Univention Bugzilla – Bug 56303
SAML login is not working after upgrade to UCS 5.0-4 in UMC-Server multiprocessing mode
Last modified: 2023-07-12 13:57:25 CEST
The customer gets a traceback during saml login 11.07.23 09:31:31.943 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 11.07.23 09:31:31.944 MAIN ( INFO ) : Reloading SAML service provider configuration 11.07.23 09:31:31.953 MAIN ( WARN ) : Startup of SAML2.0 service provider failed: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/saml.py", line 214, in reload cls.SP = Saml2Client(config_file=cls.configfile, identity_cache=cls.identity_cache, state_cache=shared_memory.saml_state_cache) File "/usr/lib/python3/dist-packages/saml2/client_base.py", line 108, in __init__ self.users = Population(identity_cache) File "/usr/lib/python3/dist-packages/saml2/population.py", line 13, in __init__ self.cache = Cache(cache) File "/usr/lib/python3/dist-packages/saml2/cache.py", line 27, in __init__ self._db = shelve.open(filename, writeback=False, protocol=2) File "/usr/lib/python3.7/shelve.py", line 243, in open return DbfilenameShelf(filename, flag, protocol, writeback) File "/usr/lib/python3.7/shelve.py", line 227, in __init__ Shelf.__init__(self, dbm.open(filename, flag), protocol, writeback) File "/usr/lib/python3.7/dbm/__init__.py", line 94, in open return mod.open(file, flag, mode) _gdbm.error: [Errno 11] Resource temporarily unavailable The workaround moving the databases from /var/cache/univention-management-console does not work New created DB shows # db_verify saml.bdb db_verify: BDB0641 __db_meta_setup: saml.bdb: unexpected file type or format db_verify: BDB0524 Page 0: pgno incorrectly set to 4096 db_verify: BDB0525 Page 0: bad magic number 0 db_verify: BDB0527 Page 0: bad page size 9 db_verify: saml.bdb: BDB0090 DB_VERIFY_BAD: Database verification failed BDB5105 Verification of saml.bdb failed.
The identity cache was used by multiple processes. We have to restrict it to use one cache per process. QA: ucr set umc/saml/in-memory-identity-cache=false umc/http/processes=4 systemctl restart univention-management-console-server ls /var/cache/univention-management-console/saml-*.bdb login via SAML from multiple browsers univention-management-console.yaml 4614838e2b0c | fix(umc-saml): fix SAML identity cache in multiprocessing mode univention-management-console (12.0.31-6) 4614838e2b0c | fix(umc-saml): fix SAML identity cache in multiprocessing mode
QA: - The reported traceback does not occur anymore when using SAML login: OK - No related errors/tracebacks in logfiles: OK - advisories: OK
<https://errata.software-univention.de/#/?erratum=5.0x731>