Bug 44836 – Missing proxy support in Office365 app setup and listener modules

Bug 44836 - Missing proxy support in Office365 app setup and listener modules


Summary:	Missing proxy support in Office365 app setup and listener modules

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Office 365
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Daniel Tröder
QA Contact:	Erik Damrose

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-06-21 15:20 CEST by Erik Damrose
Modified:	2017-10-11 17:00 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.206
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017061421000535
Bug group (optional):
Max CVSS v3 score:

Attachments
initial patch (2.24 KB, patch) 2017-06-21 15:20 CEST, Erik Damrose	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2017-06-21 15:20:27 CEST

Created attachment 8949 [details]
initial patch

The calls by python-request in the office365 app are missing parameters for proxy settings. If the UCS master is using a proxy server, the initial setup may fail with a traceback, if the domain xml federation data cannot be downloaded:

14.06.17 15:09:02.646  LISTENER    ( ERROR   ) : o365: Error downloading federation metadata.
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/office365/azure_auth.py", line 371, in _get_azure_certs
    fed = requests.get(federation_metadata_url.format(tenant_id=tenant_id))
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 52, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 40, in request
    return s.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 229, in request
    r.send(prefetch=prefetch)
  File "/usr/lib/python2.7/dist-packages/requests/models.py", line 627, in send
    raise ConnectionError(e)
ConnectionError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /<removed-customer-tenant-id>/federationmetadata/2007-06/federationmetadata.xml
14.06.17 15:09:02.646  MODULE      ( PROCESS ) : Fehler beim herunterladen der Zertifikate nicht von Azure. Bitte führen Sie den Einrichtungsassistent erneut aus.

Comment 1 Daniel Tröder

2017-06-22 15:50:26 CEST

We also need dont-use-proxy support, in case it's defined in the ENV and should be ignored:

import os
del os.environ['https_proxy']

Comment 2 Daniel Tröder

2017-06-22 15:52:09 CEST

The requests module in 4.1 is version 0.12 and cannot properly handle https proxies. In 4.2 it works. A possible workaround for 4.1 is using urllib2:

import urllib2                        
federation_metadata_url = "https://login.microsoftonline.com/{tenant_id}/federationmetadata/2007-06/federationmetadata.xml".format(tenant_id='247b....')                 
req = urllib2.Request(federation_metadata_url)
f = urllib2.urlopen(req)
f.read()

Comment 3 Daniel Tröder

2017-06-23 11:24:02 CEST

Proxy-support should be like this:

* Default: if set, use http[s]_proxy from ENV or UCR
* add UCRVs office365/proxy/http and office365/proxy/https
  → if existing and empty : ignore defaults from ENV/UCR and do _not_ use a proxy
  → if existing and filled: ignore defaults from ENV/UCR and use a proxy

Comment 4 Florian Best

2017-06-28 14:52:44 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".

Comment 5 Daniel Tröder

2017-09-18 16:24:26 CEST

Settings found in the following order will be used:
* UCRVs office365/proxy/http(s)
* UCRVs proxy/http(s)
* environment

r82739: small fixes
r82740: add http(s) proxy support
r82741: update copyright

Package: univention-office365
Version: 1.0.1-5A~4.2.0.201709181622
Branch: ucs_4.2-0
Scope: office365

Comment 6 Daniel Tröder

2017-10-11 14:47:19 CEST

r82779: get proxy configuration when called from wizard (without running AzureAuth.__init__)

univention-office365 1.0.1-6A~4.2.0.201710111444

Comment 7 Erik Damrose

2017-10-11 16:45:03 CEST

OK: proxy priority office UCRv, system UCRv, env.
OK: Ignore proxy setting with office UCRV = ignore
OK: proxy in listener and wizard
Verified

Comment 8 Erik Damrose

2017-10-11 17:00:31 CEST

Published in app version 1.3 (ucs 4.2)