Bug 39861

Summary: IE 11 offers download option for http://<fqdn/saml
Product: UCS Reporter: Erik Damrose <damrose>
Component: SAMLAssignee: Florian Best <best>
Status: CLOSED FIXED QA Contact: Erik Damrose <damrose>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 4.1   
Target Milestone: UCS 4.1-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): External feedback
Max CVSS v3 score:
Attachments: download question

Description Erik Damrose univentionstaff 2015-11-10 16:07:58 CET 
Created attachment 7274 [details]
download question

Windows 7, IE 11. When accessing http://<fqdn/umc the option to 'download' http://<fqdn/saml is offered by the browser, see screenshot

apache2 access log on
MASTER
10.200.29.104 - - [10/Nov/2015:16:03:59 +0100] "GET /univention-management-console?lang=de-DE HTTP/1.1" 302 604 "http://master.ucs.local/ucs-overview/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:03:59 +0100] "GET /ucs-overview/languages.json HTTP/1.1" 200 436 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "POST /univention-management-console/get/session-info HTTP/1.1" 401 254 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "GET /univention-management-console/saml/iframe/ HTTP/1.1" 302 5755 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "POST /univention-management-console/saml/ HTTP/1.1" 400 701 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:03 +0100] "HEAD /univention-management-console/js_$20151011141153$/umc/ HTTP/1.1" 200 254 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.182 - - [10/Nov/2015:16:06:35 +0100] "GET /simplesamlphp/saml2/idp/metadata.php HTTP/1.1" 200 9111 "-" "Wget/1.13.4 (linux-gnu)"


