Bug 1375847 - SAML2Auth date checks fail when datetime has a zero in them
Summary: SAML2Auth date checks fail when datetime has a zero in them
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 5.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified vote
Target Milestone: 5.0
Assignee: Jeff Fearn 🐞
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-14 05:24 UTC by Jeff Fearn 🐞
Modified: 2018-12-09 06:29 UTC (History)
4 users (show)

Fixed In Version: 5.0.3-rh8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-12 10:59:49 UTC


Attachments (Terms of Use)

Description Jeff Fearn 🐞 2016-09-14 05:24:51 UTC
Description of problem:
If a component of date time has a zero, like 1 minute and zero seconds, then the datetime check fails.

Version-Release number of selected component (if applicable):
5.0

How reproducible:
difficult

Steps to Reproduce:
1. Get a saml datetime check to receive a value with a zero in any datetime position

Actual results:
Check fails with invalid datetime message

Expected results:
Handles zeros

Additional info:
Can be reproduced on a server connected to the fedora prod IDP as it's expiry date has a zero on the month (because January is zero apparently L-/)

You can reset a server by running this SQL:

update saml2auth_idp set metadata = '' where name like 'Fedora%';

Comment 1 Rony Gong 🔥 2016-10-10 02:54:42 UTC
@Jeff, could you give more detail steps to verify this bug

If i run below in qe server, I'm afraid I can't recover back the data of metadata.
update saml2auth_idp set metadata = '' where name like 'Fedora%';

Comment 2 Jeff Fearn 🐞 2016-10-10 03:35:00 UTC
(In reply to Rony Gong from comment #1)
> @Jeff, could you give more detail steps to verify this bug
> 
> If i run below in qe server, I'm afraid I can't recover back the data of
> metadata.
> update saml2auth_idp set metadata = '' where name like 'Fedora%';

Fedora is set-up properly so if you just try and login using FAS it will pull the metadata in.

Comment 3 Rony Gong 🔥 2016-10-10 05:18:49 UTC
After execute: update saml2auth_idp set metadata = '' where name like 'Fedora%';

The try to login by Fedora Account System, click the link 'Fedora Account System', page show error:

Parsing of the IDP's metadata failed: Crypt::OpenSSL::X509: failed to read X509 certificate. at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 168. .

Comment 4 Jeff Fearn 🐞 2016-10-11 03:18:39 UTC
Hi Rony, it looks like the metadat athe server is sending is bogus, I had to d/l the metadata, remove the incorrect data, and manually import the metadata. It seems to work fine for loggin in after that. So this isn't a problem with our code AFAICT.

Comment 5 Rony Gong 🔥 2016-10-12 02:32:55 UTC
Tested on QA environment(5.0.3-rh8)
Result: Pass


Note You need to log in before you can comment on or make changes to this bug.