You can subscribe to this list here.
2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Krzysztof B. <kb...@un...> - 2021-06-16 13:32:27
|
Hi Sander, W dniu 15.06.2021 o 09:24, Sander Apweiler pisze: > Good morning Krzysztof, > last week we updated from version 3.4.3 to 3.5.1. This week a user > reported the following error: > > "Problem occurred during authentication process. > > The error is: This implementation doesn't support authn requests with > RequestedAuthnContext set. > You will be automatically redirected in 5s back to the service which > requested authentication, with the above information." > > I asked the IdP as well as the SP, if they changed something and they > can not remember. Maybe this corelation between the error and unity > update is wrong, but did unity change something here? Do you know when > this error is raised by unity? > > I paste the unity log below. This is not a regression, I'm fairly certain that this limitation is present in Unity from the version 1.0.0. There is a small chance that there was a bug in unity, i.e. that RequestedAuthnContext was accepted, and that we had accidentally fixed recently. But honestly I'd say probability of this situation is extremly low. If this is a call for full support of SAML AuthnContexts that's a longer story. Perhaps we would need some workaround for now. Cheers, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-06-15 07:24:20
|
Good morning Krzysztof, last week we updated from version 3.4.3 to 3.5.1. This week a user reported the following error: "Problem occurred during authentication process. The error is: This implementation doesn't support authn requests with RequestedAuthnContext set. You will be automatically redirected in 5s back to the service which requested authentication, with the above information." I asked the IdP as well as the SP, if they changed something and they can not remember. Maybe this corelation between the error and unity update is wrong, but did unity change something here? Do you know when this error is raised by unity? I paste the unity log below. 2021-06-15T08:46:17,369 [qtp848193662-12599] DEBUG unity.server.core.ClientIPSettingHandler: Handling client 85.16.232.92 request to URL /saml-idp/saml2idp-web?SAMLRequest=nVNNj9owEP0rke%2F5AsKqFrCioKpIu9sI0h56qRxnWKw6dtbjLLS%2Ffu1AVrRqc%2BAUZ%2Bb5vZk349n9qZbBKxgUWs1JGiXkfjFDVsuGLlt7UFt4aQFt4GAKaZeYk9YoqhkKpIrVgNRyuls%2BPtBRlNDGaKu5liTYrOfkx%2FhDBuM0mZZ7YJPxuNyn2YgE33pBd8MBEVvYKLRMWRdKRmmYTMM0K5IpnUxpehdNsuw7CfIL9UehKqGeh%2BsozyCkn4siD%2FMvu4IEa9eJUMx20gdrG6RxLPWzUNEBZH3Q0v6OKoh9m6Gomu4wcofwCCUJlohg%2FOWVVtjWYHZgXgWHr9uHv%2BnYUXiihiE22tiYOS87tvhdqPvjTMqS8Z%2FkbDrtrDBXbg83yfqKyGJY%2Fw%2FVWXyl1U%2F7yZFv1rmWgv%2B6ZdqftKmZHUb7iKjCfQel1jCFApR1zkqpjysDzMKcWNMCifu6LgsIVbeOznkLp5vWcaXrhhmBfvZwYtz2nl8Tr6RzbAv7WyYwCOOUe2oXzt3nqE3ltxm4a6zwPvgpXebyr3oW59x%2F7HjPXj%2FZxRs%3D 2021-06-15T08:46:17,370 [qtp848193662-12599] DEBUG unity.server.saml.SamlServletExtractionUtils: Got SAML request using the HTTP Redirect binding 2021-06-15T08:46:17,370 [qtp848193662-12599] WARN unity.server.saml.ErrorHandler: SAML error is going to be returned to the SAML requester by the IdP eu.unicore.samly2.exceptions.SAMLResponderException: This implementation doesn't support authn requests with RequestedAuthnContext set. at pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator.validate(UnityAuthnRequestValidator.java:71) ~[unity-server-saml-3.5.1.jar:?] at pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:34) ~[unity-server-saml-3.5.1.jar:?] at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:219) ~[unity-server-saml-3.5.1.jar:?] at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:143) ~[unity-server-saml-3.5.1.jar:?] at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:96) ~[unity-server-saml-3.5.1.jar:?] at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:76) ~[unity-server-saml-3.5.1.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) ~[javax.servlet-api-3.1.0.jar:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:74) ~[unity-server-web-common-3.5.1.jar:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:274) ~[unity-server-web-common-3.5.1.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleNotProtectedResource(AuthenticationFilter.java:106) ~[unity-server-web-common-3.5.1.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:83) ~[unity-server-web-common-3.5.1.jar:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) ~[unity-server-engine-api-3.5.1.jar:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) ~[unity-server-engine-3.5.1.jar:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.5.1.jar:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272] Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Sander A. <sa....@fz...> - 2021-06-09 07:36:36
