALID_CREDENTIALS: Die Initialisierung des Moduls ist fehlgeschlagen: Traceback (most recent call last): > File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv > self.handle(msg) > File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 286, in handle > self.__handler.init() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 157, in init > self.settings = UDM_Settings() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 886, in __init__ > self.read() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 889, in read > self._read_directories() > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 88, in _decorated > return method(*args, **kwargs) > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 140, in _decorated > kwargs[loarg], kwargs[poarg] = lo, po = getter() > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 130, in getter > conn = connection() > File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 53, in connection > bind(lo) > File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 173, in bind_user_connection > super(Instance, self).bind_user_connection(lo) > File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 346, in bind_user_connection > lo.lo.bind_saml(self._password) > File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 175, in bind_saml > self.lo.sasl_interactive_bind_s('', saml) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 892, in sasl_interactive_bind_s > res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s > return func(self,*args,**kwargs) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 236, in sasl_interactive_bind_s > return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) > File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call > result = func(*args,**kwargs) > INVALID_CREDENTIALS: {'info': 'SASL(-13): authentication failure: condition NotOnOrAfter 2017-03-10T14:06:00Z, current time is \x88\x02', 'desc': 'Invalid credentials'} > > Die Initialisierung des Moduls ist fehlgeschlagen:
(In reply to Alexander Kläser from comment #25) > I logged in to UMC via SAML and received the following traceback when > opening after a while of inactivity a UDM UMC module: > [...] After making a page reload, everything seems to work fine.
When the session timeout dialog appears, it does not react to pressing <enter> after entering the password
I addressed all points.
I got the wrong error message after I tried to login with a wrong password: """ Ihre Sitzung ist abgelaufen, bitte melden Sie sich erneut an. The authentication has failed, please login again. """
The login/dialog::addLink() method hasa been improved such that it can be called at any point in time (using deferreds) to avoid race conditions. The handling of login/logout events is now much more robust. The login/main module provides now onLogin()/onLogout() event handlers. Especially onLogin() allows now to register a method at any point in time (before or after the initial login) thanks to a deferred being used therein. The 2nd or any later login as well as any logout action triggers the callbacks again. This will work across multiple tabs such that the menu will be updated automatically with the appropriate information. univention-self-service (2.0.9-6): r77660 | Bug #42174: Improve event handling for consecutive login/logout requests univention-web (1.0.36-7): r77659 | Bug #42174: Improve event handling for consecutive login/logout requests univention-management-console-module-passwordchange (2.0.2-7): r77661 | Bug #42174: Improve event handling for consecutive login/logout requests univention-management-console (9.0.60-3): r77658 | Bug #42174: Improve event handling for consecutive login/logout requests r77657 | Bug #42263: adjust login/dialog::addLink() to work more robustly
(In reply to Erik Damrose from comment #27) > When the session timeout dialog appears, it does not react to pressing > <enter> after entering the password Still does not work The issue from comment#19 seems to persist: I changed from our internal network with ip=192.168.0.xxx to our VPN with ip=10.205.1.xxx. The re-login window appears and wants me to enter the password. After i enter it, the popup returns. umc-web-server.log shows 14.03.17 16:45:09.197 MAIN ( PROCESS ) : CPGet (10.205.1.xxx:42336) response result: None 14.03.17 16:45:09.295 MAIN ( WARN ) : The sessionid (ip=192.168.0.xxx) is not valid for this IP address (10.205.1.xxx) 14.03.17 16:45:09.296 MAIN ( PROCESS ) : CPGet (10.205.1.xxx:42340) response status code: 401 14.03.17 16:45:09.296 MAIN ( PROCESS ) : CPGet (10.205.1.xxx:42340) response message: This session is not valid with this requesting IP address. Please relogin. Even pressing F5 to reload UMC does not work.
All points have been addressed again. univention-web (1.0.39-1): r77799 | Bug #42174: fix handling of 401 error r77752 | Bug #42174: adjustments for login dialog r77664 | Bug #42174: Fix build error due to dependency to require r77659 | Bug #42174: Improve event handling for consecutive login/logout requests r77572 | Bug #42174: adjust styling of login error messages r77568 | Bug #42174: adjust styling of login error messages r77438 | Bug #42174: load hooks before executing UMC config callback r77299 | Bug #42174: fix appearence of login notices i.e. expired password notice r77292 | Bug #42174: fix the session timeout and auto relogin handling r77101 | Bug #42174: add minimum height of login dialog r77096 | Bug #42174: login dialog r77095 | Bug #42174: adjust login dialog r77063 | Bug #42174: adjust colors of login error messages / notices r77051 | Bug #42174: fix autologin with query string and error appearance during login dialog r76778 | Bug #42174: adjust styling of login dialog r76774 | Bug #42174: adjust, simplify help/login texts and styling r76759 | Bug #42174: fix/revert login animations r76631 | Bug #42174: styling of login dialog r76548 | Bug #42174: remove SingleSignOn Button widget and related apache configuration r76513 | Bug #42174: correctly decode uri components in getQuery() r76509 | Bug #42174: Add dependency from umc-frontend to umc-login r76508 | Bug #42174: move umc/auth to