Menu
▾
▴
unity-idm-discuss
|
From: Sander A. <sa....@fz...> - 2022-08-15 05:56:04
Attachments:
smime.p7s
|
Good morning Krzysztof,
good morning Roman,
unity 3.9.0 has some issues on certificate renewal of remote IdPs. We
know 3 IdPs which renewed their certificate last week and connected via
federation metadata. We have five unity instances running and on four
the renewal worked, but on one not. Because it is not the same
instance, we do not expect that it is a problem of the instance itself.
The problem in the log is:
Caused by: eu.unicore.samly2.exceptions.SAMLValidationException:
Message signed with a key RSA Public Key
[ec:fe:73:15:c9:8d:5b:b7:f2:29:8f:14:d4:0c:7b:97:dd:77:18:f8],[56:66:d1
:a4]
modulus:
d1d91621db1e94605080cb67adb38b7fce48a377788402fadb7f1fc247468a09fec00d0
a4ed28a0248888bab2d7677c4f849713386a9637e1b4d7ece6e249d52946abbb036070b
2e9c3254acfe475c7cb0bc80e15a2acdbf05b6d7308b89529dbbec2fd39f5b16097cf5c
f39233ac1fd35875a1faae0c5fba2639a1068dd4d0347a3d82af2a3decb41a8bd7cc90f
82c5959ba80452081ec4388e5720df4d20a45113b0f9fd4c786864a0d5d646dc784252a
f5b76a5558e683e963c39d54197f04b6145341a9114ab4039a21e653d42d2029caa1b81
e0e276f86fefa7f6e941dd0a42d31683dbf7fd7b854512417900e37cb10cf809d31a4fb
7e625877fcdfe3e7ceb5c1e4ed38fc67b1685ed2d5335309e42cf60859e5ca38022b684
9916d222f1c290090bb2e7523bc6f666bdc0714c9570382a1e49037f79a03bb0c07cf4d
6446b6b1e9f176b375b414a0bb1905d789853bf6d39e9212f359ea39b1b6fb1bfe8dee8
19a8a5d4efbe1b4864d797c26bbe289e09bbfb2ac9a9149c7eb529f743a3d10f6558487
0adc9fdfcf4d7d6a6cff1c890998db9f9726b975446f469c6f8d30a77b9be1d6ed115bf
80e62916b156ca67be4f1faf9ac423df9ae7fade2b7dffb22ea95bafcd5b724391b09da
f4deb5e48ea5564ac56cdcb0828732fa408165a17d1a8a3b1088920b3eaa1132cba5766
bf124c1fb824a4fd226d815c9140a1
public exponent: 10001
not registered for https://idp.desy.de/idp/shibboleth
Best regards,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht,
Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Sander A. <sa....@fz...> - 2022-08-17 05:43:01
Attachments:
smime.p7s
|
Good morning, it seems that we found the root of the problem. The server where we had the problems, did not update the downloaded metadata files since 2 weeks. After removing them and restarting unity new versions were downloaded and login is working. Best regards, Sander On Mon, 2022-08-15 at 07:55 +0200, Sander Apweiler wrote: > Good morning Krzysztof, > good morning Roman, > > unity 3.9.0 has some issues on certificate renewal of remote IdPs. We > know 3 IdPs which renewed their certificate last week and connected > via > federation metadata. We have five unity instances running and on four > the renewal worked, but on one not. Because it is not the same > instance, we do not expect that it is a problem of the instance > itself. > > The problem in the log is: > Caused by: eu.unicore.samly2.exceptions.SAMLValidationException: > Message signed with a key RSA Public Key > [ec:fe:73:15:c9:8d:5b:b7:f2:29:8f:14:d4:0c:7b:97:dd:77:18:f8],[56:66: > d1 > :a4] > modulus: > d1d91621db1e94605080cb67adb38b7fce48a377788402fadb7f1fc247468a09fec00 > d0 > a4ed28a0248888bab2d7677c4f849713386a9637e1b4d7ece6e249d52946abbb03607 > 0b > 2e9c3254acfe475c7cb0bc80e15a2acdbf05b6d7308b89529dbbec2fd39f5b16097cf > 5c > f39233ac1fd35875a1faae0c5fba2639a1068dd4d0347a3d82af2a3decb41a8bd7cc9 > 0f > 82c5959ba80452081ec4388e5720df4d20a45113b0f9fd4c786864a0d5d646dc78425 > 2a > f5b76a5558e683e963c39d54197f04b6145341a9114ab4039a21e653d42d2029caa1b > 81 > e0e276f86fefa7f6e941dd0a42d31683dbf7fd7b854512417900e37cb10cf809d31a4 > fb > 7e625877fcdfe3e7ceb5c1e4ed38fc67b1685ed2d5335309e42cf60859e5ca38022b6 > 84 > 9916d222f1c290090bb2e7523bc6f666bdc0714c9570382a1e49037f79a03bb0c07cf > 4d > 6446b6b1e9f176b375b414a0bb1905d789853bf6d39e9212f359ea39b1b6fb1bfe8de > e8 > 19a8a5d4efbe1b4864d797c26bbe289e09bbfb2ac9a9149c7eb529f743a3d10f65584 > 87 > 0adc9fdfcf4d7d6a6cff1c890998db9f9726b975446f469c6f8d30a77b9be1d6ed115 > bf > 80e62916b156ca67be4f1faf9ac423df9ae7fade2b7dffb22ea95bafcd5b724391b09 > da > f4deb5e48ea5564ac56cdcb0828732fa408165a17d1a8a3b1088920b3eaa1132cba57 > 66 > bf124c1fb824a4fd226d815c9140a1 > public exponent: 10001 > not registered for https://idp.desy.de/idp/shibboleth > > Best regards, > Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2022-08-17 08:31:29
|
hi, W dniu 17.08.2022 o 07:42, Sander Apweiler pisze: > Good morning, > it seems that we found the root of the problem. The server where we had > the problems, did not update the downloaded metadata files since 2 > weeks. After removing them and restarting unity new versions were > downloaded and login is working. > Ok. Do you suspect a bug in metadata refreshing, or this 2 weeks old metadata file could happen in legitimate way according to your configuration? Thanks, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2022-08-17 08:39:55
