SAML error - Internal Error

I am setting up SAML idp and got this error.
When landing on SAML login page in Uninvention, I was greeted with Internal server error.


Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python3/dist-packages/cherrypy/lib/encoding.py", line 220, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/cherrypy/_cpdispatch.py", line 60, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1262, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1270, in attribute_consuming_service
    response = self.acs(message, binding)
  File "/usr/sbin/univention-management-console-web-server", line 1403, in acs
    response = self.sp.parse_authn_request_response(message, binding, self.outstanding_queries)
  File "/usr/lib/python3/dist-packages/saml2/client_base.py", line 702, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python3/dist-packages/saml2/entity.py", line 1138, in _parse_response
    response = response.loads(xmlstr, False, origxml=origxml)
  File "/usr/lib/python3/dist-packages/saml2/response.py", line 512, in loads
    self._loads(xmldata, decode, origxml)
  File "/usr/lib/python3/dist-packages/saml2/response.py", line 337, in _loads
    **args)
  File "/usr/lib/python3/dist-packages/saml2/sigver.py", line 1776, in correctly_signed_response
    response = samlp.any_response_from_string(decoded_xml)
  File "/usr/lib/python3/dist-packages/saml2/samlp.py", line 1852, in any_response_from_string
    raise Exception("Unknown response type")
Exception: Unknown response type

If I close it, it will go to login and then back to selfservice portal.
When I look at syslog, here is what I found, nothing seems like an error.

Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Session: Valid session found with 'univention-ldap'.
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Filter config for https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php->https://ucs-7560.bnb.host/univention/saml/metadata: array (  0 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 30,  )),  1 =>   sspmod_core_Auth_Process_StatisticsWithAttribute::__set_state(array(     'attribute' => 'realm',     'typeTag' => 'saml20-idp-SSO',     'skipPassive' => false,     'priority' => 45,  )),  2 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(     'allowedAttributes' =>     array (    ),     'isDefault' => false,     'priority' => 50,  )),  3 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 99,  )),  4 =>   sspmod_core_Auth_Process_AttributeMap::__set_state(array(     'map' =>     array (      'aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26',      'aliasedEntryName' => 'urn:oid:2.5.4.1',      'aliasedObjectName' => 'urn:oid:2.5.4.1',      'associatedDomain' => 'urn:oid:0.9.2342.19200300.100.1.37',      'associatedName' => 'urn:oid:0.9.2342.19200300.100.1.38',      'audio' => 'urn:oid:0.9.2342.19200300.100.1.55',      'authorityRevocationList' => 'urn:oid:2.5.4.38',      'buildingName' => 'urn:oid:0.9.2342.19200300.100.1.48',      'businessCategory' => 'urn:oid:2.5.4.15',      'c' => 'urn:oid:2.5.4.6',      'cACertificate' => 'urn:oid:2.5.4.37',      'cNAMERecord' => 'urn:oid:0.9.2342.19200300.100.1.31',      'carLicense' => 'urn:oid:2.16.840.1.113730.3.1.1',      'certificateRevocationList' => 'urn:oid:2.5.4.39',      'cn' => 'urn:oid:2.5.4.3',      'co' => 'urn:oid:0.9.2342.19200300.100.1.43',      'commonName' => 'urn:oid:2.5.4.3',      'countryName' => 'urn:oid:2.5.4.6',      'crossCertificatePair' => 'urn:oid:2.5.4.40',      'dITRedirect' => 'urn:oid:0.9.2342.19200300.100.1.54',      'dSAQuality' => 'urn:oid:0.9.2342.19200300.100.1.49',      'dc' => 'urn:oid:0.9.2342.19200300.100.1.25',      'deltaRevocationList' => 'urn:oid:2.5.4.53',      'departmentNumber' => 'urn:oid:2.16.840.1.113730.3.1.2',      'description' => 'urn:oid:2.5.4.13',      'destinationIndicator' => 'urn:oid:2.5.4.27',      'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',      'distinguishedName' => 'urn:oid:2.5.4.49',      'dmdName' => 'urn:oid:2.5.4.54',      'dnQualifier' => 'urn:oid:2.5.4.46',      'documentAuthor' => 'urn:oid:0.9.2342.19200300.100.1.14',      'documentIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.11',      'documentLocation' => 