login/main r76471 | Bug #42174: adjust styling of UMC login r76393 | Bug #42174: re-fix error accessing umc/auth r76392 | Bug #42174: re-fix error accessing umc/auth r76380 | Bug #42174: fix error in setup wizard when accessing umc/auth r76319 | Bug #42174: fix import of umc/auth univention-updater (12.0.4-4): r77007 | Bug #42174: changed dependency from "umc/login" to "login" r76510 | Bug #42174: use umc/login ucs-test (7.0.17-2): r77667 | Bug #42174: adjust SAML tests to use RelayState and Referer r77569 | Bug #42174: adjust SAML tests for styling changes in login dialog univention-join (9.0.3-1): r77018 | Bug #42174: adjust call for relogin univention-management-console (9.0.64-1): r77798 | Bug #42174: make sure relogin is possible after switching networks r77753 | Bug #42174: display a single confirm form for the session timeout dialog r77749 | Bug #42174: preserve username when redirecting to login r77658 | Bug #42174: Improve event handling for consecutive login/logout requests r77604 | Bug #42174: fix redirection handling of login r77599 | Bug #42174: fix SAML session renewal r77598 | Bug #42174: fix redirection location after single sign on login r77597 | Bug #42174: fix error message r77571 | Bug #42174: make it possible to switch language in simplesamlphp login page r77536 | Bug #42174: add standby animation to login dialog r77478 | Bug #42174: fix session timeout after 8 hours when IP changes r77469 | Bug #42174: fix apache configuration r77468 | Bug #42174: don't watch form submits of SAML login dialog r77452 | Bug #42174: Added missing l10n files r77447 | Bug #42174: Integrate translations r77446 | Bug #42174: outsource ProxyPass into own file because univention-saml.conf has problems otherwise r77443 | Bug #42174: outsource ProxyPass into own file because univention-saml.conf has problems otherwise r77440 | Bug #42174: fix login dialog for SAML site r77408 | Bug #42174: fix SAML login r77395 | Bug #42174: Typo r77384 | Bug #42174: ucslint r77383 | Bug #42174: move session timeout into UMC-Server by letting the connection timeout instead of the session r77368 | Bug #42174: cache the session/password for 8 hours in the UMC-Webserver to prevent a session timeout r77339 | Bug #42174; encode username in URI r77326 | Bug #42174: Remove entities.encode() for text with '<br/>' entry r77325 | Bug #42174: Remove entities.encode() for text with '<br/>' entry r77309 | Bug #42174: Add line break to HTTPS warning r77292 | Bug #42174: fix the session timeout and auto relogin handling r77210 | Bug #42174: prevent umcpCommand loops during session timeout r77209 | Bug #42174: prevent umcpCommand loops during session timeout r77102 | Bug #42174: don't translate texts when DOM is rendered. r77098 | Bug #42174: move password forget link into self-service package r77096 | Bug #42174: login dialog r77095 | Bug #42174: adjust login dialog r77067 | Bug #42174: adjust visiblity of error message; prevent that exceptions in topic subscribers can prevent login r77051 | Bug #42174: fix autologin with query string and error appearance during login dialog r77017 | Bug #42174: moved logout logic into login site r76988 | Bug #42174: Return deferred in login/start() + move logic into login r76907 | Bug #42174: remove obsolete entries.json which was only used in SingleSignOnButton r76906 | Bug #42174: remove obsolete entries.json which was only used in r76778 | Bug #42174: adjust styling of login dialog r76774 | Bug #42174: adjust, simplify help/login texts and styling r76764 | Bug #42174: add generic tooltip handling for all footer links r76760 | Bug #42174: fix updating of login form/messages r76637 | Bug #42174: remove python 2.6 folder r76636 | Bug #42174: remove Makefile again, it doesn't build :/ r76635 | Bug #42174: add missing files r76632 | Bug #42174: styling of login dialog r76548 | Bug #42174: remove SingleSignOn Button widget and related apache configuration r76512 | Bug #42174: remove login html structure from index.html r76509 | Bug #42174: Add dependency from umc-frontend to umc-login r76508 | Bug #42174: move umc/auth to login/main r76500 | Bug #42174: 'Authorization' header with invalid credentials doesn't prevent login anymore r76490 | Bug #42174: remove config.js r76471 | Bug #42174: adjust styling of UMC login r76467 | Bug #42174: create initial structure of login page as separate package univention-demo-configuration (5.0.0-3): r76511 | Bug #42174: adjust login dialog path univention-self-service (2.0.10-2): r77660 | Bug #42174: Improve event handling for consecutive login/logout requests r77441 | Bug #42174: fix adding Forgot your password link r77337 | Bug #42174: adjust dependencies r77308 | Bug #42174: Fix "Forgot your password?" link r77098 | Bug #42174: move password forget link into self-service package univention-appcenter (6.0.3-11): r77016 | Bug #42174: adjust call for relogin univention-management-console-module-passwordchange (2.0.2-8): r77666 | Bug #42174: Fix typo in requirements r77661 | Bug #42174: Improve event handling for consecutive login/logout requests univention-saml (4.0.12-1): r77573 | Bug #42174: adjust styling of login dialog r77567 | Bug #42174: adjust styling of error messages r77537 | Bug #42174: adjust visibility of error messages r77470 | Bug #42174: fix SAML login page rendering r77444 | Bug #42174: fix SAML apache configuration r77442 | Bug #42174: fix SAML login page rendering r77387 | Bug #42174: adjust login dialog r76666 | Bug #42174: styling of login dialog r76664 | Bug #42174: styling of login dialog r76633 | Bug #42174: styling of login dialog r76548 | Bug #42174: remove SingleSignOn Button widget and related apache configuration r76545 | Bug #42174: adjust styling of SAML login univention-portal (1.0.8-9): r76664 | Bug #42174: styling of login dialog r76515 | Bug #42174: version bump r76508 | Bug #42174: move umc/auth to login/main
The details of the implementation are notes in comment #2!
Please add a changelog entry.
r78044 | Changelog Bug #42174 Bug #43918
OK. The bug can be closed, if there are issues, we will open new bugs. → VERIFIED
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".