Attachments:
smime.p7s
|
Hi Krysztof, I'm not sure. We reduced the interval from 12 hours to one on the instance and they where still not reloaded. But in general, we are using the same config on all instances. I'll keep an eye on the metadata files and let you know if the problem comes up again. Best regards, Sander On Wed, 2022-08-17 at 10:31 +0200, Krzysztof Benedyczak wrote: > hi, > > W dniu 17.08.2022 o 07:42, Sander Apweiler pisze: > > Good morning, > > it seems that we found the root of the problem. The server where we > > had > > the problems, did not update the downloaded metadata files since 2 > > weeks. After removing them and restarting unity new versions were > > downloaded and login is working. > > > Ok. Do you suspect a bug in metadata refreshing, or this 2 weeks old > metadata file could happen in legitimate way according to your > configuration? > > Thanks, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2022-08-30 08:06:34
Attachments:
smime.p7s
|
Good morning Krzysztof, we tried with different configuration, but for some reason the metadata file is not updated. Even with the default update configuration it is not updated. It might be a bug within the refreshing part. During the update to unity 3.9, the configuration did not change. Best regards, Sander On Wed, 2022-08-17 at 10:31 +0200, Krzysztof Benedyczak wrote: > hi, > > W dniu 17.08.2022 o 07:42, Sander Apweiler pisze: > > Good morning, > > it seems that we found the root of the problem. The server where we > > had > > the problems, did not update the downloaded metadata files since 2 > > weeks. After removing them and restarting unity new versions were > > downloaded and login is working. > > > Ok. Do you suspect a bug in metadata refreshing, or this 2 weeks old > metadata file could happen in legitimate way according to your > configuration? > > Thanks, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2022-09-02 10:35:27
|
W dniu 30.08.2022 o 10:06, Sander Apweiler pisze: > Good morning Krzysztof, > we tried with different configuration, but for some reason the metadata > file is not updated. Even with the default update configuration it is > not updated. It might be a bug within the refreshing part. During the > update to unity 3.9, the configuration did not change. Thanks, we will investigate then. Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2022-10-14 10:33:35
|
Returning to this one: W dniu 30.08.2022 o 10:06, Sander Apweiler pisze: > Good morning Krzysztof, > we tried with different configuration, but for some reason the metadata > file is not updated. Even with the default update configuration it is > not updated. It might be a bug within the refreshing part. During the > update to unity 3.9, the configuration did not change. We have run a ton of tests in this area when working on features related to 3.11.0 SAML enhancements. Some smaller bugs were found and fixed, however the situation you have described never happened in number of different configurations. There were also improvements in this process implemented in 3.9.1. Could you re-verify if this problem appears also on 3.11? I have high hopes that this issue is gone. Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2022-10-14 10:41:01
Attachments:
smime.p7s
|
Hi Krzysztof, yes when we are finished with testings and updated the instances, we keep an eye on this and see if it appears again. Best regards, Sander On Fri, 2022-10-14 at 12:33 +0200, Krzysztof Benedyczak wrote: > Returning to this one: > > W dniu 30.08.2022 o 10:06, Sander Apweiler pisze: > > Good morning Krzysztof, > > we tried with different configuration, but for some reason the > > metadata > > file is not updated. Even with the default update configuration it > > is > > not updated. It might be a bug within the refreshing part. During > > the > > update to unity 3.9, the configuration did not change. > > We have run a ton of tests in this area when working on features > related > to 3.11.0 SAML enhancements. Some smaller bugs were found and fixed, > however the situation you have described never happened in number of > different configurations. > > There were also improvements in this process implemented in 3.9.1. > Could > you re-verify if this problem appears also on 3.11? I have high hopes > that this issue is gone. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X