|
Thanks for the information. I Updated this week to 3.5.1. I'll keep an eye on this if this happens again. Cheers, Sander On Wed, 2021-06-09 at 09:32 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 09.06.2021 o 08:48, Sander Apweiler pisze: > > Good morning, > > we found a problem in the invitations via upman. We found this > > issue in > > unity 3.4.3. The problem is that the email addresses are some where > > checked case sensitive. I use my email address to explain the > > problem. > > - Users are registered at unity with the email, send by IdP: > > Sa....@fz... > > - Project manager sends an invitation to the email sa.apweiler@fz- > > juelich.de > > - Invitation is created with link to the registration form, not > > enquiry > > form > > - User follows the link and got an error "It seems you are already > > registered, please sign in" > > > > Of course email addresses are not case sensitive, but it seems that > > the > > check if a user having this email address is registered is missing > > a > > transformation to lower case in the comparison. > > > That sounds like https://unity-idm.atlassian.net/browse/UY-1126 fixed > while ago in 3.4.5. > > Cheers, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-06-09 07:33:04
|
Hi Sander, W dniu 09.06.2021 o 08:48, Sander Apweiler pisze: > Good morning, > we found a problem in the invitations via upman. We found this issue in > unity 3.4.3. The problem is that the email addresses are some where > checked case sensitive. I use my email address to explain the problem. > - Users are registered at unity with the email, send by IdP: > Sa....@fz... > - Project manager sends an invitation to the email sa.apweiler@fz- > juelich.de > - Invitation is created with link to the registration form, not enquiry > form > - User follows the link and got an error "It seems you are already > registered, please sign in" > > Of course email addresses are not case sensitive, but it seems that the > check if a user having this email address is registered is missing a > transformation to lower case in the comparison. > That sounds like https://unity-idm.atlassian.net/browse/UY-1126 fixed while ago in 3.4.5. Cheers, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-06-09 06:49:13
|
Good morning, we found a problem in the invitations via upman. We found this issue in unity 3.4.3. The problem is that the email addresses are some where checked case sensitive. I use my email address to explain the problem. - Users are registered at unity with the email, send by IdP: Sa....@fz... - Project manager sends an invitation to the email sa.apweiler@fz- juelich.de - Invitation is created with link to the registration form, not enquiry form - User follows the link and got an error "It seems you are already registered, please sign in" Of course email addresses are not case sensitive, but it seems that the check if a user having this email address is registered is missing a transformation to lower case in the comparison. Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-05-17 10:22:16
|
Dear Subscribers, A new revision of the 3.5 branch was published, including: * multiple UpMan improvements * fix of the group name presentation in Admin Console * fix of tooltips on credentials in forms * important bugfix in authorization of the recently introduced REST operation to add multiple groups Complete list of changes is available at https://www.unity-idm.eu/downloads/ Best regards, Krzysztof |
From: Krzysztof B. <kb...@un...> - 2021-05-13 07:58:40
|
Good morning Sander, W dniu 12.05.2021 o 08:45, Sander Apweiler pisze: > Good morning Krzysztof, > another project wants to use out unity but have their own logo on login > pages. I know I can configure muiltiple SAML or OAUth endpoints, but > can I do it as well with userhome and upman endpoints? > > I guess I had to use something like this in the endpoint definition: > unityServer.core.endpoints.userHome-X.endpointType=UserHomeUI > unityServer.core.endpoints.upman-X.endpointType=UpManUI Yes, absolutely you can. If using config files: copy config of existing endpoint, change the config-file id (the part after endpoints.) to something unique and then just select a desired deployment path and your new endpoint config file location. In case you deploy multiple home + upman endpoints and you use the link feature (from home to upman) make sure to configure the endpoint for the link correctly in homeUI config. (Soon to come - there will be also an option to have a link from upman to home, same note for that). Cheers, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-05-12 06:45:47
