Bug on metadata.py?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pySAML2 |
Fix Committed
|
Medium
|
Lorenzo Gil Sanchez |
Bug Description
On the "..../pysaml2-
def name(self, entity_id):
""" Find a name from the metadata about this entity id.
The name is either the display name, the name or the url
,in that order, for the organization.
:param entityid: The Entity ID
:return: A name
"""
try:
org = self.entity[
But on the generated metadata we found this:
<md:Organization>
<md:
<md:
<md:
<md:
<md:
<md:
</md:Organization>
and "Organization" doesn't match with "organization" for the capital letter "O".
This is a bug? Whitout the right replacement my Remote Installation of PEER software doesn't work.
Kind Regards,
Marco Malavolti
Roland Hedberg (roland-hedberg) wrote : Re: [Bug 931672] [NEW] Bug on metadata.py? | #1 |
MaLa (marco-malavolti) wrote : | #2 |
I've tryed to configure PEER for Remote Authentication and it doesn't work without that modification.
This is the debug message that I obtain without the modification:
Environment:
Request Method: GET
Request URL: https:/
Django Version: 1.3.1
Python Version: 2.6.6
Installed Applications:
['django.
'django.
'django.
'django.
'django.
'django.
'django.
'registration',
'south',
'djangosaml2',
'peer.account',
'peer.domain',
'peer.entity',
'peer.portal']
Installed Middleware:
('django.
'django.
'django.
'django.
'django.
Template error:
In template /var/www/
Caught AttributeError while rendering: 'NoneType' object has no attribute 'organization_
28 : {% if SAML_ENABLED %}
29 : {% load idplist mailtoadmins %}
30 :
31 : <div class="right block">
32 : <h2>{% trans "Federated sign in" %}</h2>
33 : <form id="federated-
34 : <fieldset>
35 : <p>
36 : <label for="id_idp">{% trans "Identity Provider" %}:</label>
37 : <select id="id_idp" name="idp">
38 : {% idplist as idps %}
39 : {% for url, name in idps %}
40 : <option value="{{ url }}">{% if name %}{{ name }}{% else %}{{ url }}{% endif %}</option>
41 : {% endfor %}
42 : </select>
43 : </p>
44 : <p>{% trans "Don't see your IdP in this list?" %} {% mailtoadmins %}</p>
45 : </fieldset>
46 : <fieldset class="actionRow">
47 : <input class="button" type="submit" value="{% trans "Federated sign in" %}" />
48 : </fieldset>
Traceback:
File "/var/www/
111. response = callback(request, *callback_args, **callback_kwargs)
File "/var/www/
93. response = view_func(request, *args, **kwargs)
File "/var/www/
79. response = view_func(request, *args, **kwargs)
File "/var/www/
69. context_
File "/var/www/
20. return HttpResponse(
Roland Hedberg (roland-hedberg) wrote : Re: [Bug 931672] Bug on metadata.py? | #3 |
14 feb 2012 kl. 09:06 skrev MaLa:
> I've tryed to configure PEER for Remote Authentication and it doesn't
> work without that modification.
Sorry, I don't know a lot about PEER, Lorenzo has to help us out on that part.
I do know pysaml2 though :-)
Could you send me the pysaml2 configuration file you are using ?
-- Roland
MaLa (marco-malavolti) wrote : | #4 |
Here you are:
SAML_CONFIG = {
'xmlsec_
'entityid': PEER_BASE_URL + '/saml2/metadata/',
'attribute_
'service': {
'sp' : {
'name': 'PEER SP',
],
},
},
},
'metadata': {
'local': ['/var/
},
'debug': 1,
'key_
'cert_
'contact_
'company': 'Yaco Sistemas',
'company': 'IDEM GARR',
],
'organization': {
'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
'url': [('https:/
},
'valid_for': 24,
}
Lorenzo Gil Sanchez (lgs) wrote : Re: [Bug 931672] Re: Bug on metadata.py? | #5 |
I'll try to reproduce this bug with the information you just supplied.
