The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
The liblasso3 package (dependency of libapache2- mod-auth- mellon) fails when processing a ECP authn response.
Error message given by the Apache2 Mellon auth module:
[auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found.
This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider).
I managed to reproduce this on:
* Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1
* Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1
This was fixed in the upstream Lasso project (https:/ /dev.entrouvert .org/issues/ 26828), and it is shipped with versions 2.6.1 or newer.
I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem.