I am setting up SAML idp and got this error.
When landing on SAML login page in Uninvention, I was greeted with Internal server error.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/lib/python3/dist-packages/cherrypy/lib/encoding.py", line 220, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python3/dist-packages/cherrypy/_cpdispatch.py", line 60, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/sbin/univention-management-console-web-server", line 1262, in index
return acs(binding, message, relay_state)
File "/usr/sbin/univention-management-console-web-server", line 1270, in attribute_consuming_service
response = self.acs(message, binding)
File "/usr/sbin/univention-management-console-web-server", line 1403, in acs
response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
File "/usr/lib/python3/dist-packages/saml2/client_base.py", line 702, in parse_authn_request_response
binding, **kwargs)
File "/usr/lib/python3/dist-packages/saml2/entity.py", line 1138, in _parse_response
response = response.loads(xmlstr, False, origxml=origxml)
File "/usr/lib/python3/dist-packages/saml2/response.py", line 512, in loads
self._loads(xmldata, decode, origxml)
File "/usr/lib/python3/dist-packages/saml2/response.py", line 337, in _loads
**args)
File "/usr/lib/python3/dist-packages/saml2/sigver.py", line 1776, in correctly_signed_response
response = samlp.any_response_from_string(decoded_xml)
File "/usr/lib/python3/dist-packages/saml2/samlp.py", line 1852, in any_response_from_string
raise Exception("Unknown response type")
Exception: Unknown response type
If I close it, it will go to login and then back to selfservice portal.
When I look at syslog, here is what I found, nothing seems like an error.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Filter config for https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php->https://ucs-7560.bnb.host/univention/saml/metadata: array ( 0 => sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array( 'langattr' => 'preferredLanguage', 'priority' => 30, )), 1 => sspmod_core_Auth_Process_StatisticsWithAttribute::__set_state(array( 'attribute' => 'realm', 'typeTag' => 'saml20-idp-SSO', 'skipPassive' => false, 'priority' => 45, )), 2 => sspmod_core_Auth_Process_AttributeLimit::__set_state(array( 'allowedAttributes' => array ( ), 'isDefault' => false, 'priority' => 50, )), 3 => sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array( 'langattr' => 'preferredLanguage', 'priority' => 99, )), 4 => sspmod_core_Auth_Process_AttributeMap::__set_state(array( 'map' => array ( 'aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26', 'aliasedEntryName' => 'urn:oid:2.5.4.1', 'aliasedObjectName' => 'urn:oid:2.5.4.1', 'associatedDomain' => 'urn:oid:0.9.2342.19200300.100.1.37', 'associatedName' => 'urn:oid:0.9.2342.19200300.100.1.38', 'audio' => 'urn:oid:0.9.2342.19200300.100.1.55', 'authorityRevocationList' => 'urn:oid:2.5.4.38', 'buildingName' => 'urn:oid:0.9.2342.19200300.100.1.48', 'businessCategory' => 'urn:oid:2.5.4.15', 'c' => 'urn:oid:2.5.4.6', 'cACertificate' => 'urn:oid:2.5.4.37', 'cNAMERecord' => 'urn:oid:0.9.2342.19200300.100.1.31', 'carLicense' => 'urn:oid:2.16.840.1.113730.3.1.1', 'certificateRevocationList' => 'urn:oid:2.5.4.39', 'cn' => 'urn:oid:2.5.4.3', 'co' => 'urn:oid:0.9.2342.19200300.100.1.43', 'commonName' => 'urn:oid:2.5.4.3', 'countryName' => 'urn:oid:2.5.4.6', 'crossCertificatePair' => 'urn:oid:2.5.4.40', 'dITRedirect' => 'urn:oid:0.9.2342.19200300.100.1.54', 'dSAQuality' => 'urn:oid:0.9.2342.19200300.100.1.49', 'dc' => 'urn:oid:0.9.2342.19200300.100.1.25', 'deltaRevocationList' => 'urn:oid:2.5.4.53', 'departmentNumber' => 'urn:oid:2.16.840.1.113730.3.1.2', 'description' => 'urn:oid:2.5.4.13', 'destinationIndicator' => 'urn:oid:2.5.4.27', 'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241', 'distinguishedName' => 