Univention Bugzilla – Bug 48985
4.3: Make joinscript 92univention-management-console-web-server.inst configurable
Last modified: 2019-03-20 12:57:33 CET
Backport to UCS 4.3 +++ This bug was initially created as a clone of Bug #48224 +++ In a customer environment ucs-sso is not configured and is not required on every server. This causes the 92univention-management-console-web-server.inst to fail every time with this error. Object exists: SAMLServiceProviderIdentifier=https://master-prod.schein.de/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=olb,dc=de No modification: SAMLServiceProviderIdentifier=https://master-prod.schein.de/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=olb,dc=de Not updating ucs/server/sso/fqdn % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html ยท curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. [...] Try to download idp metadata (60/60) Could not download IDP metadata for https://ucs-sso.schein.de/simplesamlphp/saml2/idp/metadata.php 'NoneType' object has no attribute 'find' Unsetting umc/saml/idp-server Module: setup_saml_sp Is there a possibility to make it configurable if ucs-sso is not desired?
univention-management-console.yaml 4e5c99531362 | YAML Bug #48985 50180ef42968 | YAML Bug #48985 univention-management-console (10.0.6-20) 2f282aae5ea6 | Bug #48985: do not configure the SAML IDP in the UMC WebServer if umc/web/sso/enabled=false.
f0525ef Fix yaml, fix changelog bug number I verified the backport, but had to change the package version and the debian changelog bug number. Please be more careful when backporting (and then fixing those backports) to a previous version.
(In reply to Erik Damrose from comment #2) > f0525ef Fix yaml, fix changelog bug number > > I verified the backport, but had to change the package version and the > debian changelog bug number. Please be more careful when backporting (and > then fixing those backports) to a previous version. The debian changelog was on purpose with another bug number because then the diff between branches keeps being smaller.
Seems we disagree on that. The diff will be only marginally larger. I prefer to find the correct bug number right away, other than having to look for a hopefully linked or depending bugnumber at the original bug in our bugzilla. Besides, the debian/changelog will show up in a diff in any case, because the version number is different in 4.3 / 4.4
<http://errata.software-univention.de/ucs/4.3/459.html>