Attachment 10711 Details for Bug 52888

[patch] Proposed patch

0001-Bug-52888-fix-saml-message-is-not-updated-in-umc-ser.patch (text/plain), 2.16 KB, created by Jürn Brodersen on 2021-04-30 10:26 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Jürn Brodersen

Created: 2021-04-30 10:26 CEST

Size: 2.16 KB

patch

obsolete

>From 595bc32e2be86e1da03cd7c15cb20a4509c92076 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?J=C3=BCrn=20Brodersen?= <brodersen@univention.de>
>Date: Fri, 30 Apr 2021 09:52:41 +0200
>Subject: [PATCH] Bug #52888: fix saml message is not updated in umc-server
> process
>Organization: Univention GmbH, Bremen, Germany
>
>LDAP authentication with SAML needs a current ticket. The ticket was
>never updated in a running module process and no new LDAP connections
>could be opened.
>Fixed by resetting the umc client authentication state and forcing a
>re-authentication if the umc web server got a new ticket.
>---
> .../univention-management-console-web-server             | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
>diff --git a/management/univention-management-console/univention-management-console-web-server b/management/univention-management-console/univention-management-console-web-server
>index a81125fa45..5feb4e08a6 100755
>--- a/management/univention-management-console/univention-management-console-web-server
>+++ b/management/univention-management-console/univention-management-console-web-server
>@@ -1240,7 +1240,11 @@ class SAML(Ressource):
> 	def attribute_consuming_service(self, binding, message, relay_state):
> 		response = self.acs(message, binding)
> 		saml = SAMLUser(response, message)
>-		self.set_session(self.create_sessionid(), saml.username, saml=saml)
>+		sessionid = self.create_sessionid()
>+		self.set_session(sessionid, saml.username, saml=saml)
>+		client = UMCP_Dispatcher.sessions.get(sessionid)
>+		if client:
>+			client.authenticated = False
> 
> 		# protect against javascript:alert('XSS'), mailto:foo and other non relative links!
> 		location = urlparse(relay_state)
>@@ -1256,6 +1260,9 @@ class SAML(Ressource):
> 		saml = SAMLUser(response, message)
> 		sessionid = self.create_sessionid()
> 		self.set_session(sessionid, saml.username, saml=saml)
>+		client = UMCP_Dispatcher.sessions.get(sessionid)
>+		if client:
>+			client.authenticated = False
> 		cherrypy.response.headers['Content-Type'] = 'text/html'
> 		data = {"status": 200, "result": {"username": saml.username}}
> 		return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),)
>-- 
>2.27.0
>

Actions: View | Diff

Attachments on bug 52888: 10711 | 10839