'urn:oid:2.5.4.49', 'dmdName' => 'urn:oid:2.5.4.54', 'dnQualifier' => 'urn:oid:2.5.4.46', 'documentAuthor' => 'urn:oid:0.9.2342.19200300.100.1.14', 'documentIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.11', 'documentLocation' => 'urn:oid:0.9.2342.19200300.100.1.15', 'documentPublisher' => 'urn:oid:0.9.2342.19200300.100.1.56', 'documentTitle' => 'urn:oid:0.9.2342.19200300.100.1.12', 'documentVersion' => 'urn:oid:0.9.2342.19200300.100.1.13', 'domainComponent' => 'urn:oid:0.9.2342.19200300.100.1.25', 'drink' => 'urn:oid:0.9.2342.19200300.100.1.5', 'eduOrgHomePageURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2', 'eduOrgIdentityAuthNPolicyURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3', 'eduOrgLegalName' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4', 'eduOrgSuperiorURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5', 'eduOrgWhitePagesURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6', 'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', 'eduPersonAssurance' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11', 'eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', 'eduPersonNickname' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2', 'eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3', 'eduPersonOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4', 'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5', 'eduPersonPrimaryOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8', 'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', 'eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', 'eduPersonUniqueId' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.13', 'eduPer
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 5 STAT [a9cbcb27fc] saml20-idp-SSO https://ucs-7560.bnb.host/univention/saml/metadata https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php NA
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] Sending SAML 2.0 Response to 'https://ucs-7560.bnb.host/univention/saml/metadata'
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Sending message:
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_061488669dfc1da440aaf149abd00ad17b7f1b0fe7" Version="2.0" IssueInstant="2022-12-09T06:31:39Z" Destination="https://ucs-7560.bnb.host/univention/saml/" InResponseTo="id-GAHY4bUiCJt3FTDmA">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Issuer>https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php</saml:Issuer>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Reference URI="#_061488669dfc1da440aaf149abd00ad17b7f1b0fe7">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestValue>hJw7fp9LAiidZdraGHMN+2ZpLtzBT1EwWQrdS344Zhc=</ds:DigestValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Reference>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureValue>f9vOobMLJ9eai93lVJH0Mc4GZRBTBFw6mcWlJygo3dDcYPRJTg17f4eqXcxnSQUPE7hVKPvvjjpqXC/fm5PsajsfRnc9izcr8ZdmNsXotrSgWGDtI04sVKzzXJFj8YfbZOCq0Hchhsds4JTSV4h2gu4nG0ZJEn8Zk+ZUrqQPm42N5tjjyuT0hqBoS03sIpMs8cp1Q8WV459odKgFlsHeRnzJTNo8iGsGcmGVb+PmNviX6+LrwgAmuW+hBQwQ7zLsKNtajqDEw7QOG2+AuE0UncJEDMWBXKt6e9TwLPB7cQDt7Edh26AkJTENMVNCCGTWJij+ljeSF+5tiTs5STp/+w==</ds:SignatureValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Certificate>MIIFLTCCBBWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAyMDU1MVoXDTI3MTIwODAyMDU1MVowgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGTAXBgNVBAMTEHVjcy1zc28uYm5iLmhvc3QxGzAZBgkqhkiG9w0BCQEWDHNzbEBibmIuaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJLGtG0UOZ9B3lWiJZBTwRPypMu16K118QnNYXApn/Nv0SukoLv6lcEcGBzjJOVxjK3P7aRUmkdQRUrQisjHGKEMhgHSnDWSAdMUb0kdEDxi1AZ/L4jX4IehYeBXt6K580gkY9Nu5lIYvmx+ga0h4w4UUI2m1kFi4nitqLe8tsn6Cib1rmsPwuFSVPGXO+zjhFK0qpBptBdmvTfkB8GtdbGuiPTkajbMbC3Ik7SqPRieuLC42cXKY48Q9rE9eIQ+pCzq9urYnMOsUKY+wTgPLWsHZTa+K22oaCXS6s6AxCwQWvv7EthX9jPFIGDfLwimFVc+CEhMGQXCc35BQs0XycCAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCxnp/lw4sz5eVr9mac/+vZSiJ0AMIH5BgNVHSMEgfEwge6AFMyZunax5DsOFor8dliBDTNfhCOXoYG/pIG8MIG5MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMREwDwYDVQQKEwhCbkIgSG9zdDEkMCIGA1UECxMbVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyMTowOAYDVQQDEzFVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIgUm9vdCBDQSAoSUQ9SzNuZWtRYmspMRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3SCFGI0Z81Eqk5DzeLcZH7t/V6rzzreMAsGA1UdDwQEAwIF4DAkBgNVHREEHTAbghB1Y3Mtc3NvLmJuYi5ob3N0ggd1Y3Mtc3NvMA0GCSqGSIb3DQEBCwUAA4IBAQDITdR0Wcyd3Y7aXOz8uqjGUMa0fLsvbPgi03qjyETr1hwfQxljRLEOct/ZP9x7UUws42AtpKSuY6MugIz4qYFLFT3RbxeuYnc8IJoMiX5G3ZCP8roR9F52hrvLPsPZ7AGSdkgRn6K5QaTZ0ZS/qj92s/wXT4+5z7ihYd50dQYklDGlOdJoh6ybEJt89lh7+1d2iHFtM0aIiSqin3JQI9ApmN1ge7Kx/6Js9B0NgLekp3OUf5ObNekki6vNIHSnlQ+8303CWVEcFukUMN/IjU4b/7qWC0NIdhgTy03xbthgnwR31Z61cuNiupZ7dvDO34skZN6z8r+lzGsI4lgUTPHv</ds:X509Certificate>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Signature>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:Status>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </samlp:Status>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_582f09da7aa0b26917b5a6aa68cb0f4933bc34fec0" Version="2.0" IssueInstant="2022-12-09T06:31:39Z">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Issuer>https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php</saml:Issuer>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Reference URI="#_582f09da7aa0b26917b5a6aa68cb0f4933bc34fec0">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestValue>ujfyiaEyS1/DqwhdncSmAam2z2yvqk0DrNrolN7igas=</ds:DigestValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Reference>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureValue>ZFcZjA2ZohtwV46SYJlwT3TDKBwapIXz1aZuDnIVqSRG3xr/fmvdHVqvzMpcH81+7zNxMJylsz6DTRwABhxvbOQgAVycp+WSW2mLQbWDgzf8k4/UH/i46WuKRntQZe0ytBSKZvf7pi8dLuGF8BgyLPziqb6yHy8ndaYoRWRhXHhQ8Sp9Xt2vnA4NEkL8AkLV85uT53ipb+SuDexwE9yDnQ1x9ZeHvm8By9FOObSEh84BhxEFqAOEFGsRkN/AoxzstY4Os8FsnEPlJ7j+dVC1oVu5A3y9zyozB1jf0ZkvNzpa1AYpngmZkY8h/9WkGJnPHUUrY0sIsrn5rRJ26P4skg==</ds:SignatureValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Certificate>MIIFLTCCBBWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAyMDU1MVoXDTI3MTIwODAyMDU1MVowgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGTAXBgNVBAMTEHVjcy1zc28uYm5iLmhvc3QxGzAZBgkqhkiG9w0BCQEWDHNzbEBibmIuaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJLGtG0UOZ9B3lWiJZBTwRPypMu16K118QnNYXApn/Nv0SukoLv6lcEcGBzjJOVxjK3P7aRUmkdQRUrQisjHGKEMhgHSnDWSAdMUb0kdEDxi1AZ/L4jX4IehYeBXt6K580gkY9Nu5lIYvmx+ga0h4w4UUI2m1kFi4nitqLe8tsn6Cib1rmsPwuFSVPGXO+zjhFK0qpBptBdmvTfkB8GtdbGuiPTkajbMbC3Ik7SqPRieuLC42cXKY48Q9rE9eIQ+pCzq9urYnMOsUKY+wTgPLWsHZTa+K22oaCXS6s6AxCwQWvv7EthX9jPFIGDfLwimFVc+CEhMGQXCc35BQs0XycCAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCxnp/lw4sz5eVr9mac/+vZSiJ0AMIH5BgNVHSMEgfEwge6AFMyZunax5DsOFor8dliBDTNfhCOXoYG/pIG8MIG5MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMREwDwYDVQQKEwhCbkIgSG9zdDEkMCIGA1UECxMbVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyMTowOAYDVQQDEzFVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIgUm9vdCBDQSAoSUQ9SzNuZWtRYmspMRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3SCFGI0Z81Eqk5DzeLcZH7t/V6rzzreMAsGA1UdDwQEAwIF4DAkBgNVHREEHTAbghB1Y3Mtc3NvLmJuYi5ob3N0ggd1Y3Mtc3NvMA0GCSqGSIb3DQEBCwUAA4IBAQDITdR0Wcyd3Y7aXOz8uqjGUMa0fLsvbPgi03qjyETr1hwfQxljRLEOct/ZP9x7UUws42AtpKSuY6MugIz4qYFLFT3RbxeuYnc8IJoMiX5G3ZCP8roR9F52hrvLPsPZ7AGSdkgRn6K5QaTZ0ZS/qj92s/wXT4+5z7ihYd50dQYklDGlOdJoh6ybEJt89lh7+1d2iHFtM0aIiSqin3JQI9ApmN1ge7Kx/6Js9B0NgLekp3OUf5ObNekki6vNIHSnlQ+8303CWVEcFukUMN/IjU4b/7qWC0NIdhgTy03xbthgnwR31Z61cuNiupZ7dvDO34skZN6z8r+lzGsI4lgUTPHv</ds:X509Certificate>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Signature>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Subject>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:NameID