First Last Prev Next    This bug is not in your last search results.
Bug 50177 - Invalid syntax class for simplesamlAttributes in saml/serviceprovider
Invalid syntax class for simplesamlAttributes in saml/serviceprovider
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Florian Best
Jürn Brodersen
:
Depends on:
Blocks: 40731
  Show dependency treegraph
 
Reported: 2019-09-11 11:14 CEST by Florian Best
Modified: 2019-09-18 13:23 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-09-11 11:14:52 CEST 
The saml/serviceprovider module has the property simplesamlAttributes with syntax TrueFalseUp. TrueFalseUp only allows TRUE/FALSE as values.

In the joinscript 91univention-saml.inst we set invalid values:
91univention-saml.inst:271:     --set simplesamlAttributes="false" \
91univention-saml.inst:283:     --set simplesamlAttributes="false" \
91univention-saml.inst:296:     --set simplesamlAttributes="false" \

We must change the syntax class to TrueFalse:

diff --git a/saml/univention-saml/modules/univention/admin/handlers/saml/serviceprovider.py b/saml/univention-saml/modules/univention/admin/handlers/saml/serviceprovider.py
index 830129bb5e..33ccb77d67 100644
--- a/saml/univention-saml/modules/univention/admin/handlers/saml/serviceprovider.py
+++ b/saml/univention-saml/modules/univention/admin/handlers/saml/serviceprovider.py
@@ -104,7 +104,7 @@ property_descriptions = {
        'simplesamlAttributes': univention.admin.property(
                short_description=_(u'Allow transmission of ldap attributes to the service provider'),
                long_description=_(u'Whether the service provider should receive any ldap attributes from the IdP'),
-               syntax=univention.admin.syntax.TrueFalseUp,
+               syntax=univention.admin.syntax.TrueFalse,
                multivalue=False,
                options=[],
                required=False,
Comment 1 Florian Best univentionstaff 2019-09-11 11:41:38 CEST 
As there might be already entries with TRUE7FALSE in LDAP we could instead leave the syntax class and fix the values from our joinscript or create a syntax class which allows both forms.
Comment 2 Florian Best univentionstaff 2019-09-11 11:48:05 CEST 
This is caused by the broken syntax validation of Bug #40731.
Comment 3 Florian Best univentionstaff 2019-09-11 15:24:21 CEST 
Adjusted the joinscript in branch git:fbest/50177-saml-invalid-true-false-values.
So, there is no need to modify the syntax class.
Comment 4 Florian Best univentionstaff 2019-09-12 13:31:58 CEST 
Fixed by setting the valid value if it is equal to the currently invalid value.

univention-saml (6.0.2-7)
b43b29d0f728 | Bug #50177: fix invalid true/false values for TrueFalseUp syntax
19763434233a | Bug #50177: fix invalid true/false values for TrueFalseUp syntax
20ab5afbcd3d | Bug #50177: fix invalid true/false values for TrueFalseUp syntax

univention-saml.yaml
19763434233a | Bug #50177: fix invalid true/false values for TrueFalseUp syntax
Comment 5 Jürn Brodersen univentionstaff 2019-09-12 18:40:59 CEST 
Fixed typo in ldap filter:
[4.4-1 d28437cc09] Bug #50177: fix filter
[4.4-1 08fb8cc217] Bug #50177: yaml

What I tested:
Upgrade -> simplesamlAttributes is now upper case for all three SP -> OK
Deleted all three SP and forced join script execution -> simplesamlAttributes is upper case for all three SP -> OK
Activated all three SP -> "php -l $SP_CONFIG_FILE" in "/etc/simplesamlphp/metadata.d" -> OK

YAML -> OK

Waiting for jenkins tomorrow, otherwise OK
Comment 6 Jürn Brodersen univentionstaff 2019-09-13 10:41:35 CEST 
jenkins -> OK

-> Verified
Comment 7 Erik Damrose univentionstaff 2019-09-18 13:23:28 CEST 
<http://errata.software-univention.de/ucs/4.4/285.html>
First Last Prev Next    This bug is not in your last search results.