First Last Prev Next    This bug is not in your last search results.
Bug 56561 - wrong redirect for UMC session timeout when using external keycloak
wrong redirect for UMC session timeout when using external keycloak
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-09-08 14:48 CEST by Tim Breidenbach
Modified: 2023-12-20 21:35 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Breidenbach univentionstaff 2023-09-08 14:48:54 CEST 
UCS: 5.0-4 errata788 with external Keycloak as idp server:

Steps to reproduce:
- The admin is logged into UMC and waits until the session timeout.
- He is informed about the timeout:
  """Ihre Sitzung ist abgelaufen, bitte melden sie sich erneut an."""
- Next click on "Login" will redirect the user to the univention/login (not saml) page!

Expected would be a redirect to the login from the configured idp.
Comment 1 Florian Best univentionstaff 2023-12-20 19:14:20 CET 
Please give information what errors are displayed in the Javascript console?
And which requests are done during the session timeout - with which response status codes.
Comment 2 Florian Best univentionstaff 2023-12-20 21:35:50 CET 
Workaround (for Keycloak):

univention-keycloak saml/sp update --metadata-file /usr/share/univention-management-console/saml/sp/metadata.xml "$entity_id" '{"attributes": {"saml.assertion.lifespan": 28800}}'


Workaround (for SimpleSAMLphp):
ucr set umc/saml/assertion-lifetime=28800
/usr/share/univention-management-console/saml/update_metadata
First Last Prev Next    This bug is not in your last search results.