Univention Bugzilla – Bug 46574
App installation loses session when logged in with Single Sign-On
Last modified: 2019-03-01 21:09:46 CET
UCS 4.3, DVD install, public App Center. Installing Etherpad. Logged in via saml: 09.03.18 15:32:21.827 MAIN ( PROCESS ) : auth_type='SAML' I get asked for the Administrator password when opening an App in the UMC module, as expected. App installation is started, but is not finished. I receive the following traceback. 09.03.18 15:34:42.199 MAIN ( PROCESS ) : CPCommand (10.200.29.68:50472) response status code: 401 09.03.18 15:34:42.199 MAIN ( PROCESS ) : CPCommand (10.200.29.68:50472) response message: Diese Aktion erfordert die Eingabe Ihres Passwortes. 09.03.18 15:34:42.199 MAIN ( PROCESS ) : CPCommand (10.200.29.68:50472) response result: {'password_required': True} 09.03.18 15:34:42.199 MAIN ( PROCESS ) : CPCommand (10.200.29.68:50472) response error: {'traceback': None, 'command': 'sync_ldap'} 09.03.18 15:34:51.677 MAIN ( PROCESS ) : SessionClient(0x7f99dc163510): _authenticated: success=True status=200 message=None 09.03.18 15:34:51.677 MAIN ( PROCESS ) : auth_type=None 09.03.18 15:37:26.733 MAIN ( ERROR ) : Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__ return self.callable(*self.args, **self.kwargs) File "/usr/sbin/univention-management-console-web-server", line 762, in default return self.get_response(self.create_sessionid(), path, self.get_arguments(kwargs)) File "/usr/sbin/univention-management-console-web-server", line 916, in get_response response = super(CPCommand, self).get_response(sessionid, path, args) File "/usr/sbin/univention-management-console-web-server", line 790, in get_response auth.body = {'username': user.username, 'password': user.saml.message if user.saml else user.password, 'auth_type': "SAML" if user.saml else None} AttributeError: 'NoneType' object has no attribute 'username' No relevant log entires in appcenter.log or m-c-m-appcenter.log at 15:37. If i reopen the app center module, the app is shown as installed. The docker container is running, but i cannot access the webinterface.
First results: 1) Not yet reproducable. Might be a problem with a lost session, but it does not always happen. 2) App installation did not abort, the UMC just lost the connection. After a while, Etherpad is up and running
Jürn had a suggestion to look at the timestamp when the password was entered. 'auth type None' seems suspicious... m-c-m-appcenter.log: 09.03.18 15:34:42.198 MODULE ( PROCESS ) : Diese Aktion erfordert die Eingabe Ihres Passwortes. 09.03.18 15:34:51.676 MODULE ( PROCESS ) : Setting auth type to None
Improved in univention-management-console 10.0.4-4A~4.3.0.201803121702
This traceback was introduced by a change in Bug#44068. But I do think that lost sessions were a problem before and after the commit. I could reproduce this behaviour twice now. Interestingly, only with Etherpad. This seems odd, as the Docker App should not interfere with anything UMC related. The second time with the patch, I was asked again for the password. Nothing in the logs tells me why. So we still lose the progress bar; the installation finishes without the user. But at least no traceback...
OK: Traceback is gone. In my test, the popup to reenter the password came after the app installation finished. I am not very happy with this chain of bugs that merely put one band aid on top of another. Here, we hide the traceback. The referenced Bug#44068 is verified with "The original problem from the Bug description is not addressed with this fix." But it seems to hold for now, so... verified
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".