First Last Prev Next    This bug is not in your last search results.
Bug 57281 - setup_saml_sp fails to download ucs-sso certificate: invalid SSL certificate
setup_saml_sp fails to download ucs-sso certificate: invalid SSL certificate
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-05-14 07:50 CEST by Philipp Hahn
Modified: 2024-05-14 07:50 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2024-05-14 07:50:19 CEST 
```
univention-management-console-web-server (14.0.16) wird eingerichtet ...
Neue Version der Konfigurationsdatei /etc/univention/templates/info/univention-management-console-web-server.info wird installiert ...
File: /etc/apache2/sites-available/univention.conf
Module: configure_umc_multiprocessing
Module: setup_oidc_rp
umc/oidc/issuer not set, nothing to do
Module: setup_saml_sp
Try to download idp metadata (1/60)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL: no alternative certificate subject name matches target host name 'ucs-sso.dev52.qa'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Try to download idp metadata (2/60)
...
```

/etc/univention/templates/modules/setup_saml_sp.py::download_idp_metadata should check the exit code of `subprocess.call(["curl",…])` and do NOT retry on permanent errors.

Better use requests / http.client / urllib.request / httpx instead of calling an external comman.
First Last Prev Next    This bug is not in your last search results.