|
Good morning Krzysztof, another project wants to use out unity but have their own logo on login pages. I know I can configure muiltiple SAML or OAUth endpoints, but can I do it as well with userhome and upman endpoints? I guess I had to use something like this in the endpoint definition: unityServer.core.endpoints.userHome-X.endpointType=UserHomeUI unityServer.core.endpoints.upman-X.endpointType=UpManUI Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-05-04 06:47:14
|
Good morning Sander, W dniu 04.05.2021 o 07:19, Sander Apweiler pisze: > -) what is the default locale setting for your server? > english >> -) what is the locale used by the user who logged to console? > english. >> -) whether the English displayed name is the only one for that group >> or >> there are any other versions defined? > only the english one. >> -) Also: the group was created using UI or REST API? > created via UI. >> Many questions, but should help to fix the issue easily. > Many but easy to answer ;) OK, thank you, that's one of those embarrassing ones. Certainly will be fixed in 3.5.1. Thanks, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-05-04 05:19:29
|
Good morning Krzysztof, sorry dor the delay. On Thu, 2021-04-29 at 13:21 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 29.04.2021 o 09:02, Sander Apweiler pisze: > > Good morning Krzysztof, > > in the background, above the pop-up, you see that the directory > > browser > > shows only the internal names. In previous versions there was both, > > display name followed by internal names. I just added the pop-up in > > the > > screenshot to show that the displayname is set. > > Ah, ok, missed that completely. > > The intention is that there should be the displayed name. We will > check > this up, however can you please provide me three more details: > > -) what is the default locale setting for your server? english > > -) what is the locale used by the user who logged to console? english. > > -) whether the English displayed name is the only one for that group > or > there are any other versions defined? only the english one. > > -) Also: the group was created using UI or REST API? created via UI. > > Many questions, but should help to fix the issue easily. Many but easy to answer ;) Best regards, Sander > > Thank you, > Krzysztof > > > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-04-29 11:21:51
|
Hi Sander, W dniu 29.04.2021 o 09:02, Sander Apweiler pisze: > Good morning Krzysztof, > in the background, above the pop-up, you see that the directory browser > shows only the internal names. In previous versions there was both, > display name followed by internal names. I just added the pop-up in the > screenshot to show that the displayname is set. Ah, ok, missed that completely. The intention is that there should be the displayed name. We will check this up, however can you please provide me three more details: -) what is the default locale setting for your server? -) what is the locale used by the user who logged to console? -) whether the English displayed name is the only one for that group or there are any other versions defined? -) Also: the group was created using UI or REST API? Many questions, but should help to fix the issue easily. Thank you, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-04-29 07:02:42
|
Good morning Krzysztof, in the background, above the pop-up, you see that the directory browser shows only the internal names. In previous versions there was both, display name followed by internal names. I just added the pop-up in the screenshot to show that the displayname is set. Cheers, Sander On Thu, 2021-04-29 at 08:52 +0200, Krzysztof Benedyczak wrote: > Good morning Sander, > > W dniu 29.04.2021 o 08:10, Sander Apweiler pisze: > > Good morning Krzysztof, > > we finished our test of latest unity version. We find only one > > small > > issue. > > > > In console endpoint only the IDs of the groups are shown and not > > the > > displayname. See attached image. In previous versions it was > > Displayname (ID). Was this change planned? > > > I'm confused:-) In the screenshot you have attached there is both a > group path (built from group 'internal' names) and the group's > displayed > name. So where is the problem? > > We made a bigger change in this area, ensuring we show the *display > name* when appropriate (mostly in the groups tree of the directory > browser and in the headers of tables with users and attributes). > Showing > of the internal names and paths build from them is naturaly preserved > as > the path may be still very important (for the use on REST API for > instance). > > Can you clarify your problem bit more? > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-04-29 06:52:34