SPNameQualifier="https://ucs-7560.bnb.host/univention/saml/metadata" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_2c013094efa83c2f50f9d908aa7cb86ecf4e8b9d64</saml:NameID>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:SubjectConfirmationData NotOnOrAfter="2022-12-09T06:36:39Z" Recipient="https://ucs-7560.bnb.host/univention/saml/" InResponseTo="id-GAHY4bUiCJt3FTDmA"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:SubjectConfirmation>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:Subject>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Conditions NotBefore="2022-12-09T06:31:09Z" NotOnOrAfter="2022-12-09T06:36:39Z">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AudienceRestriction>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Audience>https://ucs-7560.bnb.host/univention/saml/metadata</saml:Audience>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:AudienceRestriction>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:Conditions>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AuthnStatement AuthnInstant="2022-12-09T06:22:26Z" SessionNotOnOrAfter="2022-12-09T18:22:26Z" SessionIndex="_d77795bb84b330c1e37ce6922dc10a5d789303552b">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AuthnContext>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:AuthnContext>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:AuthnStatement>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AttributeStatement>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:AttributeValue xsi:type="xs:string">Administrator</saml:AttributeValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:Attribute>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:AttributeStatement>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </saml:Assertion>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </samlp:Response>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Localization: using old system
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] /simplesamlphp/saml2/idp/SSOService.php - Template: Could not find template file [post.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/post.php] - now trying the base template
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] saving key simpleSAMLphp.session.133d7cc757244e3ef6833e6a85d4c16e to memcache
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Received message:
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:AuthnRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://ucs-7560.bnb.host/univention/saml/" Destination="https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/SSOService.php" ID="id-GAHY4bUiCJt3FTDmA" IssueInstant="2022-12-09T06:31:39Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://ucs-7560.bnb.host/univention/saml/metadata</saml:Issuer>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Signature Id="Signature1">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Reference URI="#id-GAHY4bUiCJt3FTDmA">
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Transforms>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:DigestValue>bnO/RjRyB2H+oJNZmKgtjKDQwdg=</ds:DigestValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Reference>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:SignedInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:SignatureValue>OmWDUoRBsVsqaavPfI6fXq9CX2w+xawuI22EQhTtpFMh2ZYoTJXxLrZwePyOxelA
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] ECaNAHgI8Yjr4g85UMamVZnwzw5turuuhPLMtMTmJG0JlCWD/R97H/JL9C8k+zOz
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] /vO5bCPUTR77MhPgh58w1npK1PWafXcKU5+lFAdLGgQdUNkmvvrTHqII9IZeuP+n
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] zTBIkbU/BKWHqpyvjtU5v9otDpaELqmLa9Obsu0LGufiMdbXqqHjF2BH5ArLq7vR
