First Last Prev Next    This bug is not in your last search results.
Bug 55509 - Consider possible ucr policys in joinscripts
Consider possible ucr policys in joinscripts
Status: RESOLVED DUPLICATE of bug 55570
Product: UCS
Classification: Unclassified
Component: Join (univention-join)
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-20 11:28 CET by Christina Scheinig
Modified: 2023-01-30 11:50 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2022121521000226
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2022-12-20 11:28:17 CET 
In a customer environment the 
/usr/lib/univention-install/92univention-management-console-web-server.inst
fails, because the ucr Variable umc/saml/idp-server is set via policy.

```
if ! is_ucr_false 'umc/web/sso/enabled'; then
        rm /usr/share/univention-management-console/saml/idp/*.xml
        ucr set umc/saml/idp-server="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/metadata.php" || _cleanup_die
        [ "$(ls -A /usr/share/univention-management-console/saml/idp/*.xml)" ] || _cleanup_die
fi
```

So the joinscript failes, and also this brakes the saml login because the xml file is deleted and not created after that.

The message in the UMC shows:
Interner Server-Fehler.
Fehlernachricht des Servers:
Der Service Provider ist fehlkonfiguriert: Keine Identity Provider sind zur Benutzung eingerichtet.

So workaround is to edit the joinscript using force, and unset the variable in this layer afterwards.
Comment 1 Dirk Wiesenthal univentionstaff 2023-01-30 11:50:28 CET 
Will be fixed alongside Bug#55570

*** This bug has been marked as a duplicate of bug 55570 ***
First Last Prev Next    This bug is not in your last search results.