'urn:oid:0.9.2342.19200300.100.1.15',      'documentPublisher' => 'urn:oid:0.9.2342.19200300.100.1.56',      'documentTitle' => 'urn:oid:0.9.2342.19200300.100.1.12',      'documentVersion' => 'urn:oid:0.9.2342.19200300.100.1.13',      'domainComponent' => 'urn:oid:0.9.2342.19200300.100.1.25',      'drink' => 'urn:oid:0.9.2342.19200300.100.1.5',      'eduOrgHomePageURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2',      'eduOrgIdentityAuthNPolicyURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3',      'eduOrgLegalName' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4',      'eduOrgSuperiorURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5',      'eduOrgWhitePagesURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6',      'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',      'eduPersonAssurance' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11',      'eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',      'eduPersonNickname' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2',      'eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',      'eduPersonOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4',      'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',      'eduPersonPrimaryOrgUnitDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8',      'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',      'eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',      'eduPersonTargetedID' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10',      'eduPersonUniqueId' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.13',      'eduPer
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 5 STAT [a9cbcb27fc] saml20-idp-SSO https://ucs-7560.bnb.host/univention/saml/metadata https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php NA
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] Sending SAML 2.0 Response to 'https://ucs-7560.bnb.host/univention/saml/metadata'
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Sending message:
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_061488669dfc1da440aaf149abd00ad17b7f1b0fe7" Version="2.0" IssueInstant="2022-12-09T06:31:39Z" Destination="https://ucs-7560.bnb.host/univention/saml/" InResponseTo="id-GAHY4bUiCJt3FTDmA">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <saml:Issuer>https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php</saml:Issuer>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:Reference URI="#_061488669dfc1da440aaf149abd00ad17b7f1b0fe7">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         </ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:DigestValue>hJw7fp9LAiidZdraGHMN+2ZpLtzBT1EwWQrdS344Zhc=</ds:DigestValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:Reference>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:SignatureValue>f9vOobMLJ9eai93lVJH0Mc4GZRBTBFw6mcWlJygo3dDcYPRJTg17f4eqXcxnSQUPE7hVKPvvjjpqXC/fm5PsajsfRnc9izcr8ZdmNsXotrSgWGDtI04sVKzzXJFj8YfbZOCq0Hchhsds4JTSV4h2gu4nG0ZJEn8Zk+ZUrqQPm42N5tjjyuT0hqBoS03sIpMs8cp1Q8WV459odKgFlsHeRnzJTNo8iGsGcmGVb+PmNviX6+LrwgAmuW+hBQwQ7zLsKNtajqDEw7QOG2+AuE0UncJEDMWBXKt6e9TwLPB7cQDt7Edh26AkJTENMVNCCGTWJij+ljeSF+5tiTs5STp/+w==</ds:SignatureValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:X509Certificate>MIIFLTCCBBWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAyMDU1MVoXDTI3MTIwODAyMDU1MVowgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGTAXBgNVBAMTEHVjcy1zc28uYm5iLmhvc3QxGzAZBgkqhkiG9w0BCQEWDHNzbEBibmIuaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJLGtG0UOZ9B3lWiJZBTwRPypMu16K118QnNYXApn/Nv0SukoLv6lcEcGBzjJOVxjK3P7aRUmkdQRUrQisjHGKEMhgHSnDWSAdMUb0kdEDxi1AZ/L4jX4IehYeBXt6K580gkY9Nu5lIYvmx+ga0h4w4UUI2m1kFi4nitqLe8tsn6Cib1rmsPwuFSVPGXO+zjhFK0qpBptBdmvTfkB8GtdbGuiPTkajbMbC3Ik7SqPRieuLC42cXKY48Q9rE9eIQ+pCzq9urYnMOsUKY+wTgPLWsHZTa+K22oaCXS6s6AxCwQWvv7EthX9jPFIGDfLwimFVc+CEhMGQXCc35BQs0XycCAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCxnp/lw4sz5eVr9mac/+vZSiJ0AMIH5BgNVHSMEgfEwge6AFMyZunax5DsOFor8dliBDTNfhCOXoYG/pIG8MIG5MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMREwDwYDVQQKEwhCbkIgSG9zdDEkMCIGA1UECxMbVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyMTowOAYDVQQDEzFVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIgUm9vdCBDQSAoSUQ9SzNuZWtRYmspMRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3SCFGI0Z81Eqk5DzeLcZH7t/V6rzzreMAsGA1UdDwQEAwIF4DAkBgNVHREEHTAbghB1Y3Mtc3NvLmJuYi5ob3N0ggd1Y3Mtc3NvMA0GCSqGSIb3DQEBCwUAA4IBAQDITdR0Wcyd3Y7aXOz8uqjGUMa0fLsvbPgi03qjyETr1hwfQxljRLEOct/ZP9x7UUws42AtpKSuY6MugIz4qYFLFT3RbxeuYnc8IJoMiX5G3ZCP8roR9F52hrvLPsPZ7AGSdkgRn6K5QaTZ0ZS/qj92s/wXT4+5z7ihYd50dQYklDGlOdJoh6ybEJt89lh7+1d2iHFtM0aIiSqin3JQI9ApmN1ge7Kx/6Js9B0NgLekp3OUf5ObNekki6vNIHSnlQ+8303CWVEcFukUMN/IjU4b/7qWC0NIdhgTy03xbthgnwR31Z61cuNiupZ7dvDO34skZN6z8r+lzGsI4lgUTPHv</ds:X509Certificate>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   </ds:Signature>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <samlp:Status>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   </samlp:Status>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_582f09da7aa0b26917b5a6aa68cb0f4933bc34fec0" Version="2.0" IssueInstant="2022-12-09T06:31:39Z">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <saml:Issuer>https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php</saml:Issuer>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:Reference URI="#_582f09da7aa0b26917b5a6aa68cb0f4933bc34fec0">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]             <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           </ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:DigestValue>ujfyiaEyS1/DqwhdncSmAam2z2yvqk0DrNrolN7igas=</ds:DigestValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         </ds:Reference>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:SignatureValue>ZFcZjA2ZohtwV46SYJlwT3TDKBwapIXz1aZuDnIVqSRG3xr/fmvdHVqvzMpcH81+7zNxMJylsz6DTRwABhxvbOQgAVycp+WSW2mLQbWDgzf8k4/UH/i46WuKRntQZe0ytBSKZvf7pi8dLuGF8BgyLPziqb6yHy8ndaYoRWRhXHhQ8Sp9Xt2vnA4NEkL8AkLV85uT53ipb+SuDexwE9yDnQ1x9ZeHvm8By9FOObSEh84BhxEFqAOEFGsRkN/AoxzstY4Os8FsnEPlJ7j+dVC1oVu5A3y9zyozB1jf0ZkvNzpa1AYpngmZkY8h/9WkGJnPHUUrY0sIsrn5rRJ26P4skg==</ds:SignatureValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:X509Certificate>MIIFLTCCBBWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAyMDU1MVoXDTI3MTIwODAyMDU1MVowgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGTAXBgNVBAMTEHVjcy1zc28uYm5iLmhvc3QxGzAZBgkqhkiG9w0BCQEWDHNzbEBibmIuaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJLGtG0UOZ9B3lWiJZBTwRPypMu16K118QnNYXApn/Nv0SukoLv6lcEcGBzjJOVxjK3P7aRUmkdQRUrQisjHGKEMhgHSnDWSAdMUb0kdEDxi1AZ/L4jX4IehYeBXt6K580gkY9Nu5lIYvmx+ga0h4w4UUI2m1kFi4nitqLe8tsn6Cib1rmsPwuFSVPGXO+zjhFK0qpBptBdmvTfkB8GtdbGuiPTkajbMbC3Ik7SqPRieuLC42cXKY48Q9rE9eIQ+pCzq9urYnMOsUKY+wTgPLWsHZTa+K22oaCXS6s6AxCwQWvv7EthX9jPFIGDfLwimFVc+CEhMGQXCc35BQs0XycCAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCxnp/lw4sz5eVr9mac/+vZSiJ0AMIH5BgNVHSMEgfEwge6AFMyZunax5DsOFor8dliBDTNfhCOXoYG/pIG8MIG5MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVMxCzAJBgNVBAcTAlVTMREwDwYDVQQKEwhCbkIgSG9zdDEkMCIGA1UECxMbVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyMTowOAYDVQQDEzFVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIgUm9vdCBDQSAoSUQ9SzNuZWtRYmspMRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3SCFGI0Z81Eqk5DzeLcZH7t/V6rzzreMAsGA1UdDwQEAwIF4DAkBgNVHREEHTAbghB1Y3Mtc3NvLmJuYi5ob3N0ggd1Y3Mtc3NvMA0GCSqGSIb3DQEBCwUAA4IBAQDITdR0Wcyd3Y7aXOz8uqjGUMa0fLsvbPgi03qjyETr1hwfQxljRLEOct/ZP9x7UUws42AtpKSuY6MugIz4qYFLFT3RbxeuYnc8IJoMiX5G3ZCP8roR9F52hrvLPsPZ7AGSdkgRn6K5QaTZ0ZS/qj92s/wXT4+5z7ihYd50dQYklDGlOdJoh6ybEJt89lh7+1d2iHFtM0aIiSqin3JQI9ApmN1ge7Kx/6Js9B0NgLekp3OUf5ObNekki6vNIHSnlQ+8303CWVEcFukUMN/IjU4b/7qWC0NIdhgTy03xbthgnwR31Z61cuNiupZ7dvDO34skZN6z8r+lzGsI4lgUTPHv</ds:X509Certificate>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         </ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </ds:Signature>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <saml:Subject>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <saml:NameID SPNameQualifier="https://ucs-7560.bnb.host/univention/saml/metadata" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_2c013094efa83c2f50f9d908aa7cb86ecf4e8b9d64</saml:NameID>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <saml:SubjectConfirmationData