Univention Bugzilla – Bug 56823
unable to logon with SAML if username contains certain special characters
Last modified: 2023-11-14 11:18:47 CET
It is possible to create accounts containing special characters like "š" or "ý" using udm or UMC: root@pdn:~# univention-ldapsearch -LLL gecos="s y" uid dn:: dWlkPcWhw70sY249dXNlcnMsZGM9dHJhaW5pbmcsZGM9dW5pdmVudGlvbixkYz1kZQ== uid:: xaHDvQ== root@pdn:~# echo dWlkPcWhw70sY249dXNlcnMsZGM9dHJhaW5pbmcsZGM9dW5pdmVudGlvbixkYz1kZQ== |base64 -d ; echo uid=šý,cn=users,dc=training,dc=univention,dc=de root@pdn:~# echo xaHDvQ== |base64 -d ; echo šý when trying to login using this account to a SAML-enabled portal the access to /univention/saml is not possible. {"status": 502, "message": "The Univention Management Console Server could not be reached. Please restart univention-management-console-server or try again later. The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p>"} management-console-server.log shows: 14.11.23 10:39:12 ERROR ( 1338) : Uncaught exception POST /univention/saml/ (127.0.0.1) HTTPServerRequest(protocol='https', host='training.univention.de', method='POST', uri='/univention/saml/', version='HTTP/1.1', remote_ip='127.0.0.1') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/tornado/web.py", line 1595, in _execute result = yield result File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run value = future.result() File "/usr/lib/python3/dist-packages/univention/management/console/saml.py", line 232, in get await acs(binding, message, relay_state) File "/usr/lib/python3/dist-packages/univention/management/console/saml.py", line 248, in attribute_consuming_service self.redirect(location, status=303) File "/usr/lib/python3/dist-packages/tornado/web.py", line 719, in redirect self.finish() File "/usr/lib/python3/dist-packages/tornado/web.py", line 1052, in finish future = self.flush(include_footers=True) File "/usr/lib/python3/dist-packages/tornado/web.py", line 994, in flush start_line, self._headers, chunk, callback=callback) File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in write_headers lines.extend(l.encode('latin1') for l in header_lines) File "/usr/lib/python3/dist-packages/tornado/http1connection.py", line 392, in <genexpr> lines.extend(l.encode('latin1') for l in header_lines) UnicodeEncodeError: 'latin-1' codec can't encode character '\u0161' in position 25: ordinal not in range(256) 14.11.23 10:39:12 ERROR ( 1338) : Cannot send error response after headers written