2012/2/14 MaLa <email address hidden>:
> Here you are:
>
> SAML_CONFIG = {
>
> 'xmlsec_binary': '/usr/bin/xmlsec1',
>
>
> 'entityid': PEER_BASE_URL + '/saml2/metadata/',
>
> 'attribute_
>
>
> 'service': {
>
> 'sp' : {
> 'name': 'PEER SP',
> 'endpoints': {
>
> 'assertion_
> (PEER_BASE_URL + '/saml2/acs/', saml2.BINDING_
> ],
>
> 'single_
> (PEER_BASE_URL + '/saml2/ls/', saml2.BINDING_
> ],
> },
>
> 'required_
>
> 'optional_
>
> },
> },
>
> 'metadata': {
> 'local': ['/var/
> },
>
> 'debug': 1,
>
> 'key_file'
> 'cert_file'
>
> 'contact_person': [
> {'given_name': 'Lorenzo',
> 'sur_name': 'Gil',
> 'company': 'Yaco Sistemas',
> 'email_address': '<email address hidden>',
> 'contact_type': 'technical'},
> {'given_name': 'Marco',
> 'sur_name': 'Malavolti',
> 'company': 'IDEM GARR',
> 'email_address': '<email address hidden>',
> 'contact_type': 'administrative'},
> ],
>
> 'organization': {
> 'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
> 'display_name': [('IDEM', 'it'), ('IDEM', 'en')],
> 'url': [('https:/
> },
>
> 'valid_for': 24,
> }
>
> --
> You received this bug notification because you are a member of pysaml2
> developers, which is subscribed to pySAML2.
> https:/
>
> Title:
> Bug on metadata.py?
>
> To manage notifications about this bug go to:
> https:/
MaLa (marco-malavolti) wrote : | #6 |
Thank You Lorenzo!
Roland Hedberg (roland-hedberg) wrote : Re: [Bug 931672] Bug on metadata.py? | #7 |
OK, so you're loading a local metadata file.
Would you mind sending me that too :-)
-- Roland
14 feb 2012 kl. 09:59 skrev MaLa:
> Here you are:
>
> SAML_CONFIG = {
>
> 'xmlsec_binary': '/usr/bin/xmlsec1',
>
>
> 'entityid': PEER_BASE_URL + '/saml2/metadata/',
>
> 'attribute_
>
>
> 'service': {
>
> 'sp' : {
> 'name': 'PEER SP',
> 'endpoints': {
>
> 'assertion_
> (PEER_BASE_URL + '/saml2/acs/', saml2.BINDING_
> ],
>
> 'single_
> (PEER_BASE_URL + '/saml2/ls/', saml2.BINDING_
> ],
> },
>
> 'required_
>
> 'optional_
>
> },
> },
>
> 'metadata': {
> 'local': ['/var/
> },
>
> 'debug': 1,
>
> 'key_file'
> 'cert_file'
>
> 'contact_person': [
> {'given_name': 'Lorenzo',
> 'sur_name': 'Gil',
> 'company': 'Yaco Sistemas',
> 'email_address': '<email address hidden>',
> 'contact_type': 'technical'},
> {'given_name': 'Marco',
> 'sur_name': 'Malavolti',
> 'company': 'IDEM GARR',
> 'email_address': '<email address hidden>',
> 'contact_type': 'administrative'},
> ],
>
> 'organization': {
> 'name': [('Idem Garr', 'it'), ('Idem Garr', 'en')],
> 'display_name': [('IDEM', 'it'), ('IDEM', 'en')],
> 'url': [('https:/
> },
>
> 'valid_for': 24,
> }
MaLa (marco-malavolti) wrote : | #8 |
Yes sure! Here you are:
idp_
<?xml version="1.0" encoding="UTF-8"?>
<EntityDesc
MIIDLDCCAhS
BQUAMBsxGTA
WhcNMzExMDE
IjANBgkqhki
8L/
dx4dA+
abRAhN8QFCd
uo6/
m/hX387IjhR
AQABo2cwZTB
cC5sYWIudW5
hSCe2fo50gx
861MJ9CufJQ
bbSX9phTe55
C2uvovllJeL
ZN1w5d4lsJ/
08sIFCHmvai
Roland Hedberg (roland-hedberg) wrote : Re: [Bug 931672] Re: Bug on metadata.py? | #9 |
Well, that's one less problem for me to solve :-)
I can't find any Organization information in the metadata file.
So I'm not surprised that the code couldn't find an organization name.
Granted, the code shouldn't raise an exception on this but rather just return the entityID or ...
