2020-09-24 16:28:50 |
Ionut-Madalin Balutoiu |
bug |
|
|
added bug |
2020-09-25 17:44:52 |
Corey Bryant |
nominated for series |
|
Ubuntu Focal |
|
2020-09-25 17:44:52 |
Corey Bryant |
bug task added |
|
lasso (Ubuntu Focal) |
|
2020-09-25 17:44:52 |
Corey Bryant |
nominated for series |
|
Ubuntu Groovy |
|
2020-09-25 17:44:52 |
Corey Bryant |
bug task added |
|
lasso (Ubuntu Groovy) |
|
2020-09-25 17:45:01 |
Corey Bryant |
lasso (Ubuntu Groovy): status |
New |
Triaged |
|
2020-09-25 17:45:05 |
Corey Bryant |
lasso (Ubuntu Groovy): importance |
Undecided |
High |
|
2020-09-25 17:45:08 |
Corey Bryant |
lasso (Ubuntu Focal): status |
New |
Triaged |
|
2020-09-25 17:45:10 |
Corey Bryant |
lasso (Ubuntu Focal): importance |
Undecided |
High |
|
2020-09-25 21:03:03 |
Launchpad Janitor |
lasso (Ubuntu Groovy): status |
Triaged |
Fix Released |
|
2020-09-29 09:42:42 |
Chris MacNaughton |
description |
The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
This was fixed in the upstream Lasso project (https://dev.entrouvert.org/issues/26828), and it is shipped with versions 2.6.1 or newer.
I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem. |
[Impact]
* liblasso3 fails when processing an ECP authn response
* ECP authn responses are required to make Keystone <-> Keystone federation work
[Test Case]
TBD
[Regression Potential]
Minimal. There are very few other packages that depend on it, and the change is trivial. There are fixes in handling SAML responses in which only the assertions are signed, in addition to a couple of fixes around handling assertion hints unexpectedly aborting.
-------------------------------------------------------------------
The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
This was fixed in the upstream Lasso project (https://dev.entrouvert.org/issues/26828), and it is shipped with versions 2.6.1 or newer.
I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem. |
|
2020-09-29 09:42:48 |
Chris MacNaughton |
summary |
liblasso3 on Bionic fails to process the ECP authn response |
[SRU] liblasso3 on Bionic fails to process the ECP authn response |
|
2020-09-29 17:45:13 |
Brian Murray |
lasso (Ubuntu Focal): status |
Triaged |
Incomplete |
|
2020-10-05 09:37:01 |
Chris MacNaughton |
description |
[Impact]
* liblasso3 fails when processing an ECP authn response
* ECP authn responses are required to make Keystone <-> Keystone federation work
[Test Case]
TBD
[Regression Potential]
Minimal. There are very few other packages that depend on it, and the change is trivial. There are fixes in handling SAML responses in which only the assertions are signed, in addition to a couple of fixes around handling assertion hints unexpectedly aborting.
-------------------------------------------------------------------
The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
This was fixed in the upstream Lasso project (https://dev.entrouvert.org/issues/26828), and it is shipped with versions 2.6.1 or newer.
I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem. |
[Impact]
* liblasso3 fails when processing an ECP authn response
* ECP authn responses are required to make Keystone <-> Keystone federation work
[Test Case]
Follow setup guide at
https://github.com/ionutbalutoiu/juju-keystone-federation to validate that the Keystone <-> Keystone federattion works after this update.
[Regression Potential]
Minimal. There are very few other packages that depend on it, and the change is trivial. There are fixes in handling SAML responses in which only the assertions are signed, in addition to a couple of fixes around handling assertion hints unexpectedly aborting.
-------------------------------------------------------------------
The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
This was fixed in the upstream Lasso project (https://dev.entrouvert.org/issues/26828), and it is shipped with versions 2.6.1 or newer.
I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem. |
|
2020-10-05 09:37:05 |
Chris MacNaughton |
lasso (Ubuntu Focal): status |
Incomplete |
New |
|
2020-10-06 13:43:56 |
Chris MacNaughton |
bug |
|
|
added subscriber Ubuntu SRU developers |
2020-10-06 20:50:29 |
Brian Murray |
lasso (Ubuntu Focal): status |
New |
Fix Committed |
|
2020-10-06 20:50:31 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-10-06 20:50:33 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2020-10-06 20:50:36 |
Brian Murray |
tags |
|
verification-needed verification-needed-focal |
|
2020-10-07 10:02:33 |
Chris MacNaughton |
bug |
|
|
added subscriber Chris MacNaughton |
2020-10-14 16:34:02 |
Ionut-Madalin Balutoiu |
tags |
verification-needed verification-needed-focal |
verification-done-focal verification-needed |
|
2020-10-15 14:52:59 |
Chris MacNaughton |
tags |
verification-done-focal verification-needed |
verification-done verification-done-focal |
|
2020-10-20 13:20:52 |
Launchpad Janitor |
lasso (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2020-10-20 13:20:55 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|