Bug 39921 - Single sign on fails if server has time in the past
Single sign on fails if server has time in the past
Status: CLOSED WORKSFORME
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.1-x
Assigned To: UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-12 18:40 CET by Florian Best
Modified: 2022-05-09 17:36 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): SAML
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (1.53 KB, patch)
2015-12-14 18:58 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2015-11-12 18:40:08 CET
When trying to single sign on on a DC slave with a date in the past the following traceback occurs:

The server encountered an unexpected condition which prevented it from fulfilling the request.

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 656, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 188, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 34, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1141, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1151, in attribute_consuming_service
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1261, in acs
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 573, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 949, in _parse_response
    response = response.verify(key_file)
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 853, in verify
    res = self._verify()
  File "/usr/lib/python2.7/dist-packages/saml2/response.py", line 391, in _verify
    assert self.issue_instant_ok()
AssertionError
Comment 1 Florian Best univentionstaff 2015-12-14 18:58:22 CET
Created attachment 7372 [details]
patch

Patch, which displays a user friendly error message.
Comment 2 Stefan Gohmann univentionstaff 2019-01-03 07:18:57 CET
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
Comment 3 Florian Best univentionstaff 2022-05-09 17:36:07 CEST
fixed via git:6247389ecdaf818985737d764d018aa0b692066f