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] dFQaRIZ8UsNy8Mig+pJcWLkgNkSrj6xZtGhekwWNRReXUjwL4rVlBieE7vaTiKPB
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] 5wcKhICE+3ADtq4UeaMgWA==</ds:SignatureValue>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <ds:X509Certificate>MIIFMDCCBBigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAxNTg0N1oXDTI3MTIwODAxNTg0N1owgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGjAYBgNVBAMTEXVjcy03NTYwLmJuYi5ob3N0MRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmYhV55umb/ROfyg+u4y7y98m8Imc7srxtn2DsPhHXkY1QR4/fyuRVMsyaclRu3ZN6Opua4Rt7mxDiMva3mIFwB4cj6N8ZtNdRKKchIuxI7Mk7cBCid84HG57SC5+/U1YmXXIWnOp9IZsj/B5+Pwgvzvkzqtey5HK7WRcFwo6q5TDWI99UyVq3+6/tBjqTQIQAzo1yXFD5T8c+3H8qQNCgVj6PT8fwxP02k5rdPvULVhdLNr6vQUTwE7EtIfb99qu4hbfuxJLxa4Z59aQriWzGbiYFMFW39+7hoYJ8t2rdUz3BMhhu3Hns1uHfxxheXTTu4Wlv5dz+pf5Ir3f+4fCxAgMBAAGjggFfMIIBWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFNt4jtc9Fdk1LdCds3pPFH4A36DCB+QYDVR0jBIHxMIHugBTMmbp2seQ7DhaK/HZYgQ0zX4Qjl6GBv6SBvDCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0ghRiNGfNRKpOQ83i3GR+7f1eq8863jALBgNVHQ8EBAMCBeAwJgYDVR0RBB8wHYIRdWNzLTc1NjAuYm5iLmhvc3SCCHVjcy03NTYwMA0GCSqGSIb3DQEBCwUAA4IBAQCFY0QXqRIqkWtbq0bhgl/n3zVuOy2+fdALC/CG3YTr/oZfQ26AD+HpGYRyvQGMqqmjQgwGzFN0ubdimkCUILXg4q+BqN8fl1OVZQbOG3IYvErLGbQwHiTI6qbY6NJjYgChPW3eZ0qkGmuDxRUS0dC6LZo7aUPSbgs8Ii5G9lu1H4dIR0qj6WHpVZjqadN57rzqhSerJw4V7pUmsKqvYeZFm+G8UOcsgpIv1k+JkkXiqBDIMaoOisGAepIuBpHm4PcZXkOK4nsKN++qlJPJWefZIFF0yOZp9fE5oGSdjAhphSc8hEV4GH2Xwe7iM0u4FF6jOPCiKAnreumMJZB83Fu9</ds:X509Certificate>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:X509Data>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:KeyInfo>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </ds:Signature>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </samlp:AuthnRequest>
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Has 1 candidate keys for validation.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Validation with key #0 succeeded.
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] SAML2.0 - IdP.SSOService: incoming authentication request: 'https://ucs-7560.bnb.host/univention/saml/metadata'
Dec 8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] loading key simpleSAMLphp.session.133d7cc757244e3ef6833e6a85d4c16e from memcache
Dec 8 22:31:41 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec 8 22:31:41 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec 8 22:31:41 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec 8 22:31:41 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec 8 22:31:41 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec 8 22:31:41 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec 8 22:31:41 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec 8 22:31:41 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1
Dec 8 22:31:42 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec 8 22:31:42 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec 8 22:31:42 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec 8 22:31:42 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec 8 22:31:42 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec 8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec 8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec 8 22:31:42 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1
Dec 8 22:31:42 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec 8 22:31:42 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec 8 22:31:42 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec 8 22:31:42 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec 8 22:31:42 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec 8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec 8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec 8 22:31:42 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1
Any idea on what’s wrong?