unity-idm-discuss — Unity discussion and support

Re: [Unity-idm-discuss] Browser is not allowed to open page & login loop

[Krzysztof B. <kb...@un...>]

Sander,

W dniu 27.03.2025 o 14:02, Sander Apweiler pisze:
> Hello Krzysztof, hello Roman,
>
> yesterday we moved to unity 4.0.5 after testing the release in a
> broader audience but still not that close to our production
> environment. Sadly we now get again an increasing number of tickets
> about login fails and errors where the browsers are not allowed to show
> the unity page.
>
> The redirect loop happens on the WAYF/discovery page if the service is
> a public client. E.g. https://sensors.gfz-potsdam.de/
>
> If the users have a broken login, for example due to the first problem,
> and start using another service, even confidential services, the
> browser shows the error about not being allowed to show the page.
> 1. Go To another service, e.g. https://codebase.helmholtz.cloud/
> 2. Select Login with Helmholtz ID
> 3. Select an IdP from the WAYF/discovery page
>
The main part of the problem should be addressed in 4.0.6. We are aware 
of another - similar - problem, however this other one happens rarely, 
perhaps some hard to find race condition. Nevertheless 4.0.6 should 
greatly improve stability in your case.

Best,
Krzysztof

[Unity-idm-discuss] Release 4.0.6 is available

[Krzysztof B. <kb...@un...>]

Dear Subscribers,

A subsequent patch release, improving version 4 stability was published.

Two problems were addressed in this patch release:

  * *Page opening errors when authenticating using Unity as IdP*
  * *Fixed creation of subgroups in UpMan which are designated as
    sub-projects*

For the complete list see the changelog. All the details are available 
at https://unity-idm.eu/releases/release-4-0-6/

Best,
Krzysztof

Re: [Unity-idm-discuss] Browser is not allowed to open page & login loop

[Roman K. <ro...@un...>]

Hello Sander,

Thank you for reproduction steps, those are essential to find the root
cause.

We are working on it.

Best regards,
Roman

czw., 27 mar 2025 o 14:03 Sander Apweiler <sa....@fz...>
napisał(a):

> Hello Krzysztof, hello Roman,
>
> yesterday we moved to unity 4.0.5 after testing the release in a
> broader audience but still not that close to our production
> environment. Sadly we now get again an increasing number of tickets
> about login fails and errors where the browsers are not allowed to show
> the unity page.
>
> The redirect loop happens on the WAYF/discovery page if the service is
> a public client. E.g. https://sensors.gfz-potsdam.de/
>
> If the users have a broken login, for example due to the first problem,
> and start using another service, even confidential services, the
> browser shows the error about not being allowed to show the page.
> 1. Go To another service, e.g. https://codebase.helmholtz.cloud/
> 2. Select Login with Helmholtz ID
> 3. Select an IdP from the WAYF/discovery page
>
> Please let us know if we can provide you any further information.
>
> Best regards,
> Sander
>
> --
> Large-Scale Data Science
> Juelich Supercomputing Centre
>
> phone: +49 2461 61 8847
> fax: +49 2461 61 6656
> email: sa....@fz...
>
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> Forschungszentrum Jülich GmbH
> 52425 Jülich
> Sitz der Gesellschaft: Jülich
> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
> Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
> Dr. Stephanie Bauer (stellvertretende Vorsitzende),
> Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
>
>
>
> _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
>

[Unity-idm-discuss] Browser is not allowed to open page & login loop

[Sander A. <sa....@fz...>]

Hello Krzysztof, hello Roman,

yesterday we moved to unity 4.0.5 after testing the release in a
broader audience but still not that close to our production
environment. Sadly we now get again an increasing number of tickets
about login fails and errors where the browsers are not allowed to show
the unity page.

The redirect loop happens on the WAYF/discovery page if the service is
a public client. E.g. https://sensors.gfz-potsdam.de/

If the users have a broken login, for example due to the first problem,
and start using another service, even confidential services, the
browser shows the error about not being allowed to show the page.
1. Go To another service, e.g. https://codebase.helmholtz.cloud/
2. Select Login with Helmholtz ID
3. Select an IdP from the WAYF/discovery page

Please let us know if we can provide you any further information.

