Bug 39739 - On UCS update not all service provider metadata info will be written
On UCS update not all service provider metadata info will be written
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1
Assigned To: Erik Damrose
Stefan Gohmann
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-03 16:55 CET by Erik Damrose
Modified: 2015-11-17 12:12 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
combined listener and updater.log (299.45 KB, text/x-log)
2015-11-03 16:55 CET, Erik Damrose
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2015-11-03 16:55:44 CET
Created attachment 7245 [details]
combined listener and updater.log

Attached is a log with listener and updater log combined. The listener is unable to write the simplesamlphp metadata information and complains about wrong php syntax.
After the update, the Backup server is not configured for any service providers.

Addtitional question: why is the listener trying to write the config for backup.ucs.local? The serviceprovider object should be created in 92univention-management-console-web-server.inst, but it is obviously avaible earlier
Comment 1 Erik Damrose univentionstaff 2015-11-04 11:25:52 CET
After additional log output was added in r65146, the problem is as follows:

"<?php\nYou have not yet created the simpleSAMLphp configuration files.[...]"

The listener includes /usr/share/simplesamlphp/www/admin/metadata-converter.php, which tests via inclusion of _include.php the existence of the configuration. But the config.php file gets written at a later time, during configuration of univention-saml
Comment 2 Erik Damrose univentionstaff 2015-11-04 13:29:58 CET
Resync listener if joinscript has never been executed or if only an old version has been executed.
r65164 univention-saml 3.0.26-3.96.201511041306
interim bug, no changelog

QA: check that after update to 4.1 and new inntallations /etc/simplesamlphp/metadata.d contains configuration files for all domain Master and Backup servers
Comment 3 Stefan Gohmann univentionstaff 2015-11-08 22:01:35 CET
(In reply to Erik Damrose from comment #2)
> QA: check that after update to 4.1 and new inntallations
> /etc/simplesamlphp/metadata.d contains configuration files for all domain
> Master and Backup servers

Installation: OK

Upgrade without previously installed SAML: OK

Upgrade with previously installed SAML: OK
Comment 4 Stefan Gohmann univentionstaff 2015-11-17 12:12:31 CET
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".