Univention Bugzilla – Bug 46186
Test case 82_saml.24_download_certificate.test fails on slaves and member servers in UCS 4.2-3
Last modified: 2018-02-06 16:08:30 CET
The test case 24_download_certificate fails in UCS 4.2-3 on member servers: http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-3/job/AutotestJoin/SambaVersion=s3,Systemrolle=member/lastCompletedBuild/testReport/82_saml/24_download_certificate/test/ [2018-01-30 02:29:58.917435] ### FAIL ### [2018-01-30 02:29:58.917512] The ucr key saml/idp/entityID is not set [2018-01-30 02:29:58.917569] ### ### +++ This bug was initially created as a clone of Bug #44704 +++ Testsystem: 10.200.6.100 root@kopano:~# univention-app info UCS: 4.2-0 errata10 App Center compatibility: 4 Installed: kopano-core=8.2.1.530-2 kopano-webapp=3.2.0.335-19.1-2 samba4=4.6 4.1/openproject=5.0.17 Upgradable: ---------------------- Openproject is not reachable via "http://10.200.6.100/openproject/" and "https://10.200.6.100/openproject/" with Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /openproject/. Reason: Error reading from remote server ----------------------- Seems to happen in all SSO-ready apps (confirmed for owncloud, egroupware and openproject). ----------------------- Apache.log [Tue May 16 02:38:20.923822 2017] [authz_core:error] [pid 21498] [client 10.200.6.100:53880] AH01630: client denied by server configuration: /etc/simplesamlphp/ucs-sso.hel.kopano-idp-certificate.crt [Tue May 16 02:45:20.796593 2017] [proxy_http:error] [pid 21501] (104)Connection reset by peer: [client 10.205.1.18:49748] AH01102: error reading status line from remote server 127.0.0.1:40000, referer: http://10.200.6.100/univention/management/ [Tue May 16 02:45:20.797330 2017] [proxy:error] [pid 21501] [client 10.205.1.18:49748] AH00898: Error reading from remote server returned by /openproject/, referer: http://10.200.6.100/univention/management/ [Tue May 16 02:45:49.480286 2017] [authz_core:error] [pid 21503] [client 10.200.6.100:54222] AH01630: client denied by server configuration: /etc/simplesamlphp/ucs-sso.hel.kopano-idp-certificate.crt [Tue May 16 02:46:05.889107 2017] [mpm_prefork:notice] [pid 7635] AH00169: caught SIGTERM, shutting down [Tue May 16 02:46:06.951126 2017] [suexec:notice] [pid 29057] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Tue May 16 02:46:08.017837 2017] [mpm_prefork:notice] [pid 29058] AH00163: Apache/2.4.10 (Univention) OpenSSL/1.0.2d configured -- resuming normal operations [Tue May 16 02:46:08.017912 2017] [core:notice] [pid 29058] AH00094: Command line: '/usr/sbin/apache2' [Tue May 16 02:47:10.031917 2017] [proxy_http:error] [pid 29063] (104)Connection reset by peer: [client 10.205.1.18:49828] AH01102: error reading status line from remote server 127.0.0.1:40000, referer: http://10.200.6.100/univention/portal/ join.log RUNNING 50openproject.inst 2017-05-16 02:45:41.260640046+02:00 (in joinscript_init) Object exists: cn=ldapschema,cn=univention,dc=hel,dc=kopano INFO: No change of core data of object openproject. No modification: cn=openproject,cn=ldapschema,cn=univention,dc=hel,dc=kopano Waiting for activation of the extension object openproject: OK Object exists: cn=openproject,cn=custom attributes,cn=univention,dc=hel,dc=kopano Object exists: cn=openproject-isadmin,cn=openproject,cn=custom attributes,cn=univention,dc=hel,dc=kopano Setting saml/idp/ldap/get_attributes Multifile: /etc/simplesamlphp/authsources.php Module: kopano-cfg Object exists: SAMLServiceProviderIdentifier=openproject,cn=saml-serviceprovider,cn=univention,dc=hel,dc=kopano Setting ucs/web/overview/entries/service/SP/description Setting ucs/web/overview/entries/service/SP/label Setting ucs/web/overview/entries/service/SP/link Setting ucs/web/overview/entries/service/SP/priority Module: kopano-cfg Module: create_portal_entries --2017-05-16 02:45:49-- https://ucs-sso.hel.kopano/simplesamlphp/saml2/idp/certificate Auflösen des Hostnamen »ucs-sso.hel.kopano (ucs-sso.hel.kopano)«... 10.200.6.100 Verbindungsaufbau zu ucs-sso.hel.kopano (ucs-sso.hel.kopano)|10.200.6.100|:443... verbunden. HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden 2017-05-16 02:45:49 FEHLER 403: Forbidden. unable to load certificate 140528867223184:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE EXITCODE=1
If ucs-sso is reachable is already tested in other tests. -> Only run this test on master and backup. 4.2-3 35991d8b: fix 82_saml/24_download_certificate 4.3-0 39b5879d: fix 82_saml/24_download_certificate