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellvertretende Vorsitzende),
Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Subproject Creation and Account Update Feature on Home Endpoint

[piotrpiernik <pio...@gm...>]

  
  
Dear Laura
  
Thank you for problems reporting.   
  
1. Yes, i confirm the problem with creating subproject. We will provide the fix in next release
  
2. Could you please check the home endpoint config, - are this enquiry forms included in "Enabled enquiry forms"    property?   
  

  
Best regards
  
Piotr
  

  

  

  
  
  
  
>   
> On 14 mar 2025 at 15:37, Laura Hofer  <l....@fz...>  wrote:
>   
>   
>  Hi Krzysztof, Hi Roman,
>
> while testing Unity  4.0.5, we noticed the following problems:
> Firstly, when creating subprojects on the Upman endpoint, the projects  
> are always created as subgroups first and not as subprojects, although  
> this was specified when they were created. However, as soon as the  
> subgroup is created, it can be configured as a subproject.
> Secondly, we have a problem with the display of the Account Update  
> feature on the Home endpoint. Old join enquiries and newly created ones  
> are no longer displayed on the home endpoint. Do we need to reconfigure  
> anything? The problem has existed since at least version  4.0.4.
>
> Kind regards,
> Laura
>
> --  
> Juelich Supercomputing Centre
> Institute for Advanced Simulation
> Forschungszentrum Juelich GmbH
> 52425 Juelich, Germany
> E-Mail: l....@fz...
> Phone: +49 2461 61-6576
> Fax: +49 2461 61-6656
>
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> Forschungszentrum Juelich GmbH
> 52425 Juelich
> Sitz der Gesellschaft: Juelich
> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
> Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens,
> Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
>
>     
>   
>  _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
>     
     

[Unity-idm-discuss] Subproject Creation and Account Update Feature on Home Endpoint

[Laura H. <l....@fz...>]

Hi Krzysztof, Hi Roman,

while testing Unity 4.0.5, we noticed the following problems:
Firstly, when creating subprojects on the Upman endpoint, the projects 
are always created as subgroups first and not as subprojects, although 
this was specified when they were created. However, as soon as the 
subgroup is created, it can be configured as a subproject.
Secondly, we have a problem with the display of the Account Update 
feature on the Home endpoint. Old join enquiries and newly created ones 
are no longer displayed on the home endpoint. Do we need to reconfigure 
anything? The problem has existed since at least version 4.0.4.

Kind regards,
Laura

-- 
Juelich Supercomputing Centre
Institute for Advanced Simulation
Forschungszentrum Juelich GmbH
52425 Juelich, Germany
E-Mail: l....@fz...
Phone: +49 2461 61-6576
Fax: +49 2461 61-6656

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens,
Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Support for Spanish language

[Krzysztof B. <kb...@un...>]

Hi Hubert,

Thanks for this offer! You can contribute translations in here:

https://hosted.weblate.org/projects/unity-idm/

Also, we will need to enable Spanish locale as one with provided 
translations. That's trivial, I'll open a ticket to get it done.