NotOnOrAfter="2022-12-09T06:36:39Z" Recipient="https://ucs-7560.bnb.host/univention/saml/" InResponseTo="id-GAHY4bUiCJt3FTDmA"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </saml:SubjectConfirmation>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </saml:Subject>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <saml:Conditions NotBefore="2022-12-09T06:31:09Z" NotOnOrAfter="2022-12-09T06:36:39Z">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <saml:AudienceRestriction>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <saml:Audience>https://ucs-7560.bnb.host/univention/saml/metadata</saml:Audience>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </saml:AudienceRestriction>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </saml:Conditions>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <saml:AuthnStatement AuthnInstant="2022-12-09T06:22:26Z" SessionNotOnOrAfter="2022-12-09T18:22:26Z" SessionIndex="_d77795bb84b330c1e37ce6922dc10a5d789303552b">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <saml:AuthnContext>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </saml:AuthnContext>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </saml:AuthnStatement>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <saml:AttributeStatement>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <saml:AttributeValue xsi:type="xs:string">Administrator</saml:AttributeValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </saml:Attribute>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </saml:AttributeStatement>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   </saml:Assertion>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </samlp:Response>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Localization: using old system
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] /simplesamlphp/saml2/idp/SSOService.php - Template: Could not find template file [post.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/post.php] - now trying the base template
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] saving key simpleSAMLphp.session.133d7cc757244e3ef6833e6a85d4c16e to memcache
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Received message:
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] <samlp:AuthnRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://ucs-7560.bnb.host/univention/saml/" Destination="https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/SSOService.php" ID="id-GAHY4bUiCJt3FTDmA" IssueInstant="2022-12-09T06:31:39Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://ucs-7560.bnb.host/univention/saml/metadata</saml:Issuer>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <ds:Signature Id="Signature1">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:Reference URI="#id-GAHY4bUiCJt3FTDmA">
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         </ds:Transforms>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:DigestValue>bnO/RjRyB2H+oJNZmKgtjKDQwdg=</ds:DigestValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:Reference>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </ds:SignedInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:SignatureValue>OmWDUoRBsVsqaavPfI6fXq9CX2w+xawuI22EQhTtpFMh2ZYoTJXxLrZwePyOxelA
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] ECaNAHgI8Yjr4g85UMamVZnwzw5turuuhPLMtMTmJG0JlCWD/R97H/JL9C8k+zOz
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] /vO5bCPUTR77MhPgh58w1npK1PWafXcKU5+lFAdLGgQdUNkmvvrTHqII9IZeuP+n
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] zTBIkbU/BKWHqpyvjtU5v9otDpaELqmLa9Obsu0LGufiMdbXqqHjF2BH5ArLq7vR
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] dFQaRIZ8UsNy8Mig+pJcWLkgNkSrj6xZtGhekwWNRReXUjwL4rVlBieE7vaTiKPB
