Bug 48560 – SAML Traceback: AttributeError: 'NoneType' object has no attribute 'version'

Bug 48560 - SAML Traceback: AttributeError: 'NoneType' object has no attribute 'version'


Summary:	SAML Traceback: AttributeError: 'NoneType' object has no attribute 'version'

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	SAML
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-01-31 15:13 CET by Johannes Keiser
Modified:	2022-04-19 12:24 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.057
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022041521000278, 2021070321000395, 2021060721000657, 2021030921000677, 2021012021000221, 2019010921001219, 2020061221000032, 2020111721000701, 2021022321000857
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Keiser

2019-01-31 15:13:30 CET

Version: 4.3-3 errata390 (Neustadt)

Internal server error.
The server encountered an unexpected condition which prevented it from fulfilling the request.
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1184, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1194, in attribute_consuming_service
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1314, in acs
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 580, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 1087, in _parse_response
    response = response.verify(keys)
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 964, in verify
    res = self._verify()
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 377, in _verify
    assert self.response.version == "2.0"
AttributeError: 'NoneType' object has no attribute 'version'


Role: domaincontroller_master

Comment 1 Christian Castens

2020-06-26 13:45:02 CEST

reported again:

Version: 4.4-4 errata620 (Blumenthal)

Remark: I attempted to use the integrated SAML authentication to provide authentication for an external service

Traceback(d41d8cd98f00b204e9800998ecf8427e):
Internal server error.
The server encountered an unexpected condition which prevented it from fulfilling the request.
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1178, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1188, in attribute_consuming_service
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1308, in acs
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 580, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 1087, in _parse_response
    response = response.verify(keys)
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 964, in verify
    res = self._verify()
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 377, in _verify
    assert self.response.version == "2.0"
AttributeError: 'NoneType' object has no attribute 'version'


Role: domaincontroller_master

Comment 2 Florian Best

2020-11-19 11:00:52 CET

https://github.com/IdentityPython/pysaml2/issues/603

Happened also today in Jenkins (UCS 4.4-6):

1 times in /var/log/univention/management-console-web-server.log:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1214, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1230, in attribute_consuming_service_iframe
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1342, in acs 
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 580, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 1087, in _parse_response
    response = response.verify(keys)
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 964, in verify
    res = self._verify()
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 377, in _verify
    assert self.response.version == "2.0"
AttributeError: 'NoneType' object has no attribute 'version'

Comment 3 Florian Best

2020-11-19 13:20:47 CET

One example trigger:
curl 'http://localhost/univention/saml/?SAMLResponse=ZYxBC4IwGIb/yucO3WwZBGZTidpBSA3cZUQH0a8S5iYuaj%2B/ne36Pu/zsNyNCj4428HolETrDQHU%0AnekH/UxJ0dRhHO/2YUTyjAXn%2BiTklYNtR7WdkhntZLRFuLGAX3jJK/GHjpUEb3pUCAnOITSyEbwE%0A8hgUJpRSfHfUvtrefAlkd39eJLKVtw6MLucf'

Comment 4 Riya Bhattacharjee

2021-03-02 12:12:47 CET

UCS Version: undefined

Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/sbin/univention-management-console-web-server", line 1214, in index
return acs(binding, message, relay_state)
File "/usr/sbin/univention-management-console-web-server", line 1222, in attribute_consuming_service
response = self.acs(message, binding)
File "/usr/sbin/univention-management-console-web-server", line 1342, in acs
response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 580, in parse_authn_request_response
binding, **kwargs)
File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 1087, in _parse_response
response = response.verify(keys)
File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 975, in verify
if self.parse_assertion(keys):
File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 895, in parse_assertion
if not self._assertion(assertion, False):
File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 780, in _assertion
if not self.condition_ok():
File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 575, in condition_ok
conditions.not_on_or_after, self.timeslack)
File "/usr/lib/python2.7/dist-packages/saml2/validate.py", line 86, in validate_on_or_after
(nooa, now))
Exception: Can't use it, it's too old 1614117730 > 1614121178

Comment 5 Riya Bhattacharjee

2021-03-02 14:59:08 CET

UCS Version: undefined

Traceback (most recent call last):File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/sbin/univention-management-console-web-server", line 1236, in slo
self.sp.handle_logout_response(response)
File "/usr/lib/python2.7/dist-packages/saml2/client.py", line 286, in handle_logout_response
status = self.state[response.in_response_to]
KeyError: 'id-qnYWO8fHJp6A2ihwr'

Traceback (most recent call last):

Comment 6 Riya Bhattacharjee

2021-05-20 15:28:36 CEST

Reported in Ticket number 2021030921000677

Comment 7 Riya Bhattacharjee

2021-06-15 15:07:36 CEST

Reported in ticket# 2021060721000657