Bug#702501: marked as done (simplesamlphp: Error message doesn't correspond to the real error cause)

Debian Bug Tracking System Wed, 19 Aug 2020 04:00:54 -0700

Your message dated Wed, 19 Aug 2020 12:51:08 +0200
with message-id 
<[email protected]>
and subject line Re: Bug#702501: simplesamlphp: Error message doesn't 
correspond to the real error cause
has caused the Debian Bug report #702501,
regarding simplesamlphp: Error message doesn't correspond to the real error 
cause
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
702501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702501
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: simplesamlphp
Version: 1.10.0-1
Severity: normal
Tags: upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Team,

If you are using expired metadata the error you get is:

Exception during login:
SimpleSAML_Error_Exception: Could not find the metadata of an IdP with entity 
ID 'https://www.rediris.es/sir/shibtestidp'
Backtrace:
5 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:130 
(sspmod_saml_Auth_Source_SP::getIdPMetadata)
4 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:261 
(sspmod_saml_Auth_Source_SP::startSSO)
3 /usr/share/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:339 
(sspmod_saml_Auth_Source_SP::authenticate)
2 /usr/share/simplesamlphp/lib/SimpleSAML/Auth/Default.php:58 
(SimpleSAML_Auth_Default::initLogin)
1 /usr/share/simplesamlphp/modules/core/www/authenticate.php:43 (require)
0 /usr/share/simplesamlphp/www/module.php:135 (N/A)


The error message does not make references to the real cause:
  simplesaml is not using the metadata because is expired.

So, SimpleSAML_Error_Exception: Could not find the metadata of an IdP with 
entity ID 'https://www.rediris.es/sir/shibtestidp' is FALSE!!

Thanks in advance

- -- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages simplesamlphp depends on:
ii  apache2                      2.2.22-13
ii  apache2-mpm-prefork [httpd]  2.2.22-13
ii  libapache2-mod-php5          5.4.4-14
ii  openssl                      1.0.1e-1
ii  php-openid                   2.2.2-1.1
ii  php-xml-parser               1.3.4-6
ii  php5                         5.4.4-14
ii  php5-common [php5-mhash]     5.4.4-14
ii  php5-mcrypt                  5.4.4-14
ii  zlib1g                       1:1.2.7.dfsg-13

Versions of packages simplesamlphp recommends:
ii  php5-cli  5.4.4-14

Versions of packages simplesamlphp suggests:
ii  mysql-server  5.5.29+dfsg-1
ii  php5-ldap     5.4.4-14
ii  php5-mysql    5.4.4-14
pn  php5-radius   <none>

- -- Configuration Files:
/etc/simplesamlphp/authsources.php changed [not included]
/etc/simplesamlphp/config.php changed [not included]

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJROJcDAAoJEKgvu4Pz1XAzswkP/3K6oVqKC6Ivza+EL0SlqWox
bzO9NEVr7q85wF255cw1G4WK8x0Lvyt1lJlz5Vxv8LtqvpGk7bmBSZf5dcpVC1Yr
UXAPPLIqcV8e6Gs8sB1J0ryuEm59mB5qj52Y2/aIIKspLXN6X28t89xAPHmm8leT
BLqLZD1NyLLcU6U3SdpdFEv1T8uv+JXFc/a7VG+fyKU5FHfrmYsuya+VyjNqt+HC
JS9W0IQhc/eh8L318QE5UW50zZMmyg64ZA1ITqolxv3djc2zWgxB2wVBSSJPaK0H
//eAYAh0LyNCr9b+j1e5TQlYoeTWtBQcQObjirgrok2fSqdzHuM47d1Sh7KThzki
m3I1EdePh78ZUOdLTeLZPKF65WHZt1AXk9Rsb+U+T51SCY57smeYXI89Il8NoyDb
7ZA8CsgQBzHN4DdSpTy0P8x0rPztBsJSDkUeNGuzggBqwoqQNwJNC98LZFArZI5m
Dh06F2IO5sEiTBr3Y9iAOF08Roo1O6HovqOOIXWjsfLxusF4Kc4OPJ7Qu+dFLLFY
pMdgucWNkQomyM4LpPtHQWpalDtk/ZcN1jY0dEFulXBEU5tKLwAjp+b/XZh3zMDH
5l6lwL2amg9TBX7BobZTyE9oPJ6qM+DIlTwF2Ro4bLkLnRddDtAKt3O6XHHlFIpn
98WNX6k2alRClPKIURna
=bqWE
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Version: 1.18.1-1

On Thu, March 7, 2013 17:14, Thijs Kinkhorst wrote:
> Op donderdag 7 maart 2013 15:40:31 schreef Dario Minnucci:
>> > Fixing this would therefore require a bit of reworking of how
>> > simpleSAMLphp  tracks IdP's internally.
>>
>> I didn't look at the code enough to provide or propose a definitive and
>> elegant solution but I guess adding the reason why the IdP was not
>> considered to the backtrace presented on the browser could help.

This has since been fixed.

Starting from 1.18:
- The admin/federation panel correctly shows entities that have expired
- Using any SP that is expired will throw a specific exception "Metadata
for the entity [https://example.nl/authentication/sp/metadata] expired 908
seconds ago."

Starting from master (probably 2.0):
- Using any IdP that is expired will also throw the mentioned specific
exception.


So I believe this is adequately resolved. Because it's evident from the
admin panel in 1.18+, I think it's ok to close the issue per that version


Cheers,
Thijs

--- End Message ---

Bug#702501: marked as done (simplesamlphp: Error message doesn't correspond to the real error cause)

Reply via email to