From 595bc32e2be86e1da03cd7c15cb20a4509c92076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrn=20Brodersen?= <brodersen@univention.de>
Date: Fri, 30 Apr 2021 09:52:41 +0200
Subject: [PATCH] Bug #52888: fix saml message is not updated in umc-server
 process
Organization: Univention GmbH, Bremen, Germany

LDAP authentication with SAML needs a current ticket. The ticket was
never updated in a running module process and no new LDAP connections
could be opened.
Fixed by resetting the umc client authentication state and forcing a
re-authentication if the umc web server got a new ticket.
---
 .../univention-management-console-web-server             | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/management/univention-management-console/univention-management-console-web-server b/management/univention-management-console/univention-management-console-web-server
index a81125fa45..5feb4e08a6 100755
--- a/management/univention-management-console/univention-management-console-web-server
+++ b/management/univention-management-console/univention-management-console-web-server
@@ -1240,7 +1240,11 @@ class SAML(Ressource):
 	def attribute_consuming_service(self, binding, message, relay_state):
 		response = self.acs(message, binding)
 		saml = SAMLUser(response, message)
-		self.set_session(self.create_sessionid(), saml.username, saml=saml)
+		sessionid = self.create_sessionid()
+		self.set_session(sessionid, saml.username, saml=saml)
+		client = UMCP_Dispatcher.sessions.get(sessionid)
+		if client:
+			client.authenticated = False
 
 		# protect against javascript:alert('XSS'), mailto:foo and other non relative links!
 		location = urlparse(relay_state)
@@ -1256,6 +1260,9 @@ class SAML(Ressource):
 		saml = SAMLUser(response, message)
 		sessionid = self.create_sessionid()
 		self.set_session(sessionid, saml.username, saml=saml)
+		client = UMCP_Dispatcher.sessions.get(sessionid)
+		if client:
+			client.authenticated = False
 		cherrypy.response.headers['Content-Type'] = 'text/html'
 		data = {"status": 200, "result": {"username": saml.username}}
 		return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),)
-- 
2.27.0