Univention Bugzilla – Bug 56173
SAML Traceback if DC Master time is not synchronized
Last modified: 2024-01-12 10:08:47 CET
+++ This bug was initially created as a clone of Bug #45560 +++ Opened a new bug since the old one was fixed for 5.0 Version: 5.0-3 errata668 Error: Traceback (most recent call last): File "%PY3%/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "%PY3%/cherrypy/lib/encoding.py", line 220, in __call__ self.body = self.oldhandler(*args, **kwargs) File "%PY3%/cherrypy/_cpdispatch.py", line 60, in __call__ return self.callable(*self.args, **self.kwargs) File "/usr/sbin/univention-management-console-web-server", line 1259, in index return acs(binding, message, relay_state) File "/usr/sbin/univention-management-console-web-server", line 1267, in attribute_consuming_service response = self.acs(message, binding) File "/usr/sbin/univention-management-console-web-server", line 1400, in acs response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries) File "%PY3%/saml2/client_base.py", line 702, in parse_authn_request_response binding, **kwargs) File "%PY3%/saml2/entity.py", line 1170, in _parse_response response = response.verify(keys) File "%PY3%/saml2/response.py", line 1018, in verify if self.parse_assertion(keys): File "%PY3%/saml2/response.py", line 930, in parse_assertion if not self._assertion(assertion, False): File "%PY3%/saml2/response.py", line 803, in _assertion if not self.condition_ok(): File "%PY3%/saml2/response.py", line 593, in condition_ok validate_before(conditions.not_before, self.timeslack) File "%PY3%/saml2/validate.py", line 110, in validate_before "<= notbefore=%s" % (now_str, slack, not_before)) saml2.validate.ToEarly: Can't use response yet: (now=2023-16-18T07:16:36Z + slack=0) <= notbefore=2023-05-18T07:16:37.782Z Role: domaincontroller_backup
2024010321000159 5.0-6 errata713 has been a recurring item, since for ever. Traceback (most recent call last): File "%PY3%/tornado/web.py", line 1595, in _execute result = yield result File "%PY3%/tornado/gen.py", line 1133, in run value = future.result() File "%PY3%/univention/management/console/saml.py", line 232, in get await acs(binding, message, relay_state) File "%PY3%/univention/management/console/saml.py", line 237, in attribute_consuming_service response = self.parse_authn_response(message, binding) File "%PY3%/univention/management/console/saml.py", line 324, in parse_authn_response response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries) File "%PY3%/saml2/client_base.py", line 702, in parse_authn_request_response binding, **kwargs) File "%PY3%/saml2/entity.py", line 1170, in _parse_response response = response.verify(keys) File "%PY3%/saml2/response.py", line 1018, in verify if self.parse_assertion(keys): File "%PY3%/saml2/response.py", line 930, in parse_assertion if not self._assertion(assertion, False): File "%PY3%/saml2/response.py", line 803, in _assertion if not self.condition_ok(): File "%PY3%/saml2/response.py", line 593, in condition_ok validate_before(conditions.not_before, self.timeslack) File "%PY3%/saml2/validate.py", line 110, in validate_before "<= notbefore=%s" % (now_str, slack, not_before)) saml2.validate.ToEarly: Can't use response yet: (now=2024-32-03T14:32:11Z + slack=0) <= notbefore=2024-01-03T14:32:55Z