Later versions are more robust in this respect.
-- Roland
14 feb 2012 kl. 10:45 skrev MaLa:
> Yes sure! Here you are:
>
> idp_metadata.xml:
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <EntityDescriptor xmlns="
>
> <IDPSSODescriptor protocolSupport
>
> <Extensions>
> <shibmd:Scope regexp=
> </Extensions>
>
> <KeyDescriptor>
> <ds:KeyInfo>
> <ds:X509Data>
> <ds:X509Certifi
> MIIDLDCCAhSgAwI
> BQUAMBsxGTAXBgN
> WhcNMzExMDE3MTc
> IjANBgkqhkiG9w0
> 8L/UCT80P6BNTVm
> dx4dA+kHQgUnVuw
> abRAhN8QFCdY/
> uo6/c6BFoGrZP7w
> m/hX387IjhRc2qO
> AQABo2cwZTBEBgN
> cC5sYWIudW5pbW8
> hSCe2fo50gxY8yt
> 861MJ9CufJQf4x7
> bbSX9phTe55pBwi
> C2uvovllJeLQmZ2
> ZN1w5d4lsJ/
> 08sIFCHmvai0BwL
>
> </ds:X509Certif
> </ds:X509Data>
> </ds:KeyInfo>
> </KeyDescriptor>
>
> <ArtifactResolu
>
> <ArtifactResolu
>
> <NameIDFormat>
> <NameIDFormat>
>
> <SingleSignOnSe
MaLa (marco-malavolti) wrote : | #10 |
The "metadata" are not only the metadata of IdPs that can communicate with the Service Provider?
It 's mandatory to have an IdP with the Organization and OrganizationName? YES, is required, because without it the code make these errors.
that's all?
Thank you!
Marco
Roland Hedberg (roland-hedberg) wrote : Re: [Bug 931672] Bug on metadata.py? | #11 |
14 feb 2012 kl. 14:19 skrev MaLa:
> The "metadata" are not only the metadata of IdPs that can communicate
> with the Service Provider?
No, there might be information about other entities too.
> It 's mandatory to have an IdP with the Organization and
> OrganizationName? YES, is required, because without it the code make
> these errors.
Well, there is no standard or anything like that that makes it mandatory.
Yes, the code raises an exception if no name can be found.
Later versions of the code doesn't, it just returns an empty string.
One could argue that the code that tries to lookup the name should be able to handle the
exception gracefully.
> that's all?
That's it! :-)
> Thank you!
You're well come!
-- Roland
Lorenzo Gil Sanchez (lgs) wrote : | #12 |
Marco, can you tell us which version of pysaml2 are you using?
I think you are using 0.4.0 and that would explain the problem because, so far djangosaml2 is only tested with 0.2.1. The problem is that djangosaml2 has not this version frozen in its setup.py, which I'll do very soon.
Roland Hedberg (roland-hedberg) wrote : | #14 |
14 feb 2012 kl. 15:00 skrev Lorenzo Gil Sanchez:
> Marco, can you tell us which version of pysaml2 are you using?
>
> I think you are using 0.4.0 and that would explain the problem because,
> so far djangosaml2 is only tested with 0.2.1. The problem is that
> djangosaml2 has not this version frozen in its setup.py, which I'll do
> very soon.
No, other information I've received makes me believe he uses 0.2.0 .
0.4.0 should not raise an exception like 0.2.X does it should just return an empty string.
-- Roland
MaLa (marco-malavolti) wrote : | #13 |
I've followed the documentation to install PEER and all its dependencies.
After "easy_install peer" I've found in path " /var/www/
async-0.
decorator-
distribute-
Django-
django_
django_
djangosaml2-
django_
dnspython-
easy-install.pth
fudge-1.
gitdb-0.
GitPython-
httplib2-
lxml-2.
Paste-1.
peer-0.
pip-0.7.2-py2.6.egg
psycopg2-
pyasn1-
Pygments-
pysaml2-
python_
recaptcha_
repoze.
setuptools.pth
smmap-0.
South-0.
zope.interface-
is that correct?
Lorenzo Gil Sanchez (lgs) wrote : | #15 |
If I do the easy_install peer I got pysaml2 0.4.0 and not 0.2.0 as you have.
Did you run that command today or is a previous run?