|
Good morning Sander, W dniu 29.04.2021 o 08:10, Sander Apweiler pisze: > Good morning Krzysztof, > we finished our test of latest unity version. We find only one small > issue. > > In console endpoint only the IDs of the groups are shown and not the > displayname. See attached image. In previous versions it was > Displayname (ID). Was this change planned? > I'm confused:-) In the screenshot you have attached there is both a group path (built from group 'internal' names) and the group's displayed name. So where is the problem? We made a bigger change in this area, ensuring we show the *display name* when appropriate (mostly in the groups tree of the directory browser and in the headers of tables with users and attributes). Showing of the internal names and paths build from them is naturaly preserved as the path may be still very important (for the use on REST API for instance). Can you clarify your problem bit more? Krzysztof |
From: Sander A. <sa....@fz...> - 2021-04-29 06:10:49
|
Good morning Krzysztof, we finished our test of latest unity version. We find only one small issue. In console endpoint only the IDs of the groups are shown and not the displayname. See attached image. In previous versions it was Displayname (ID). Was this change planned? Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Sander A. <sa....@fz...> - 2021-04-28 06:52:55
|
Good morning Krzysztof, On Wed, 2021-04-28 at 08:45 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 27.04.2021 o 20:19, Sander Apweiler pisze: > > Hi Krzysztof, > > I expected that this is not an easy change because this is very > > generic. If we find a lightwight solution for this problem, it > > would be > > helpful, too. We are also working on a description of this problem > > and > > the workaround with the new invitation in our documentation. > > We had an internal brainstorming on that topic yesterday. One > question > the invitation which is clicked after user account was created)? Is > this > only the case that a prospective user receives multiple invitations > to > register, clicks one (in general a random one), and afterwards we > have a > problem with remaining invitations? Or the problem is wider and > includes > situations where user is for instance manually created by Unity > admin? No at least in our case user accounts are created automatically. > > If we are talking only about multiple invitations, then we may have > an > idea of a bit simpler solution. But please first confirm that this > scenario is covering your problem well. Sadly I think receiving multiple invitations is only the "problem" in few cases. We recognized that user got only one invitation and instead of following the link, the user go to the unity server and create an account. In our case the enquire forms are almost empty, only agreements and policies must be accepted, but I don't want to generalize this. There might be other use cases, where additional information are requested from users, too. Best regards, Sander > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-04-28 06:45:35
|
Hi Sander, W dniu 27.04.2021 o 20:19, Sander Apweiler pisze: > Hi Krzysztof, > I expected that this is not an easy change because this is very > generic. If we find a lightwight solution for this problem, it would be > helpful, too. We are also working on a description of this problem and > the workaround with the new invitation in our documentation. We had an internal brainstorming on that topic yesterday. One question arose: what are those other means to provision the user (i.e. not via the invitation which is clicked after user account was created)? Is this only the case that a prospective user receives multiple invitations to register, clicks one (in general a random one), and afterwards we have a problem with remaining invitations? Or the problem is wider and includes situations where user is for instance manually created by Unity admin? If we are talking only about multiple invitations, then we may have an idea of a bit simpler solution. But please first confirm that this scenario is covering your problem well. Best, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-04-27 18:20:06
|
Hi Krzysztof, I expected that this is not an easy change because this is very generic. If we find a lightwight solution for this problem, it would be helpful, too. We are also working on a description of this problem and the workaround with the new invitation in our documentation. Cheers, Sander On Tue, 2021-04-27 at 17:31 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 26.04.2021 o 07:15, Sander Apweiler pisze: > > Good morning Krzysztof, > > in the last weeks we encountered a recurring "problem" with > > invitations. Let me describe the issue: A project administrator > > creates > > an invitation. At this time the invited user has no unity account, > > so > > it is linked to the registration form and the invitation is send to > > the > > user. In the meantime the user register at unity. After the user > > registered to unity, the user clicks on the invitation link, which > > is > > not working anymore, because the account is already registered. > > > > Of course sendig a new invitation solves the problem, because the > > new > > one is linked to the enquiry form, but this approach is not very > > user > > friendly. It would be nice, if unity switches automatically to the > > enquiry form, if the user already registered before the user > > follows > > the invitation? > > That doesn't sound easy. One aspect is that invitation needs to be > consistent with its form. I.e. if I send an invitation to register a > user that invitation is bound to some form, say form1. Now after > rewriting it to be an invitation to an enquiry, it would require a > form > which is 100% compatible with form1, but cut down to be enquiry. It > is > possible but would require to create automatically a read-only, > system > enquiry form for each registration form, with compatible contents. > > the meantime". In general this can happen in plenty of ways, and we > would need a generic mechanism: new entity was added; let's check if > it > has a confirmed email (hmm, identity or also an attribute?) which is > used in any registration invitation, and if yes rewrite those > invitations to enquiries. > > All in all that is doable, perhaps even generally useful, but it is > rather a major development to cover quite of an edge case. Maybe we > can > think about something more lightweight to support this scenario? > > Cheers, > Krzysztof > > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Krzysztof B. <kb...@un...> - 2021-04-27 15:35:34
|
Hi again, W dniu 26.04.2021 o 14:40, Sander Apweiler pisze: > Hi Krzysztof, > in past we discussed the problems with the load of IdP images by the > user instead of unity. The problem has become more important because > apps of RocketChat and Mattermost displays the error within two > seconds. In this time it is nearly impossible to filter the list of > IdPs using the search box. > > Do you have an estimation when the update will be available. Recently we were focusing on the enhancements of the SAML signatures handling that went out recently. I guess 3.7 would be a safe estimate (June/July), 3.6 is rather unlikely looking at the current backlog of oss requests. Best, Krzysztof |
From: Krzysztof B. <kb...@un...> - 2021-04-27 15:32:20
|
Hi Sander, W dniu 26.04.2021 o 07:15, Sander Apweiler pisze: > Good morning Krzysztof, > in the last weeks we encountered a recurring "problem" with > invitations. Let me describe the issue: A project administrator creates > an invitation. At this time the invited user has no unity account, so > it is linked to the registration form and the invitation is send to the > user. In the meantime the user register at unity. After the user > registered to unity, the user clicks on the invitation link, which is > not working anymore, because the account is already registered. > > Of course sendig a new invitation solves the problem, because the new > one is linked to the enquiry form, but this approach is not very user > friendly. It would be nice, if unity switches automatically to the > enquiry form, if the user already registered before the user follows > the invitation? That doesn't sound easy. One aspect is that invitation needs to be consistent with its form. I.e. if I send an invitation to register a user that invitation is bound to some form, say form1. Now after rewriting it to be an invitation to an enquiry, it would require a form which is 100% compatible with form1, but cut down to be enquiry. It is possible but would require to create automatically a read-only, system enquiry form for each registration form, with compatible contents. Another concern is around detection of how the user is subscribed "in the meantime". In general this can happen in plenty of ways, and we would need a generic mechanism: new entity was added; let's check if it has a confirmed email (hmm, identity or also an attribute?) which is used in any registration invitation, and if yes rewrite those invitations to enquiries. All in all that is doable, perhaps even generally useful, but it is rather a major development to cover quite of an edge case. Maybe we can think about something more lightweight to support this scenario? Cheers, Krzysztof |
