Hide Forgot
Description of problem: If a component of date time has a zero, like 1 minute and zero seconds, then the datetime check fails. Version-Release number of selected component (if applicable): 5.0 How reproducible: difficult Steps to Reproduce: 1. Get a saml datetime check to receive a value with a zero in any datetime position Actual results: Check fails with invalid datetime message Expected results: Handles zeros Additional info: Can be reproduced on a server connected to the fedora prod IDP as it's expiry date has a zero on the month (because January is zero apparently L-/) You can reset a server by running this SQL: update saml2auth_idp set metadata = '' where name like 'Fedora%';
@Jeff, could you give more detail steps to verify this bug If i run below in qe server, I'm afraid I can't recover back the data of metadata. update saml2auth_idp set metadata = '' where name like 'Fedora%';
(In reply to Rony Gong from comment #1) > @Jeff, could you give more detail steps to verify this bug > > If i run below in qe server, I'm afraid I can't recover back the data of > metadata. > update saml2auth_idp set metadata = '' where name like 'Fedora%'; Fedora is set-up properly so if you just try and login using FAS it will pull the metadata in.
After execute: update saml2auth_idp set metadata = '' where name like 'Fedora%'; The try to login by Fedora Account System, click the link 'Fedora Account System', page show error: Parsing of the IDP's metadata failed: Crypt::OpenSSL::X509: failed to read X509 certificate. at /usr/share/perl5/vendor_perl/Net/SAML2/IdP.pm line 168. .
Hi Rony, it looks like the metadat athe server is sending is bogus, I had to d/l the metadata, remove the incorrect data, and manually import the metadata. It seems to work fine for loggin in after that. So this isn't a problem with our code AFAICT.
Tested on QA environment(5.0.3-rh8) Result: Pass