Description of problem: When bob's last name is Novák, after logon Ipsilon shows 500 - Internal Server Error Ipsilon encountered an unexpected internal error while trying to fulfill your request. Please retry again. If the error persists, contact the server administrator to resolve the problem. Version-Release number of selected component (if applicable): ipsilon-1.1.1-2.fc23.noarch How reproducible: Deterministic. Steps to Reproduce: 1. Have Ipsilon server configured with ipsilon-server-install --form yes --info-sssd yes 2. Have SP setup. 3. Attempt to log in on the SP. Actual results: Redirection to Ipsilon server, prompted for login and password, enterred login and password, authentication passes, and then 500 - Internal Server Error. Expected results: Successful redirect back to SP. Additional info: In the error_log, there is [10/May/2016:04:18:49] DEBUG(providers/saml2/provider.py:257 ServiceProvider.get_valid_nameid()): Requested NameId [urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified] [10/May/2016:04:18:49] DEBUG(providers/saml2/provider.py:262 ServiceProvider.get_valid_nameid()): Allowed NameIds ['unspecified', 'persistent', 'transient', 'email', 'kerberos', 'x509'] [10/May/2016:04:18:49] DEBUG(ipsilon/providers/common.py:96 Redirect.debug()): saml2: Allowed attrs: ['*'] [10/May/2016:04:18:49] DEBUG(ipsilon/providers/common.py:96 Redirect.debug()): saml2: Mapping: [['*', '*']] [10/May/2016:04:18:49] DEBUG(ipsilon/providers/common.py:96 Redirect.debug()): saml2: bob127968's attributes: {'_groups': ['ipausers'], 'city': 'city', 'surname': 'Nov\\xc3\\xa1k', '_extras': {'sssd': {}}, '_auth_type': 'password', 'phone': '127968', 'state': 'state', 'street': 'street', 'postcode': '127968', 'groups': ['ipausers'], 'fullname': 'bob body', 'givenname': 'bob', 'email': 'bob.body'} [10/May/2016:04:18:49] DEBUG(ipsilon/providers/common.py:96 Redirect.debug()): saml2: value city [10/May/2016:04:18:49] HTTP Request Headers: COOKIE: idp_ipsilon_session_id=ae774ad21cc95b8fb54dca598204ed59f68633f1; ipsilon_default_username=bob127968; 896802c5-1a1e-44e9-86ab-38ebeac28ada=saml2; 6b820b6b-492f-4d5e-ae04-3f868a20c17b=saml2; s_vi=[CS]v1|2AD7A2B5851D6418-4000190C6001A4C9[CE]; s_fid=732842AB38BF27CE-14FD65F1248CC727; ... redacted ACCEPT-LANGUAGE: en,en-US;q=0.7,cs;q=0.3 USER-AGENT: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 CONNECTION: keep-alive Remote-Addr: 10.34.131.181 HOST: idp.redacted.com ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 ACCEPT-ENCODING: gzip, deflate, br [10/May/2016:04:18:49] HTTP Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 670, in respond response.body = self.handler() File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 217, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 61, in __call__ return self.callable(*self.args, **self.kwargs) File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__ return op(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipsilon/providers/common.py", line 90, in root return op(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2idp.py", line 79, in GET return self.auth(login) File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/auth.py", line 67, in auth self.saml2checks(login) File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/auth.py", line 268, in saml2checks value = str(value).encode('utf-8') UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 3: ordinal not in range(128) [10/May/2016:04:18:49] DEBUG(ipsilon/util/errors.py:18 Errors.handler()): ['500 Internal Server Error', 'The server encountered an unexpected condition which prevented it from fulfilling the request.', 'Traceback (most recent call last):\\n File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 670, in respond\\n response.body = self.handler()\\n File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 217, in __call__\\n self.body = self.oldhandler(*args, **kwargs)\\n File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 61, in __call__\\n return self.callable(*self.args, **self.kwargs)\\n File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__\\n return op(*args, **kwargs)\\n File "/usr/lib/python2.7/site-packages/ipsilon/providers/common.py", line 90, in root\\n return op(*args, **kwargs)\\n File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2idp.py", line 79, in GET\\n return self.auth(login)\\n File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/auth.py", line 67, in auth\\n self.saml2checks(login)\\n File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2/auth.py", line 268, in saml2checks\\n value = str(value).encode(\\'utf-8\\')\\nUnicodeDecodeError: \\'ascii\\' codec can\\'t decode byte 0xc3 in position 3: ordinal not in range(128)\\n', '3.5.0'] 10.34.131.181 - - [10/May/2016:04:18:49] "GET /idp/saml2/SSO/Redirect?SAMLRequest=pZLBbtswEER%2FReBdEmlbskLYBlSpAQykTWC3OfRS0NQ6JiCSCpd0k78PJaNteqgvOREY7uzyDXeFQvcDr4M%2FmR08B0CfvOjeIJ8u1iQ4w61AhdwIDci95Pv6yx2fZZQPznorbU%2FeWa47BCI4r6whybZdk59szj6VrKmqm2JeNoumbW%2BrmtFl0ZZF%2FblakuQRHMb6NYn2aEIMsDXohfFRoqxMaZEy%2Bo1WnFV8sfxBkjYyKCP85Dp5PyDPc3XQ6cu8LKhepHSWnnVKWdaLQwbmKTtYzBx0J%2BEzaXWuuiEfUWb5fn%2Bf76BTDqQnSWMNwjj3GqG8FHEZnItnqvTQK6mi%2FdY6CVPQa3IUPcKI8xATUWf4o9S%2FAxqHBQ1uD%2B6sJHzf3f2FEcHb9HQeQZ7GH6NFpjr9DP8DusAMFv0OcBgfSDarUeRTnm7zocar%2FH2r1WWhvsZgtu2DjeyvI7kWV3JjGZsU1aXHqZQHgwNIdVTQxUz63v5qHAgfc%2FIuAMk3l6H%2FLu7mDQ%3D%3D&RelayState=https%3A%2F%2sp.redacted.com%2Fprotected%2Ftest.cgi HTTP/1.1" 500 1134 "" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
The fix for this was merged into master yesterday. This was tracked as https://fedorahosted.org/ipsilon/ticket/213. The two commits that fix this are: https://git.fedorahosted.org/cgit/ipsilon.git/commit/?id=dd10301327be1e57ff59bcc94cd7b6e6981be52c and https://git.fedorahosted.org/cgit/ipsilon.git/commit/?id=8188a334a22e903392cd874ba433099cedb4d927 I can backport these fixes to 1.2.0 if I don't roll a new Ipsilon release in the next few days.
Ah, nice coincidence. Sorry for the duplication.
ipsilon-1.2.0-4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b964def9f
Thanks for the report, I have currently backported these fixes to the Fedora 1.2.0 package. This backport will be removed after the next release is rolled and Fedora is rebased.
ipsilon-1.2.0-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b964def9f
ipsilon-1.2.0-4.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce35cd55c7
ipsilon-1.2.0-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
ipsilon-1.2.0-4.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce35cd55c7
ipsilon-1.2.0-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.