Moonshot ID Selector

  1. Bug #1636892
  2. Activity log

Activity log for bug #1636892

Date Who What changed Old value New value Message
2016-10-26 15:09:56 Mark Donnelly bug added bug
2016-10-26 15:10:29 Mark Donnelly description When the IdP's trust anchor changes (server cert, etc.), then the Moonshot ID Selector will rightly refuse to let a headless session continue. However, the error returned isn't very informative of the problem: ----------------------------------------------------------------------------------------------- # gss-client -mech 1.3.6.1.5.5.15.1.1.17 localhost gss@localhost "hi" GSS-API error str_to_oid: Unspecified GSS failure. Minor code may provide more information GSS-API error str_to_oid: Unknown error GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information GSS-API error initializing context: No Kerberos credentials available ----------------------------------------------------------------------------------------------- (Using -spnego on gss-client is even less informative, but that's not a bug for this project.) It would be great to have an error message that says something more like: ----------------------------------------------------------------------------------------------- # gss-client -mech 1.3.6.1.5.5.15.1.1.17 localhost gss@localhost "hi" GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information GSS-API error initializing context: The certificate we received for the authentication server for <realm> is different than expected ----------------------------------------------------------------------------------------------- When the IdP's trust anchor changes (server cert, etc.), then the Moonshot ID Selector will rightly refuse to let a headless session continue. However, the error returned isn't very informative of the problem: ---------------------------------------------------------------------------------# gss-client -mech 1.3.6.1.5.5.15.1.1.17 localhost gss@localhost "hi" GSS-API error str_to_oid: Unspecified GSS failure. Minor code may provide more information GSS-API error str_to_oid: Unknown error GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information GSS-API error initializing context: No Kerberos credentials available --------------------------------------------------------------------------------- (Using -spnego on gss-client is even less informative, but that's not a bug for this project.) It would be great to have an error message that says something more like: ---------------------------------------------------------------------------------# gss-client -mech 1.3.6.1.5.5.15.1.1.17 localhost gss@localhost "hi" GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information GSS-API error initializing context: The certificate we received for the authentication server for <realm> is different than expected ---------------------------------------------------------------------------------
2016-10-26 16:33:07 Mark Donnelly attachment added FreeRADIUS_output.txt https://bugs.launchpad.net/moonshot-ui/+bug/1636892/+attachment/4767762/+files/FreeRADIUS_output.txt
2017-04-28 15:04:49 Mark Donnelly moonshot-ui: status New Confirmed
2017-04-28 17:18:18 Margaret Cullen moonshot-ui: assignee Dan Breslau (dbreslau)