BACKUP
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "OPTIONS /simplesamlphp/blank.json?request.preventCache=1447167823772 HTTP/1.1" 200 497 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "GET /simplesamlphp/blank.json?request.preventCache=1447167823772 HTTP/1.1" 200 585 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
10.200.29.104 - - [10/Nov/2015:16:04:00 +0100] "GET /simplesamlphp/saml2/idp/SSOService.php?SAMLRequest=nVdXc%2BJIF333r3Axj5StQBQ19pZyAAmEhNKbQiugnJDEr%2F%2BEGY893vm2ZveBKvp2n9O3zz0d9P2vPk0eL6Cqozx7mSDP8OQRZG7uRVnwMjmpzNN68tfrw%2Feshjd424TZEZQtqJvHEZbVmzH8MmmrbJPbdTQ27RTUm8bdKLi426DP8Kao8iZ382TyE4D8M8Cua1A1YzIfCPRlEjZNsYGgruueu9lzXgUQCsMwBGPQOMiro%2BDb5BF%2FR5J5VrcpqBRQXSIXnI67nwSpXTegem7d%2BjnJXTuB2iy6gOyGekrtzA5AOrae3JEhTwBU22kCTR6pccFRZjdvEt2Y6pFq5Hiq6%2FwTVx2lRQJumCIs3rAoFHkFpCj7H6k8jx2TR556mUTek29a1TVqZJ4mpPKYEvHYUx%2FG9Y8ZvUyaqgW3QN0CPqsbO2teJiiMLJ4Q5AmBVWSxgecbGLYmj4cfEhNRdq%2FaP8nr3AfVG05VD0%2BHvaJOHrX36o8DJq9jqZHN27zVI5NXqd38M%2BMtclvN29DNTctmmLy%2Bq%2FRfBE9BY3t2Y3%2BHPlK5pYVulCgYy9BW4JH3XiY%2FW8jkoxt4fObn9zZpZ3kWjbNG17fiiaAJc%2B8RT4K8ipow%2FT%2B%2BQiAEvvnqCfTuk4vMs28T6Mv8f8j0i0Or2n6qQxt5JzsCH1TjXgOPpyP%2FMvn2W0vch6qVndU3hesv7X%2BXAcguIMkL4D3V7wt5T%2BbPGX%2BvDvS7NKkoGHfOf9Hqs053Fs1OWvAqLFXXwg4K6uxhUW%2F7wl2iO6lPgnn%2Bcs%2Fh8%2Bh75KfOP9pfXfKzqHeQB8EhV1ZUoMM5Uw3UNlmbmrncI60usIAbVgQ6RQpVapdn%2FerR7ezqdXEKWxW0OGjrWn3wwiEWd7P1%2FnjtCpNYC6hj%2BSlaZfzJ7eBpAxEO2hQZdyR8anVuVn13ldDsGDbSRRe2XPqA8L4PW62wwyhukZ5X184E%2FQmy1gFZ61p%2FVnvD01PniAlOc0jnJ25Rhhwj6c1c5IMiWz5s8%2FA0rNBClHHUq23gekYLJ5djWk3LDOUxcwFU71wmWyMBRuwbe3OlJrKntIUPbWUoePD3LFiL9sAGabll%2BHWK%2B84gF%2BcQP1m4iGRZvHNIWxMiTVhzQCnz3ln29rCwpXbLbXfLB56ZdXopF4KUN5ViHRYqZlryy8tHBT4p%2FlaFLRg%2BSmIsYIwaT4CPFnk72v1xLzfgVeR5hj6TJA6VAd7xBB6MvzMuEUFchnHEYh1M4HLN4BRJNBS9E%2FGYxZETTYQieaRPPXnFBSKQtBGo4vGREeW6I2WT0mSZozuBPqofGPIHRqDw6I6pVRbRWtuwEic7Fg46D2QUG1wWG0zjmPCMlLiZlbhneilSwRsH3ou9pi8KL9Vaj00uTkRQzkzoxl%2FosafghGrD2DfwjHBxZnIgw3SwpRP6MJZZM6xGnHnRVqVdkchZUilZhXdmlEwL%2BNGU3JlUy5x2dodF7aBS6FA4YDq4l1S6F9Vx5vMJlijJHmODSI0xKvgZE3lW%2FbR29m9rJ77q5X7Va%2FsDE4skf8f0ovMnaxWPccd0bxxjVkRjGhJsGXzr6dJ1l%2FYXE2Vq8dh1bGAK29ziw4sr4XJMMAFyddEe%2F2UczxP83%2BpPMzi%2BJ3F5jd%2F6yWA7%2FqdxmOVia%2BcvDgFC6XGuOkm591pjnSXNrF4suF3GrWO3iFeVwQpIPhBUk4U4dZhKgihic%2FbSgnDwygw00RmzJcWYpdNI8xMaa%2FraP5QUv1ssoNTNd%2BqiOoKthfekJCuiMOhEHXZtBHhBYgZtWTCDWfOaYHUcZVpXlHJLkGPoDgci4mKJf0WFfUg5uLYX7QRrplbR5UzArFdgqa9RQvPdwC%2Bojlzry4UKbbc6BwfXLTMgMLY7maTi7LjDXPdaX6PLrVINrpldTWQfxYGC5e0FpYskqIsrPPReRk9jCVNkxj1dq0iKHaZDkFkLDfISRbc2X2jm5RxyVR5xTW2TA%2BwxZ%2FGaGubCGBZUBUEyT%2BEyTuRznlCpcV%2Begrs%2FjrBK4HyHU7h38w8nz2kmkE%2FcVDxIS0FGq2NRFrw%2FnabaYWrPF4bYBeDNex7fKcRcJYlZjp%2F0XQ9bBzqRD9dg5aPtTmZZJBZkqV%2BGgVPGgeN2gSN%2F8qn51af8V28T%2FVdv53eMInd88IbZ0X2jOeMjztIXsK1jLU9LFzcjLm7KwJZCqJYhoKNn%2B%2F0Zn985RFXU%2FuBsiAjFQTF45CN4MhSOFDLTEg11VGlmRnHPUbj92cukTOuUIV0dmkDMmdg6LHY29YEkZcpYrBgDkxFWvOK7u8ZresyDJMB4MnZvNTgSxLiPcl52dObqsdqwyz6dFzzPvsfFcXd8Ol8Isjvh%2BFjTsbZb0ohgPLVTxTznch2WiOettKw8tv7J5GYxR1ORSuaKjeLYFefkwApOtmUm03Ue5GTRCeWccIGxogRl6lwizbKJhBeQJJas3hArwYpVM6JXVW0u264afWEYANZxd9l7tHho3Ll1PaIsgTcQFFZuBYuB1fER0izHiWXluvQ7eG5VmU8eTiINqr1b2nymWiTOm1ZrnQOvg8K2cM7kACHBmSpdUj2JsR%2FUlzStr4Yq0ii8Cncub9cBNq3IEM7bHRekM3ybQKXTsidd8ANxtiMMOp0Xsr0fTOE6O5%2BHpaUV3Lj9SXutcOxAlyjj2OeQokDbH84YJnqBtnNyvmFrTtBTHhTxRe%2BFNdie75fh19vtI3q%2FAaFfbsdf78%2FXt%2B8yaXyB89QhTyJ3GJ9ZSd6RFRipXia%2BndTjV8S%2Ff8Y3t5dcNL7Mf7ztfv34e334Hw%3D%3D&RelayState=BuHSQeqh5BqwToU5 HTTP/1.1" 200 8008 "http://master.ucs.local/univention-management-console/?lang=de-DE" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
Comment 1 Erik Damrose univentionstaff 2015-11-10 16:09:32 CET 
Nothing happens if i click open, save or save as...
Comment 2 Florian Best univentionstaff 2016-01-22 11:04:19 CET 
Reported via feedback-mail.
Comment 3 Florian Best univentionstaff 2016-01-25 14:08:48 CET 
The reason was that the error response was JSON while the frontend expected it to be HTML containing the json document. IE11 can't handle json so it showed that pop up.

univention-management-console-frontend.yaml:
r66946 | YAML Bug #39861

univention-management-console-frontend (5.0.63-13):
r66945 | Bug #39861: Prevent download popup in IE11 when accessing UMC
Comment 4 Erik Damrose univentionstaff 2016-01-29 14:33:45 CET 
OK: No popup
OK: yaml
Verified
Comment 5 Janek Walkenhorst univentionstaff 2016-02-04 14:06:31 CET 
<http://errata.software-univention.de/ucs/4.1/88.html>