First Last Prev Next    This bug is not in your last search results.
Bug 56823 - unable to logon with SAML if username contains certain special characters
unable to logon with SAML if username contains certain special characters
Status: NEW
Product: UCS
Classification: Unclassified
Component: SAML
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-11-14 11:15 CET by Dirk Ahrnke
Modified: 2023-11-14 11:18 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Ahrnke univentionstaff 2023-11-14 11:15:56 CET 
It is possible to create accounts containing special characters like "š" or "ý"
using udm or UMC:

root@pdn:~# univention-ldapsearch -LLL  gecos="s y" uid
dn:: dWlkPcWhw70sY249dXNlcnMsZGM9dHJhaW5pbmcsZGM9dW5pdmVudGlvbixkYz1kZQ==
uid:: xaHDvQ==

root@pdn:~# echo dWlkPcWhw70sY249dXNlcnMsZGM9dHJhaW5pbmcsZGM9dW5pdmVudGlvbixkYz1kZQ== |base64 -d ; echo
uid=šý,cn=users,dc=training,dc=univention,dc=de
root@pdn:~# echo xaHDvQ== |base64 -d ; echo
šý

when trying to login using this account to a SAML-enabled portal the access to /univention/saml is not possible.

{"status": 502, "message": "The Univention Management Console Server could not be reached. Please restart univention-management-console-server or try again later. The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p>"}

management-console-server.log shows:

14.11.23 10:39:12       ERROR      (     1338) : Uncaught exception POST /univention/saml/ (127.0.0.1)
    HTTPServerRequest(protocol='https', host='training.univention.de', method='POST', uri='/univention/saml/', version='HTTP/1.1', remote_ip='127.0.0.1')
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1595, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/univention/management/console/saml.py", line 232, in get
        await acs(binding, message, relay_state)
      File "/usr/lib/python3/dist-packages/univention/management/console/saml.py", line 248, in attribute_consuming_service
        self.redirect(location, status=303)
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 719, in redirect
        self.finish()
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1052, in finish
        future = self.flush(include_footers=True)
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 994, in flush
        start_line, self._headers, chunk, callback=callback)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in write_headers
        lines.extend(l.encode('latin1') for l in header_lines)
      File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in <genexpr>
        lines.extend(l.encode('latin1') for l in header_lines)
    UnicodeEncodeError: 'latin-1' codec can't encode character '\u0161' in position 25: ordinal not in range(256)
14.11.23 10:39:12       ERROR      (     1338) : Cannot send error response after headers written
First Last Prev Next    This bug is not in your last search results.