Seen in tests: Traceback (most recent call last): File "/usr/share/ucs-test/00_checks/81_diagnostic_checks.py", line 66, in test_run_diagnostic_checks assert plugin_data['success'], plugin_data['error_message'] AssertionError: ## Check failed: 04_saml_certificate_check - Überprüfung der SAML-Zertifikate fehlgeschlagen! ## Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 276, in execute ret = execute(umc_module, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 68, in run if keycloak_fqdn and 'realms/ucs/protocol/saml/descriptor' in umc_saml_idp: TypeError: argument of type 'NoneType' is not iterable assert False keycloak/server/sso/fqdn is not set but has a default value. umc/saml/idp-server is also not set but has no default value.
Problematic if a 5.0 system is joined in a 5.2 No-Keycloak environment. In environments with 5.0 Primary, umc/saml/idp-server should at least be set initially (SimpleSAMLphp). But it is possible and allowed to unset it in 5.0, of course.
univention-management-console-module-diagnostic.yaml 9461e80d1675 | Bug #57746: YAML univention-management-console-module-diagnostic (6.0.10-2) 88eaf2e558e0 | Bug #57746: Do not traceback in 04_saml_certificate_check if UMC is not configured for any kind of SSO Package: univention-management-console-module-diagnostic Version: 6.0.10-2 Branch: ucs_5.0-0-errata5.0-9 Scope: errata5.0-9 Not cherry-picked to 5.2 as it was fixed there a little differently in another issue.
QA: Code review: OK Changelog: OK Advisory: OK Manual test: OK
<https://errata.software-univention.de/#/?erratum=5.0x1173>