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] 5wcKhICE+3ADtq4UeaMgWA==</ds:SignatureValue>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     <ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       <ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]         <ds:X509Certificate>MIIFMDCCBBigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0MB4XDTIyMTIwOTAxNTg0N1oXDTI3MTIwODAxNTg0N1owgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVUzELMAkGA1UEBxMCVVMxETAPBgNVBAoTCEJuQiBIb3N0MSQwIgYDVQQLExtVbml2ZW50aW9uIENvcnBvcmF0ZSBTZXJ2ZXIxGjAYBgNVBAMTEXVjcy03NTYwLmJuYi5ob3N0MRswGQYJKoZIhvcNAQkBFgxzc2xAYm5iLmhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmYhV55umb/ROfyg+u4y7y98m8Imc7srxtn2DsPhHXkY1QR4/fyuRVMsyaclRu3ZN6Opua4Rt7mxDiMva3mIFwB4cj6N8ZtNdRKKchIuxI7Mk7cBCid84HG57SC5+/U1YmXXIWnOp9IZsj/B5+Pwgvzvkzqtey5HK7WRcFwo6q5TDWI99UyVq3+6/tBjqTQIQAzo1yXFD5T8c+3H8qQNCgVj6PT8fwxP02k5rdPvULVhdLNr6vQUTwE7EtIfb99qu4hbfuxJLxa4Z59aQriWzGbiYFMFW39+7hoYJ8t2rdUz3BMhhu3Hns1uHfxxheXTTu4Wlv5dz+pf5Ir3f+4fCxAgMBAAGjggFfMIIBWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFNt4jtc9Fdk1LdCds3pPFH4A36DCB+QYDVR0jBIHxMIHugBTMmbp2seQ7DhaK/HZYgQ0zX4Qjl6GBv6SBvDCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVTMQswCQYDVQQHEwJVUzERMA8GA1UEChMIQm5CIEhvc3QxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPUszbmVrUWJrKTEbMBkGCSqGSIb3DQEJARYMc3NsQGJuYi5ob3N0ghRiNGfNRKpOQ83i3GR+7f1eq8863jALBgNVHQ8EBAMCBeAwJgYDVR0RBB8wHYIRdWNzLTc1NjAuYm5iLmhvc3SCCHVjcy03NTYwMA0GCSqGSIb3DQEBCwUAA4IBAQCFY0QXqRIqkWtbq0bhgl/n3zVuOy2+fdALC/CG3YTr/oZfQ26AD+HpGYRyvQGMqqmjQgwGzFN0ubdimkCUILXg4q+BqN8fl1OVZQbOG3IYvErLGbQwHiTI6qbY6NJjYgChPW3eZ0qkGmuDxRUS0dC6LZo7aUPSbgs8Ii5G9lu1H4dIR0qj6WHpVZjqadN57rzqhSerJw4V7pUmsKqvYeZFm+G8UOcsgpIv1k+JkkXiqBDIMaoOisGAepIuBpHm4PcZXkOK4nsKN++qlJPJWefZIFF0yOZp9fE5oGSdjAhphSc8hEV4GH2Xwe7iM0u4FF6jOPCiKAnreumMJZB83Fu9</ds:X509Certificate>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]       </ds:X509Data>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]     </ds:KeyInfo>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   </ds:Signature>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc]   <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] </samlp:AuthnRequest>
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Has 1 candidate keys for validation.
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] Validation with key #0 succeeded.
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 6 [a9cbcb27fc] SAML2.0 - IdP.SSOService: incoming authentication request: 'https://ucs-7560.bnb.host/univention/saml/metadata'
Dec  8 22:31:39 ucs-7560 simplesamlphp[12211]: 7 [a9cbcb27fc] loading key simpleSAMLphp.session.133d7cc757244e3ef6833e6a85d4c16e from memcache
Dec  8 22:31:41 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec  8 22:31:41 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec  8 22:31:41 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec  8 22:31:41 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec  8 22:31:41 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec  8 22:31:41 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec  8 22:31:41 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec  8 22:31:41 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1 
Dec  8 22:31:42 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec  8 22:31:42 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec  8 22:31:42 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec  8 22:31:42 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec  8 22:31:42 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec  8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec  8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec  8 22:31:42 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1 
Dec  8 22:31:42 ucs-7560 python3: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-7560.bnb.host.xml"
Dec  8 22:31:42 ucs-7560 python3: SAML assertion issuer is https://ucs-7560.bnb.host/simplesamlphp/saml2/idp/metadata.php
Dec  8 22:31:42 ucs-7560 python3: SAML assertion audience https://ucs-7560.bnb.host/univention/saml/metadata
Dec  8 22:31:42 ucs-7560 python3: SAML assertion condition NotBefore = 1670567469 (2022-12-09T06:31:09Z)
Dec  8 22:31:42 ucs-7560 python3: SAML assertion condition NotOnOrAfter = 1670567799 (2022-12-09T06:36:39Z)
Dec  8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement AuthnInstant = 1670566946
Dec  8 22:31:42 ucs-7560 python3: SAML assertion AuthnStatement SessionNotOnOrAfter = 1670610146
Dec  8 22:31:42 ucs-7560 python3: assertion contains urn:oid:0.9.2342.19200300.100.1.1; searching for urn:oid:0.9.2342.19200300.100.1.1

Any idea on what’s wrong?

I have already went through the step of Configure SAML Single Sign-On as single server solution - Knowledge Base / Supported - Univention Help but issue still remains.

Mastodon