First Last Prev Next    This bug is not in your last search results.
Bug 56173 - SAML Traceback if DC Master time is not synchronized
SAML Traceback if DC Master time is not synchronized
Status: NEW
Product: UCS
Classification: Unclassified
Component: SAML
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-06-20 14:51 CEST by Maximilian Janßen
Modified: 2024-01-12 10:08 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023051821000171, 2024010321000159
Bug group (optional): External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Maximilian Janßen univentionstaff 2023-06-20 14:51:37 CEST 
+++ This bug was initially created as a clone of Bug #45560 +++

Opened a new bug since the old one was fixed for 5.0

Version: 5.0-3 errata668

Error:
Traceback (most recent call last):
  File "%PY3%/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "%PY3%/cherrypy/lib/encoding.py", line 220, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "%PY3%/cherrypy/_cpdispatch.py", line 60, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1259, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1267, in attribute_consuming_service
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1400, in acs
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "%PY3%/saml2/client_base.py", line 702, in parse_authn_request_response
    binding, **kwargs)
  File "%PY3%/saml2/entity.py", line 1170, in _parse_response
    response = response.verify(keys)
  File "%PY3%/saml2/response.py", line 1018, in verify
    if self.parse_assertion(keys):
  File "%PY3%/saml2/response.py", line 930, in parse_assertion
    if not self._assertion(assertion, False):
  File "%PY3%/saml2/response.py", line 803, in _assertion
    if not self.condition_ok():
  File "%PY3%/saml2/response.py", line 593, in condition_ok
    validate_before(conditions.not_before, self.timeslack)
  File "%PY3%/saml2/validate.py", line 110, in validate_before
    "<= notbefore=%s" % (now_str, slack, not_before))
saml2.validate.ToEarly: Can&#x27;t use response yet: (now=2023-16-18T07:16:36Z + slack=0) <= notbefore=2023-05-18T07:16:37.782Z


Role: domaincontroller_backup
Comment 1 Mika Westphal univentionstaff 2024-01-12 10:08:47 CET 
2024010321000159  5.0-6 errata713    has been a recurring item, since for ever.

Traceback (most recent call last):
  File "%PY3%/tornado/web.py", line 1595, in _execute
    result = yield result
  File "%PY3%/tornado/gen.py", line 1133, in run
    value = future.result()
  File "%PY3%/univention/management/console/saml.py", line 232, in get
    await acs(binding, message, relay_state)
  File "%PY3%/univention/management/console/saml.py", line 237, in attribute_consuming_service
    response = self.parse_authn_response(message, binding)
  File "%PY3%/univention/management/console/saml.py", line 324, in parse_authn_response
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "%PY3%/saml2/client_base.py", line 702, in parse_authn_request_response
    binding, **kwargs)
  File "%PY3%/saml2/entity.py", line 1170, in _parse_response
    response = response.verify(keys)
  File "%PY3%/saml2/response.py", line 1018, in verify
    if self.parse_assertion(keys):
  File "%PY3%/saml2/response.py", line 930, in parse_assertion
    if not self._assertion(assertion, False):
  File "%PY3%/saml2/response.py", line 803, in _assertion
    if not self.condition_ok():
  File "%PY3%/saml2/response.py", line 593, in condition_ok
    validate_before(conditions.not_before, self.timeslack)
  File "%PY3%/saml2/validate.py", line 110, in validate_before
    "<= notbefore=%s" % (now_str, slack, not_before))
saml2.validate.ToEarly: Can't use response yet: (now=2024-32-03T14:32:11Z + slack=0) <= notbefore=2024-01-03T14:32:55Z
First Last Prev Next    This bug is not in your last search results.