Univention Bugzilla – Bug 55348
[UDM REST API]: listing SAML Service providers broken if old mapping format is used
Last modified: 2022-11-16 18:04:01 CET
With: dn: SAMLServiceProviderIdentifier=https://master46.school.dev/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,l=school,l=dev simplesamlLDAPattributes: uid The following exception happens: HTTPServerRequest(protocol='http', host='master46.school.dev', method='GET', uri='/udm/saml/serviceprovider/?filter=&scope=sub&hidden=0', version='HTTP/1.1', remote_ip='0.0.0.0') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute result = yield result File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run value = future.result() File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 2367, in get await self._get(object_type) File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 2422, in _get entry = Object.get_representation(objmodule, obj, properties, self.ldap_connection) File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 2796, in get_representation values = dict(decode_properties(module, obj, values)) File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 3768, in decode_properties yield key, codec.decode_json(value) File "/usr/lib/python3/dist-packages/univention/admin/types.py", line 139, in decode_json return self.to_json_type(self.decode(value)) File "/usr/lib/python3/dist-packages/univention/admin/types.py", line 122, in decode return self.decode_value(value) File "/usr/lib/python3/dist-packages/univention/admin/types.py", line 593, in decode_value return self.syntax.todict(value) File "/usr/lib/python3/dist-packages/univention/admin/syntax.py", line 571, in todict return dict(value) ValueError: dictionary update sequence element #0 has length 1; 2 is required We should unmap the old format`simplesamlLDAPattributes: uid` as `simplesamlLDAPattributes: uid=uid` to prevent this error.
This is the only affected property: >>> inspect.getmembers(univention.admin.syntax, lambda m: inspect.isclass(m) and issubclass(m, univention.admin.syntax.complex) and not m.all_required and m.subsyntax_key_value) [('attributeMapping', <class 'univention.admin.syntax.attributeMapping'>)] A similar problem might exists for those syntax classes: >>> [x[0] for x in inspect.getmembers(univention.admin.syntax, lambda m: inspect.isclass(m) and issubclass(m, univention.admin.syntax.complex) and not m.all_required and m.subsyntax_names)] ['ActivationDateTimeTimezone', 'DateTimeTimezone', 'IPv4_AddressRange', 'PrinterURI', 'UMC_CommandPattern', 'dhcpEntry', 'dnsSRVName']
(In reply to Florian Best from comment #1) > A similar problem might exists for those syntax classes: > >>> [x[0] for x in inspect.getmembers(univention.admin.syntax, lambda m: inspect.isclass(m) and issubclass(m, univention.admin.syntax.complex) and not m.all_required and m.subsyntax_names)] > ['ActivationDateTimeTimezone', 'DateTimeTimezone', 'IPv4_AddressRange', > 'PrinterURI', 'UMC_CommandPattern', 'dhcpEntry', 'dnsSRVName'] They all seem to be fine. Can best be seen with IPv4_AddressRange as there the unmap function doesn't necessarily require two elements to be unmapped: `IPv4_AddressRange.todict(('1.2.3.4',)) == {'first': '1.2.3.4', 'last': None}`
https://git.knut.univention.de/univention/ucs/-/merge_requests/553
Reproducer: __udm saml/serviceprovider list curl -H 'Accept: application/json' "http://Administrator:univention@localhost/univention/udm/saml/serviceprovider/SAMLServiceProviderIdentifier=https:,/=/,$(hostname -f)/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,$(ucr get ldap/base)" | python -m json.tool
mapping and unmapping now always produce a mapping: univention-saml.yaml 0fdc7b59f1b6 | fix(udm-rest): make sure unmapping of saml LDAPAttributes always unmap a mappable value univention-saml (7.0.5-5) 0fdc7b59f1b6 | fix(udm-rest): make sure unmapping of saml LDAPAttributes always unmap a mappable value
Verified: * Comment 4 * Advisory * ucs-test-saml
f49175a623 | Advisory wording
<https://errata.software-univention.de/#/?erratum=5.0x486>