Bug 53202 – Self service account deregistration does not work via SAML, shows generic error message

Bug 53202 - Self service account deregistration does not work via SAML, shows generic error message


Summary:	Self service account deregistration does not work via SAML, shows generic err...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Self Service
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-0-errata
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-04-30 12:43 CEST by Erik Damrose
Modified:	2021-05-04 13:36 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2021-04-30 12:43:29 CEST

The self service userprofile page can be used when logged in via SAML. On that page a user with a self registered account can click a button to delete the account. This only works when logged in directly against UMC and not via SAML. With a SAML login, a generic error message tells the user, that username or password are incorrect or that there is a permission error.

The information that the account can only be deleted with a different login type might be helpful. We could also decide to make account deletion possible with a SAML login.

==> /var/log/univention/management-console-module-passwordreset.log <==
30.04.21 12:16:06.269  MODULE      ( PROCESS ) : Entweder stimmen Benutzername und Passwort nicht oder Sie haben keine Berechtigung diesen Dienst zu nutzen.

==> /var/log/univention/management-console-web-server.log <==
30.04.21 12:16:06.270  MAIN        ( PROCESS ) : CPCommand (10.205.2.49:51404) response status code: 403
30.04.21 12:16:06.270  MAIN        ( PROCESS ) : CPCommand (10.205.2.49:51404) response reason : None
30.04.21 12:16:06.270  MAIN        ( PROCESS ) : CPCommand (10.205.2.49:51404) response message: Entweder stimmen Benutzername und Passwort nicht oder Sie haben keine Berechtigung diesen Dienst zu nutzen.
30.04.21 12:16:06.270  MAIN        ( PROCESS ) : CPCommand (10.205.2.49:51404) response result: None
30.04.21 12:16:06.270  MAIN        ( PROCESS ) : CPCommand (10.205.2.49:51404) response error: {'traceback': None, 'command': 'deregister_account'}

Comment 1 Florian Best

2021-05-03 10:43:02 CEST

Is this a regression in UCS 5.0?