Univention Bugzilla – Attachment 10711 Details for
Bug 52888
saml message is not updated in umc-server process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
0001-Bug-52888-fix-saml-message-is-not-updated-in-umc-ser.patch (text/plain), 2.16 KB, created by
Jürn Brodersen
on 2021-04-30 10:26:07 CEST
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Jürn Brodersen
Created:
2021-04-30 10:26:07 CEST
Size:
2.16 KB
patch
obsolete
>From 595bc32e2be86e1da03cd7c15cb20a4509c92076 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?J=C3=BCrn=20Brodersen?= <brodersen@univention.de> >Date: Fri, 30 Apr 2021 09:52:41 +0200 >Subject: [PATCH] Bug #52888: fix saml message is not updated in umc-server > process >Organization: Univention GmbH, Bremen, Germany > >LDAP authentication with SAML needs a current ticket. The ticket was >never updated in a running module process and no new LDAP connections >could be opened. >Fixed by resetting the umc client authentication state and forcing a >re-authentication if the umc web server got a new ticket. >--- > .../univention-management-console-web-server | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > >diff --git a/management/univention-management-console/univention-management-console-web-server b/management/univention-management-console/univention-management-console-web-server >index a81125fa45..5feb4e08a6 100755 >--- a/management/univention-management-console/univention-management-console-web-server >+++ b/management/univention-management-console/univention-management-console-web-server >@@ -1240,7 +1240,11 @@ class SAML(Ressource): > def attribute_consuming_service(self, binding, message, relay_state): > response = self.acs(message, binding) > saml = SAMLUser(response, message) >- self.set_session(self.create_sessionid(), saml.username, saml=saml) >+ sessionid = self.create_sessionid() >+ self.set_session(sessionid, saml.username, saml=saml) >+ client = UMCP_Dispatcher.sessions.get(sessionid) >+ if client: >+ client.authenticated = False > > # protect against javascript:alert('XSS'), mailto:foo and other non relative links! > location = urlparse(relay_state) >@@ -1256,6 +1260,9 @@ class SAML(Ressource): > saml = SAMLUser(response, message) > sessionid = self.create_sessionid() > self.set_session(sessionid, saml.username, saml=saml) >+ client = UMCP_Dispatcher.sessions.get(sessionid) >+ if client: >+ client.authenticated = False > cherrypy.response.headers['Content-Type'] = 'text/html' > data = {"status": 200, "result": {"username": saml.username}} > return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),) >-- >2.27.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10711">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52888
: 10711 |
10839