Univention Bugzilla – Full Text Bug Listing |
Summary: | Make it possible to configure multiple entity IDs for one IdP | ||
---|---|---|---|
Product: | UCS | Reporter: | Jürn Brodersen <brodersen> |
Component: | SAML | Assignee: | Jürn Brodersen <brodersen> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | best, botner |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Jürn Brodersen
2019-11-18 11:58:28 CET
Branch: juern/multi-ident [juern/multi-ident 0b62478ce1] Bug #50510: Make it possible to configure multiple entity IDs for one IdP [juern/multi-ident 3a16412c9e] Bug #50510: Add 82_saml/44_idp_eintityID_supplement OK: Configure several more IdPs via UCR saml/idp/entityID/supplement/<identifier>=true + apache2 reload OK: Get individual IdP metadata from https://$(ucr get ucs/server/sso/fqdn)/simplesamlphp/<identifier>/saml2/idp/metadata.php ~ Testcase did fail in my case *** START TIME: 2019-11-19 18:49:34 *** Create saml/idp/entityID/supplement/second_eID File: /etc/apache2/sites-available/univention-saml.conf Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php File: /etc/simplesamlphp/config.php Module: ox-config supplement_entityID: "https://ucs-sso.mydomain.intranet/simplesamlphp/second_eID/saml2/idp/metadata.php" Setting umc/saml/idp-server Module: setup_saml_sp Try to download idp metadata (1/60) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M100 5108 0 5108 0 0 63602 0 --:--:-- --:--:-- --:--:-- 63850 Reloading univention-management-console-web-server configuration (via systemctl): univention-management-console-web-server.service. Multifile: /etc/pam.d/univention-management-console File: /etc/ldap/sasl2/slapd.conf Module: ox-config GET SAML login form at: https://ucsmaster.mydomain.intranet/univention/saml/ WARN: could not parse XML/HTML: not well-formed (invalid token): line 17, column 3127 ### FAIL ### Problem while reaching login dialog But maybe that error did occur because 82_saml/30_umc_cert_chain failed earlier. REOPENing in any case for branch merge, we also need documentation for this feature. We can create an additional bug for that if required. [4.4-2 bcccfc5d3e] Bug #50510: Move simplesamlphp-modules/ [4.4-2 8d4447c4ce] Bug #50510: Make it possible to configure multiple entity IDs for one IdP [4.4-2 3030e9472a] Bug #50510: Add 82_saml/44_idp_eintityID_supplement [4.4-2 ec1bd5d2d4] Bug #50510: yaml [4.4-2 57797e2494] Bug #50510: Merge branch 'juern/multi-ident' into 4.4-2 [4.4-2 90761c8e88] Bug #50510: Revert python-notifier change [4.4-2 07d618fd98] Bug #50510: yaml2 Package: univention-saml Version: 6.0.2-15A~4.4.0.201911201731 Branch: ucs_4.4-0 Scope: errata4.4-2 Documentation bug: #50523 univention-saml 6.0.2-15A~4.4.0.201911201731 OK: Configure several more IdPs via UCR saml/idp/entityID/supplement/<identifier>=true + apache2 reload OK: Get individual IdP metadata from https://$(ucr get ucs/server/sso/fqdn)/simplesamlphp/<identifier>/saml2/idp/metadata.php OK: yaml Verified All saml test failed in the last jenkins run, is this related to this bug? REQUEST_URI is undefined outside the apache config :( 20.11.19 23:41:02.785 LISTENER ( ERROR ) : Failed to create /etc/simplesamlphp/metadata.d/https:__master090.autotest090.local_univention_saml_metadata.php: PHP Fatal error: Uncaught ErrorException: Undefined index: REQUEST_URI in /etc/simplesamlphp/config.php:52 Stack trace: #0 /etc/simplesamlphp/config.php(52): {closure}(8, 'Undefined index...', '/etc/simplesaml...', 52, Array) #1 /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php(124): require('/etc/simplesaml...') #2 /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php(252): SimpleSAML_Configuration::loadFromFile('/usr/share/simp...', true) #3 /usr/share/simplesamlphp/lib/SimpleSAML/Configuration.php(336): SimpleSAML_Configuration::getConfig() #4 /usr/share/simplesamlphp/lib/SimpleSAML/Logger.php(363): SimpleSAML_Configuration::getInstance() #5 /usr/share/simplesamlphp/lib/SimpleSAML/Logger.php(403): SimpleSAML\Logger::createLoggingHandler('SimpleSAML\\Logg...') #6 /usr/share/simplesamlphp/lib/SimpleSAML/Logger.php(179): SimpleSAML\Logger::log(4, 'The class or in...') #7 /usr/share/simplesamlphp/lib/_autoload_modules.php(68): SimpleSAML\Logger::warning('The class or in...') #8 [internal function]: temporaryLoader( in /etc/simplesamlphp/config.php on line 52 Package: univention-saml Version: 6.0.2-17A~4.4.0.201911251558 Branch: ucs_4.4-0 Scope: errata4.4-2 [4.4-2 90761c8e88] Bug #50510: Revert python-notifier change [4.4-2 07d618fd98] Bug #50510: yaml2 [4.4-2 358421b7d4] Bug #50510: changelog ucs-test [4.4-2 514ff89cdb] Bug #50510: Fix creation of service provider config [4.4-2 63ba7f3dc3] Bug #50510: fix typo [4.4-2 c69a22d4ba] Bug #50510: fix wrong description [4.4-2 17cc1eb364] Bug #50510: Be more verbose for listener problems [4.4-2 635f4d3ed6] Bug #50510: Reset IDP metadata used by the umc [4.4-2 8549e3f5c6] Bug #50510: changelog ucs-test [4.4-2 c75bfbd4a2] Bug #50510: fix 44_idp_entityID_supplement (again) [4.4-2 c3f0a68aed] Bug #50510: ensure the HOST header has the same case as in the idp config [4.4-2 b0090a9a65] Bug #50510: yaml TLDR The important commits for univention-saml are: [4.4-2 514ff89cdb] Bug #50510: Fix creation of service provider config [4.4-2 c3f0a68aed] Bug #50510: ensure the HOST header has the same case as in the idp config The first commit fixes that "$_SERVER['REQUEST_URI']" is not set during service provider config creation. The second commit fixes that the hostname which is used to choose the idp config was case sensitive. Small doc changes on branch (ucr var needs to be set on backups as well): juern/bug50510-doc Documentation is okay, i merged it at 71e3c9f3 univention-saml 6.0.2-17A~4.4.0.201911251558 OK: Fix creation of service provider config OK: ensure the HOST header has the same case as in the idp config OK: ucs-test OK~ yaml (fix in 3803329) |