Best,
Krzysztof


W dniu 10.03.2025 o 09:56, Hubert Siejkowski pisze:
> Dear Krzysztof,
> dear Roman,
>
> We’re rolling out language support for our Spanish users of our 
> platform and were wondering if it’s possible to add Spanish 
> localisation in Unity-IdM. If there is no existing localisation, how 
> can we help out with translating some of the basic phrases?
>
> All the best,
> Hubert
>
> ACC Cyfronet of the AGH University of Krakow
> Interdisciplinary Scientific Computing Laboratory
> www.cyfronet.pl
>
> ---
> Uprzejmie informujemy, że:
> 1. Administratorem danych osobowych przekazanych przez Panią/Pana w 
> korespondencji e-mail jest Akademia Górniczo-Hutnicza im. Stanisława 
> Staszica w Krakowie (Akademickie Centrum Komputerowe Cyfronet AGH), 
> al. A. Mickiewicza 30, 30-059 Kraków, REGON: 00000157700022, NIP: 
> 6750001923.
> 2. Pani/Pana dane osobowe przetwarzane są w celu załatwienia sprawy 
> będącej przedmiotem wiadomości, w tym w celu niezbędnego kontaktu 
> z Panią/Panem.
> 3. Ma Pani/Pan prawo żądania od Administratora dostępu do swoich 
> danych osobowych, ich sprostowania, usunięcia, przenoszenia, 
> ograniczenia ich przetwarzania, prawo do cofnięcia zgody na 
> przetwarzanie oraz prawo wniesienia sprzeciwu wobec przetwarzania – w 
> przypadkach i na warunkach określonych w ogólnym rozporządzeniu 
> o ochronie danych osobowych z dnia 27 kwietnia 2016 r. (RODO).
> 4. Ze szczegółowymi informacjami na temat przetwarzania Pani/Pana 
> danych osobowych można zapoznać się tutaj 
> (https://www.cyfronet.pl/16906,artykul,ochrona_danych.html).
>
> Ta wiadomość i jej treść są zastrzeżone w zakresie wskazanym na 
> stronie internetowej http://www.cyfronet.pl/stopka/
> This e-mail and its content are reserved to the extent indicated on 
> the website http://www.cyfronet.pl/stopka/
> Diese Nachricht und ihr Inhalt sind in dem auf der Website angegebenen 
> Umfang vorbehalten http://www.cyfronet.pl/stopka/
>
>
> _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss

[Unity-idm-discuss] Support for Spanish language

[Hubert S. <hub...@cy...>]

Dear Krzysztof,
dear Roman,

We’re rolling out language support for our Spanish users of our platform 
and were wondering if it’s possible to add Spanish localisation in 
Unity-IdM. If there is no existing localisation, how can we help out 
with translating some of the basic phrases?

All the best,
Hubert

ACC Cyfronet of the AGH University of Krakow
Interdisciplinary Scientific Computing Laboratory
www.cyfronet.pl

---
Uprzejmie informujemy, że:
1. Administratorem danych osobowych przekazanych przez Panią/Pana w 
korespondencji e-mail jest Akademia Górniczo-Hutnicza im. Stanisława 
Staszica w Krakowie (Akademickie Centrum Komputerowe Cyfronet AGH), al. 
A. Mickiewicza 30, 30-059 Kraków, REGON: 00000157700022, NIP: 
6750001923.
2. Pani/Pana dane osobowe przetwarzane są w celu załatwienia sprawy 
będącej przedmiotem wiadomości, w tym w celu niezbędnego kontaktu 
z Panią/Panem.
3. Ma Pani/Pan prawo żądania od Administratora dostępu do swoich danych 
osobowych, ich sprostowania, usunięcia, przenoszenia, ograniczenia ich 
przetwarzania, prawo do cofnięcia zgody na przetwarzanie oraz prawo 
wniesienia sprzeciwu wobec przetwarzania – w przypadkach i na warunkach 
określonych w ogólnym rozporządzeniu o ochronie danych osobowych z dnia 
27 kwietnia 2016 r. (RODO).
4. Ze szczegółowymi informacjami na temat przetwarzania Pani/Pana danych 
osobowych można zapoznać się tutaj 
(https://www.cyfronet.pl/16906,artykul,ochrona_danych.html).

Ta wiadomość i jej treść są zastrzeżone w zakresie wskazanym na stronie 
internetowej http://www.cyfronet.pl/stopka/
This e-mail and its content are reserved to the extent indicated on the 
website http://www.cyfronet.pl/stopka/
Diese Nachricht und ihr Inhalt sind in dem auf der Website angegebenen 
Umfang vorbehalten http://www.cyfronet.pl/stopka/

[Unity-idm-discuss] Release 4.0.5 is available

[Krzysztof B. <kb...@un...>]

Dear Subscribers,

A subsequent patch release, improving version 4 stability was published.

The most important bugfixes in this patch release:

  * *Fixed auto-proxy authentication feature*
  * *Fixed loading of IdPs from SAML metadata w/o expected names set*

For the complete list see the changelog. All the details are available 
at https://unity-idm.eu/releases/release-4-0-5/

Best,
Krzysztof

[Unity-idm-discuss] Null Pointer on SAML federation

[Sander A. <sa....@fz...>]

Dear Krzysztof,
dear Roman,

we have the issue about NullPointer Exceptions (Cannot invoke
"String.compareToIgnoreCase(String)" because "thisName" is null) while
the login endpoints are loaded. We encountered the problem to one SAML
federation, which is our main login source. Can we do anything in the
configuration to avoid this problem. At the moment no login is
possible.