Something weird is happening with version dependencies :-(
MaLa (marco-malavolti) wrote : | #16 |
Can I replace the package "pysaml2-
There are other precautions to be taken into consideration?
Lorenzo Gil Sanchez (lgs) wrote : | #17 |
They are actually the same package, it's just a missmatch in the version field of the setup.py
I just updated pypi so now there is only pysaml2 0.2.1, the 0.2.0 is gone.
Lorenzo Gil Sanchez (lgs) wrote : | #18 |
Ok, I'm doing some progress. Now I can reproduce Marco's original problem:
Caught AttributeError while rendering: 'NoneType' object has no attribute 'organization_
Lorenzo Gil Sanchez (lgs) wrote : | #19 |
Ok, I just fixed this bug at http://
Marco, you will need to wait for next Pysaml2 release and even so I still need to update djangosaml2 to work with Pysaml2 >= 0.4.0
In the meantime, the simplest workaround for this bug is to actually define an organization in your metadata.
Changed in pysaml2: | |
status: | New → Fix Committed |
importance: | Undecided → Medium |
assignee: | nobody → Lorenzo Gil Sanchez (lgs) |
It's not a bug.
In pysaml2 there are classes by the name "Organization", "OrganizationName", and so on and it is the class names you see in the XML. display_ name, …
These classes has attributes. The class Organization has the attributes organization_name, organization_
The values of the attribute organization are instances of the class Organization.
You don't see the attribute names in the XML that is an internal Python representation and of course used in the code.
This is the reason behind the discrepancy you found between "Organization" in the XML representation and "organization" in the code.
Obviously there must be some behavior of PEER that wasn't what you suspected, that made you start looking at the code.
Could you tell us what that was ?!
-- Roland
13 feb 2012 kl. 21:31 skrev MaLa:
> Public bug reported: 0.2.0-py2. 6.egg/saml2/ metadata. py" file I found entity_ id]["organizati on"] nName xml:lang= "it">XXXXX< /md:Organizatio nName> nName xml:lang= "en">XXXXX< /md:Organizatio nName> nDisplayName "it">XXX< /md:Organizatio nDisplayName> nDisplayName "en">XXX< /md:Organizatio nDisplayName> /www.xxxx. it/it</md:Organizati onURL> /www.xxxx. it/en</md:Organizati onURL> /bugs.launchpad .net/bugs/ 931672 0.2.0-py2. 6.egg/saml2/ metadata. py" file I found entity_ id]["organizati on"] nName xml:lang= "it">XXXXX< /md:Organizatio nName> nName xml:lang= "en">XXXXX< /md:Organizatio nName>
>
> On the "..../pysaml2-
> this:
>
> def name(self, entity_id):
>
> """ Find a name from the metadata about this entity id.
>
> The name is either the display name, the name or the url
>
> ,in that order, for the organization.
>
>
> :param entityid: The Entity ID
>
> :return: A name
>
> """
>
> try:
>
> org = self.entity[
>
>
> But on the generated metadata we found this:
>
> <md:Organization>
>
> <md:Organizatio
>
> <md:Organizatio
>
> <md:Organizatio
> xml:lang=
>
> <md:Organizatio
> xml:lang=
>
> <md:OrganizationURL
> xml:lang="it">https:/
>
> <md:OrganizationURL
> xml:lang="en">https:/
>
> </md:Organization>
>
>
> and "Organization" doesn't match with "organization" for the capital letter "O".
>
> This is a bug? Whitout the right replacement my Remote Installation of
> PEER software doesn't work.
>
> Kind Regards,
>
> Marco Malavolti
>
> ** Affects: pysaml2
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of pysaml2
> developers, which is subscribed to pySAML2.
> https:/
>
> Title:
> Bug on metadata.py?
>
> Status in Python implementation of SAML2:
> New
>
> Bug description:
> On the "..../pysaml2-
> this:
>
> def name(self, entity_id):
>
> """ Find a name from the metadata about this entity id.
>
> The name is either the display name, the name or the url
>
> ,in that order, for the organization.
>
>
> :param entityid: The Entity ID
>
> :return: A name
>
> """
>
> try:
>
> org = self.entity[
>
>
> But on the generated metadata we found this:
>
> <md:Organization>
>
> <md:Organizatio
>
> <md:Organizatio
>
> ...