From: Sander A. <sa....@fz...> - 2021-04-26 12:40:54
|
Hi Krzysztof, in past we discussed the problems with the load of IdP images by the user instead of unity. The problem has become more important because apps of RocketChat and Mattermost displays the error within two seconds. In this time it is nearly impossible to filter the list of IdPs using the search box. Do you have an estimation when the update will be available. Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Sander A. <sa....@fz...> - 2021-04-26 05:15:17
|
Good morning Krzysztof, in the last weeks we encountered a recurring "problem" with invitations. Let me describe the issue: A project administrator creates an invitation. At this time the invited user has no unity account, so it is linked to the registration form and the invitation is send to the user. In the meantime the user register at unity. After the user registered to unity, the user clicks on the invitation link, which is not working anymore, because the account is already registered. Of course sendig a new invitation solves the problem, because the new one is linked to the enquiry form, but this approach is not very user friendly. It would be nice, if unity switches automatically to the enquiry form, if the user already registered before the user follows the invitation? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
From: Roman K. <ro...@un...> - 2021-04-21 09:36:17
|
Hello Hubert, Thank you for contacting us, unfortunately the functionality you've described is currently not available. I've created a ticket to cover this request, and it has been put into the queue. Thank you, Roman śr., 21 kwi 2021 o 10:26 Roman Krysiński <rkr...@bi...> napisał(a): > Hello Hubert, > > Thank you for contacting us, unfortunately the functionality you've > described is currently not available. > I've created a ticket to cover this request, and it has been put into the > queue. > > Thank you, > Roman > > wt., 20 kwi 2021 o 12:44 Hubert Siejkowski <h.s...@cy...> > napisał(a): > >> Dear developers, >> >> is there any way to select the language for the end-user login page, >> e.g. via a parameter in the URL? In our web portal, we store information >> about language preference for an anonymous user, and we would like to >> pass it somehow to the Unity login page, so the user does not have to >> select the language twice. >> >> All the best, >> Hubert >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> > |
From: Hubert S. <h.s...@cy...> - 2021-04-20 11:03:33
|
Dear developers, is there any way to select the language for the end-user login page, e.g. via a parameter in the URL? In our web portal, we store information about language preference for an anonymous user, and we would like to pass it somehow to the Unity login page, so the user does not have to select the language twice. All the best, Hubert |
From: Tomasz G. <ymg...@cy...> - 2021-04-20 08:53:22
|
Hi Tomek, As this is English list let's use that locale. Oh, right, sorry OK, we will see. Just to clarify - the problem is related to the native chrome's pass manager, not some external one? yes, the native one (P.S. I have some problem with this mailing list, for some reason I didn't receive email with your reply, I just found your reply on the sourcefourge mailing list page) |
From: Krzysztof B. <kb...@un...> - 2021-04-19 16:19:59
|
Hi Tomek, As this is English list let's use that locale. W dniu 19.04.2021 o 09:12, Tomasz Grabarczyk pisze: > Cześć > > Chciałem zgłosić bug'a w Unity - nie działa podpowiadanie danych do > logowania na chromie, gdy jest włączona opcja do wyboru języka - > pokazują się podpowiedzi tylko do hasła, a do user name'a nie. Jak > sprawdzałem to na firefoxie to nie było tego problemu. To jest > prawdopodobnie jakoś związane z dropdown'em do wyboru języka - jak > zablokowałem sobie ten dropdown we wtyczce ublock (screen w > załączniku) to podpowiadanie użytkownika i hasła zaczęło dobrze > działać. Bylibyście w stanie to poprawić? > > Wersja Unity: 3.4.5 > Wersja Chrome'a, na której to sprawdzałem: 89.0.4389.128 (Official > Build) (64-bit) > System: Windows 10 64bit > OK, we will see. Just to clarify - the problem is related to the native chrome's pass manager, not some external one? Cheers, Krzysztof |