Univention Bugzilla – Bug 44836
Missing proxy support in Office365 app setup and listener modules
Last modified: 2017-10-11 17:00:31 CEST
Created attachment 8949 [details] initial patch The calls by python-request in the office365 app are missing parameters for proxy settings. If the UCS master is using a proxy server, the initial setup may fail with a traceback, if the domain xml federation data cannot be downloaded: 14.06.17 15:09:02.646 LISTENER ( ERROR ) : o365: Error downloading federation metadata. Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/office365/azure_auth.py", line 371, in _get_azure_certs fed = requests.get(federation_metadata_url.format(tenant_id=tenant_id)) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 52, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 40, in request return s.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 229, in request r.send(prefetch=prefetch) File "/usr/lib/python2.7/dist-packages/requests/models.py", line 627, in send raise ConnectionError(e) ConnectionError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /<removed-customer-tenant-id>/federationmetadata/2007-06/federationmetadata.xml 14.06.17 15:09:02.646 MODULE ( PROCESS ) : Fehler beim herunterladen der Zertifikate nicht von Azure. Bitte führen Sie den Einrichtungsassistent erneut aus.
We also need dont-use-proxy support, in case it's defined in the ENV and should be ignored: import os del os.environ['https_proxy']
The requests module in 4.1 is version 0.12 and cannot properly handle https proxies. In 4.2 it works. A possible workaround for 4.1 is using urllib2: import urllib2 federation_metadata_url = "https://login.microsoftonline.com/{tenant_id}/federationmetadata/2007-06/federationmetadata.xml".format(tenant_id='247b....') req = urllib2.Request(federation_metadata_url) f = urllib2.urlopen(req) f.read()
Proxy-support should be like this: * Default: if set, use http[s]_proxy from ENV or UCR * add UCRVs office365/proxy/http and office365/proxy/https → if existing and empty : ignore defaults from ENV/UCR and do _not_ use a proxy → if existing and filled: ignore defaults from ENV/UCR and use a proxy
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Settings found in the following order will be used: * UCRVs office365/proxy/http(s) * UCRVs proxy/http(s) * environment r82739: small fixes r82740: add http(s) proxy support r82741: update copyright Package: univention-office365 Version: 1.0.1-5A~4.2.0.201709181622 Branch: ucs_4.2-0 Scope: office365
r82779: get proxy configuration when called from wizard (without running AzureAuth.__init__) univention-office365 1.0.1-6A~4.2.0.201710111444
OK: proxy priority office UCRv, system UCRv, env. OK: Ignore proxy setting with office UCRV = ignore OK: proxy in listener and wizard Verified
Published in app version 1.3 (ucs 4.2)