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellvertretende Vorsitzende),
Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] IllegalStateException

[Krzysztof B. <kb...@un...>]

W dniu 22.01.2025 o 08:54, Sander Apweiler pisze:
> Good morning Krzysztof,
> I'm sorry for the delay. I tried to reproduce the issue on my site.
> Sadly I was not able to reproduce it and did not got any feedback from
> users so far. Which configuration do you need?
>

I'd need to know what happened on user's end. In particular how this 
situation looked in web browser's console (and naturally on its main UI)

Best,
Krzysztof

Re: [Unity-idm-discuss] Cancelling/removing initiated logins

[Krzysztof B. <kb...@un...>]

W dniu 22.01.2025 o 09:39, Sander Apweiler pisze:
> Good morning Krzysztof,
> good morning Roman,
> at the moment we have some issues with increasing memory usage of
> unity. It seems that we have a growing number of initiated but not
> finalised logins. Is there any possibility to cancel and clean up those
> stucked logins in a shorter timeframe?

Hi Sander,

So it depends a bit on what are the dominant cases when a login is 
abandoned.

Assuming we have a simple situation, that someone hits Unity sign-in 
page, and closes a browser tab, then what happens is that HTTP session 
needs to be shut down.

This should be governed by the realm configuration of the endpoint. You 
have there login session timeout. HTTP session timeout is roughly synced 
with it.

HTH,
Krzysztof

Re: [Unity-idm-discuss] Some further bugs in 4.0.4

[Roman K. <ro...@un...>]

Hi Sander,

Sorry to be long in my replay.

Thank you very much for the reproduction steps, this issue has been on our
radar for a long time, and we did address one issue that contributes to the
problem.
This will be released in our next minor version, however we are monitoring
this and looking forward to your feedback once the new version is deployed.

Best regards,
Roman

pt., 17 sty 2025 o 13:39 Sander Apweiler <sa....@fz...>
napisał(a):

> Hello Krzysztof,
> luckily we are able to reproduce the "Can't Open This Page" problem. I
> attached some screenshots from the network console as well.
>
> How to reproduce it:
> - Start authN session in a browser tab (being on IdP selection page is
> fine)
> - Open a second browser tab
> - Start a new authN session in second browser tab from the same
> service, like you did in in the first tab
> - Select your IdP
>
> Before the user is forwarded the browser error is shown. It happens on
> both protocols SAML and OAuth between unity and downstream service. It
> seems that it is triggered from "offline-stub.html" file
>
> Best regards,
> Sander
>
> On Thu, 2025-01-02 at 17:51 +0100, Krzysztof Benedyczak wrote:
> >
> > Hi Sander,
> >
> >
> >
> >
> > I hope you had nice holidays, and happy new year!
> >
> >
> >
> >
> > Can you please clarify the two of your issues:
> >
> >
> >
> >
> > W dniu 20.12.2024 o 11:25, Sander Apweiler pisze:
> >
> >
> > >
> > > - After selecting the remote IdP, browsers sometimes shows errors
> > > about
> > > not allowed to show the content. Sounds a bit like CSP problems.
> > >
> >
> > Can you please describe this in more details? What does it mean
> > "selecting"? user clicks on an entry in grid, or tries to sign in to
> > it? Can we get some screenshot with dev tools network tab opened?
> >
> >
> >
> >
> > >
> > > - Attributes without a display name are empty in the "Add
> > > attributes"
> > > list if they are selected
> > >
> >
> > Can you specify about which place of the app you are referring to?
> >
> > Thank you,
> >  Krzysztof
> >
> >
>
> --
> Large-Scale Data Science
> Juelich Supercomputing Centre
>
> phone: +49 2461 61 8847
> fax: +49 2461 61 6656
> email: sa....@fz...
>
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> Forschungszentrum Jülich GmbH
> 52425 Jülich
> Sitz der Gesellschaft: Jülich
> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
> Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
> Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
>
>
>
> _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
>

[Unity-idm-discuss] Cancelling/removing initiated logins

[Sander A. <sa....@fz...>]

Good morning Krzysztof,
good morning Roman,
at the moment we have some issues with increasing memory usage of
unity. It seems that we have a growing number of initiated but not
finalised logins. Is there any possibility to cancel and clean up those
stucked logins in a shorter timeframe?

