Univention Bugzilla – Bug 43384
SAML login can't check why login failed anymore (password expired., etc)
Last modified: 2020-11-02 13:35:21 CET
The saml login fails with Unknown User/Wrong Password if the password is expired. This happens because a ldap bind with an expired password is not possible anymore. See Bug 36215. The exception is thrown by: univention-saml/simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php "$attributes = $this->ldapConfig->login($username, $password, $sasl_args);"
I disabled the according test cases: ucs-test (7.0.10-4): r76015 | Bug #43384: disable test case
Created attachment 8383 [details] proposed patch I put the account expiry checks in an extra function and check if a login might be possible before trying to login.
(In reply to Jürn Brodersen from comment #2) > Created attachment 8383 [details] > proposed patch > > I put the account expiry checks in an extra function and check if a login > might be possible before trying to login. Nice! Can you please make the following adjustments and apply the patch? 1. The login method should be above of the new method is_login_possible(). 2. Please add a try-except around ->login() and only execute is_login_possible() in the except block (and rename the method into something like get_user_attributes()).
r76174 r76182 Successful build Package: univention-saml Version: 4.0.2-4A~4.2.0.201701301505 Branch: ucs_4.2-0 r76187: enabled tests Successful build Package: ucs-test Version: 7.0.10-12A~4.2.0.201701301550 Branch: ucs_4.2-0
Created attachment 8398 [details] patch In case LDAP bind succeeds with expired user account the check should also be performed. proposed patch attached.
r76408: Always check for expired password/user Package: univention-saml Version: 4.0.3-2A~4.2.0.201702031627 Branch: ucs_4.2-0 76410: Fixed timezone in saml test Package: ucs-test Version: 7.0.11-2A~4.2.0.201702031633 Branch: ucs_4.2-0
OK: SAML login with expired passwords show correct error message OK: ucs-tests
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".