First Last Prev Next    This bug is not in your last search results.
Bug 55976 - Dianostic module: 04_saml_certificate_check fails in keycloak environment
Dianostic module: 04_saml_certificate_check fails in keycloak environment
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - System diagnostic
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-6-errata
Assigned To: Felix Botner
Julia Bremer
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-04-17 13:05 CEST by Felix Botner
Modified: 2024-03-07 13:07 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2023-04-17 13:05:34 CEST 
In our keycloak product test the umc diagnostic check 04_saml_certificate_check fails fails with

Traceback (most recent call last):
  File "/usr/share/ucs-test/00_checks/81_diagnostic_checks.py", line 66, in test_run_diagnostic_checks
    assert plugin_data['success'], plugin_data['error_message']
AssertionError: ## Check failed: 04_saml_certificate_check - Überprüfung der SAML-Zertifikate fehlgeschlagen! ##
  Das SAML Identity Providers Zertifikat '/usr/share/univention-management-console/saml/idp/ucs-sso-ng.ucs.test.xml' fehlt in https://10.207.127.153/simplesamlphp/saml2/idp/certificate (https://10.207.127.153/simplesamlphp/saml2/idp/certificate).
  Führen Sie das Join-Skript <tt>92univention-management-console-web-server</tt> via {join} oder <tt>univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server</tt> auf der Befehlszeile as Benutzer <i>root</i> aus.
assert False

Seems that the check is incompatible with the current keycloak app.
Comment 1 Felix Botner univentionstaff 2023-04-17 13:25:44 CEST 
Added workaround utils/utils.sh::run_keycloak_tests (0bdc37b6c63c5859ca1b5ba74b302ecdbd73dad0)

Please revert if bug is fixed.
Comment 2 Felix Botner univentionstaff 2024-02-29 11:40:22 CET 
Successful build
Package: univention-management-console-module-diagnostic
Version: 6.0.7-4
Branch: ucs_5.0-0
Scope: errata5.0-6


removed workaround in keycloak tests (1e555b3da838387acb2978439100c776a1585bbe)
Comment 3 Julia Bremer univentionstaff 2024-03-04 11:49:20 CET 
OK: Diagnostic check works with Keycloak
OK: Diagnostic check works with Keycloak different path / different FQDN
OK: Jenkins
OK: Workaround removed
OK: YAML

Verified
Comment 4 Felix Botner univentionstaff 2024-03-04 14:01:44 CET 
Successful build
Package: univention-management-console-module-diagnostic
Version: 6.0.7-5
Branch: ucs_5.0-0
Scope: errata5.0-6


added ucs-sso-ng as default for keycloak/fqdn
Comment 5 Julia Bremer univentionstaff 2024-03-05 09:26:38 CET 
OK: Diagnostic check also works if Keycloak URLs are not configured. (And default is used)
Verified
First Last Prev Next    This bug is not in your last search results.