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] IllegalStateException

[Sander A. <sa....@fz...>]

Good morning Krzysztof,
I'm sorry for the delay. I tried to reproduce the issue on my site.
Sadly I was not able to reproduce it and did not got any feedback from
users so far. Which configuration do you need?

Best regards,
Sander

On Fri, 2022-12-02 at 15:51 +0100, Krzysztof Benedyczak wrote:
>  
> Hi Sander,
>  
> (This reply likely won't be correctly threaded under you original
> email, sorry about that -> result of recent problems with email
> provider we experienced) 
>  
> >  
> > Hi Krzysztof,
> > we have one user where we get IllegalStateException with the
> > message
> > "Comitted" at one service, stacktrace is attached.
> > 
> > The user only receive it for this service and the service works for
> > other users. Do you have a hin what could raise this exception?
> > 
> > Best regards,
> > Sander
> >  
>  
>  
> That's Jetty error, i.e. related to HTTP protocol or even something
> at lower level as TCP. AFAICS it is when sending a final OAuth reply
> after authn. 
>  
>  
> To be able to say more I'd need to know details of the configuration,
> user's browser and especially what happens on user's side.
>  
> Best,
>  Krzysztof
>  
>  

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Some further bugs in 4.0.4

[Sander A. <sa....@fz...>]

Hello Krzysztof,
luckily we are able to reproduce the "Can't Open This Page" problem. I
attached some screenshots from the network console as well.

How to reproduce it:
- Start authN session in a browser tab (being on IdP selection page is
fine)
- Open a second browser tab
- Start a new authN session in second browser tab from the same
service, like you did in in the first tab
- Select your IdP

Before the user is forwarded the browser error is shown. It happens on
both protocols SAML and OAuth between unity and downstream service. It
seems that it is triggered from "offline-stub.html" file

Best regards,
Sander

On Thu, 2025-01-02 at 17:51 +0100, Krzysztof Benedyczak wrote:
>  
> Hi Sander,
>  
> 
>  
>  
> I hope you had nice holidays, and happy new year!
>  
> 
>  
>  
> Can you please clarify the two of your issues:
>  
> 
>  
>  
> W dniu 20.12.2024 o 11:25, Sander Apweiler pisze:
>  
>  
> >  
> > - After selecting the remote IdP, browsers sometimes shows errors
> > about
> > not allowed to show the content. Sounds a bit like CSP problems.
> >  
>  
> Can you please describe this in more details? What does it mean
> "selecting"? user clicks on an entry in grid, or tries to sign in to
> it? Can we get some screenshot with dev tools network tab opened?
>  
>  
> 
>  
> >  
> > - Attributes without a display name are empty in the "Add
> > attributes"
> > list if they are selected
> >  
>  
> Can you specify about which place of the app you are referring to? 
>  
> Thank you,
>  Krzysztof
>  
>  

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Two UI bugs in console endpoint

[Sander A. <sa....@fz...>]

Good morning Krzysztof,
I was not able to reproduce the first issue today. Maybe the instance
was busy yesterday and did not update in time. So forget this issue.

Best regards,
Sander

On Thu, 2025-01-09 at 16:39 +0100, Krzysztof Benedyczak wrote:
>  
> Hi Sander,
>  
> 
>  
>  
> W dniu 8.01.2025 o 15:10, Sander Apweiler pisze:
>  
>  
> >  
> > Dear Krzyszttof,
> > dear Roman,
> > we found two further UI bugs in console endpoint of unity 4.0.4.
> > 
> > 1. If we select a group, e.g. root group, and switch to another
> > afterwards, the number of elements in the members area is reduced
> > to
> > the numbers of group members but it still shows the elements of the
> > first group and they are not selectable.
> >  
>  
> By "elements" you mean entities? We can't reproduce this problem. Can
> you provide screen recording  or simple reproduction steps (starting
> from empty groups)?
>  
>  
> 
>  
> >  
> > 2. If we switch the order of attribute statements by drag and drop,
> > the
> > whole list disappears and we need to switch to another view than
> > the
> > directory browser and switch back to see the attribute statements.
> >  
>  
> Confirmed, will be fixed in the next patch release.
>  
> Thank you,
>  Krzysztof
>  
>  

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Two UI bugs in console endpoint

[Krzysztof B. <kb...@un...>]

Hi Sander,

W dniu 8.01.2025 o 15:10, Sander Apweiler pisze:
> Dear Krzyszttof,
> dear Roman,
> we found two further UI bugs in console endpoint of unity 4.0.4.
>
> 1. If we select a group, e.g. root group, and switch to another
> afterwards, the number of elements in the members area is reduced to
> the numbers of group members but it still shows the elements of the
> first group and they are not selectable.

By "elements" you mean entities? We can't reproduce this problem. Can 
you provide screen recording  or simple reproduction steps (starting 
from empty groups)?

> 2. If we switch the order of attribute statements by drag and drop, the
> whole list disappears and we need to switch to another view than the
> directory browser and switch back to see the attribute statements.

Confirmed, will be fixed in the next patch release.

Thank you,
Krzysztof

Re: [Unity-idm-discuss] UI bug in authentication facilities

[Krzysztof B. <kb...@un...>]

Hi Sander,

W dniu 3.01.2025 o 12:27, Sander Apweiler pisze:
> Dear Krzysztof,
> dear Roman,
>
> during tests with dynamic expressions for MFA, I encountered another UI
> bug. When I click on the edit button of any authentication flow, I got
> only a page displaying "Error" and a red bot displaying "Can not get
> mfaEnforce authenticator - There is no [mfaEnforce] authenticator",
> while mfaEnforce is the authentication flow name. Clicking on the name
> of the authentication flow opens the editor and I'm able to edit the
> authentication flow.

Confirmed, will be fixed in the next patch.

Thank you,
Krzysztof

[Unity-idm-discuss] Two UI bugs in console endpoint

[Sander A. <sa....@fz...>]

Dear Krzyszttof,
dear Roman,
we found two further UI bugs in console endpoint of unity 4.0.4.

1. If we select a group, e.g. root group, and switch to another
afterwards, the number of elements in the members area is reduced to
the numbers of group members but it still shows the elements of the
first group and they are not selectable.

2. If we switch the order of attribute statements by drag and drop, the
whole list disappears and we need to switch to another view than the
directory browser and switch back to see the attribute statements.

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

[Unity-idm-discuss] UI bug in authentication facilities

[Sander A. <sa....@fz...>]

Dear Krzysztof,
dear Roman,

during tests with dynamic expressions for MFA, I encountered another UI
bug. When I click on the edit button of any authentication flow, I got
only a page displaying "Error" and a red bot displaying "Can not get
mfaEnforce authenticator - There is no [mfaEnforce] authenticator",
while mfaEnforce is the authentication flow name. Clicking on the name
of the authentication flow opens the editor and I'm able to edit the
authentication flow.

This happens on unity 4.0.4.

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] dynamic expression for MFA is not working

[Sander A. <sa....@fz...>]

Hi Krzysztof,
sorry for the long delay on my site. End of last year was very busy. I
tried to reproduce the problem today with the additional loggers, but
now it works on unity 4.0.4.

Best regards,
Sander

On Mon, 2024-12-09 at 18:09 +0100, Krzysztof Benedyczak wrote:
> Hi Sander,
> 
> W dniu 5.12.2024 o 12:40, Sander Apweiler pisze:
> > Hello Krzysztof,
> > hello Roman,
> > 
> > after our IdP starts releasing MFA usage information, we started to
> > test the dynamic expression on MFA. We started with a simple
> > condition
> > that local second factor should only be used, if the REFEDS profile
> > information is not available (see screenshot). Sadly unity shows
> > that
> > no second factor is configured, althought the information was
> > released
> > by the IdP. Sadly we do not see anything in the logs.
> 
> 1. we have tested something that you described and works as expected.
> 
> 2. to make progress can you please check some details of what is
> logged 
> during such failed authentication, with the following loggers set to
> TRACE:
> 
> unity.server.authn.AuthenticationFlowPolicyConfigMVELContextBuilder
> unity.server.authn.AuthenticationProcessor
> unicore.security.dsig.DigSignatureUtil
> unity.server.saml.SamlServletExtractionUtils
> 
> (naturally just for such authN, this will generate a lot of noise in
> logs)
> 
> the first one is the most important, will allow us to limit our 
> searching to one of two big parts of the process. The other are to
> check 
> early SAML side: see the actual SAML response and how it is parsed.
> 
> So in general I'd love to see the response message, and what goes
> into 
> authn flow.
> 
> Also we noticed one thing which is bit surprising on your last 
> screenshot: ACR is reported as attribute. That is very narrow part of
> log, so a lot of guessing on our side, but can you additionally share
> whether you have some input profile settings that manipulate ACR? or 
> maybe the ACR is received as a plain attribute?
> 
> Cheers,
> Krzysztof
> 

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Some further bugs in 4.0.4

[Sander A. <sa....@fz...>]

Good morning Krzysztof,
happy new year and I hope you had nice holidays, too.

About the first issue I try to collect further information. I was not
yet able to reproduce this, but I know some users who were able to do
it. At the moment they are still on holiday.

About the second point, I think it is everywhere in the UI where you
can configure attributes. I added screenshots from attribute statements
and form configuration.

Best regards,
Sander

On Thu, 2025-01-02 at 17:51 +0100, Krzysztof Benedyczak wrote:
>  
> Hi Sander,
>  
> 
>  
>  
> I hope you had nice holidays, and happy new year!
>  
> 
>  
>  
> Can you please clarify the two of your issues:
>  
> 
>  
>  
> W dniu 20.12.2024 o 11:25, Sander Apweiler pisze:
>  
>  
> >  
> > - After selecting the remote IdP, browsers sometimes shows errors
> > about
> > not allowed to show the content. Sounds a bit like CSP problems.
> >  
>  
> Can you please describe this in more details? What does it mean
> "selecting"? user clicks on an entry in grid, or tries to sign in to
> it? Can we get some screenshot with dev tools network tab opened?
>  
>  
> 
>  
> >  
> > - Attributes without a display name are empty in the "Add
> > attributes"
> > list if they are selected
> >  
>  
> Can you specify about which place of the app you are referring to? 
>  
> Thank you,
>  Krzysztof
>  
>  

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] Some further bugs in 4.0.4

[Krzysztof B. <kb...@un...>]

Hi Sander,

I hope you had nice holidays, and happy new year!

Can you please clarify the two of your issues:

W dniu 20.12.2024 o 11:25, Sander Apweiler pisze:
> - After selecting the remote IdP, browsers sometimes shows errors about
> not allowed to show the content. Sounds a bit like CSP problems.

Can you please describe this in more details? What does it mean 
"selecting"? user clicks on an entry in grid, or tries to sign in to it? 
Can we get some screenshot with dev tools network tab opened?

> - Attributes without a display name are empty in the "Add attributes"
> list if they are selected

Can you specify about which place of the app you are referring to?

Thank you,
Krzysztof

[Unity-idm-discuss] Some further bugs in 4.0.4

[Sander A. <sa....@fz...>]

Hello Krzysztof,
hello Roman,

thanks for the fixes in 4.0.4 release. During the tests and based on
the user feedback we found some further bugs.

- After selecting the remote IdP, browsers sometimes shows errors about
not allowed to show the content. Sounds a bit like CSP problems.
- If users login to userhome and agree a new policy (version), profile
tab is selected but the content of the tab is not shown. You need to
select another tab and switching back to profile to see the
information.
- Attributes without a display name are empty in the "Add attributes"
list if they are selected
- A lot of "session expired before push disconnect event was received"
stack traces.
- Deleting a form, which is used by upman shows "Error" but no further
information.

Beside of the problem reports, I want to thank you for all the support
and work during the year. I wish you some relaxing and happy holidays
and a good start in the next year.

Best regards,
Sander

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------