Bug 1414019 - Incorrect Content-Type header in ECP PAOS response, should be application/vnd.paos+xml
Summary: Incorrect Content-Type header in ECP PAOS response, should be application/vnd...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mod_auth_mellon
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: John Dennis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1414020 1414021 1414024
TreeView+ depends on / blocked
 
Reported: 2017-01-17 14:40 UTC by John Dennis
Modified: 2017-01-27 19:21 UTC (History)
2 users (show)

Fixed In Version: mod_auth_mellon-0.12.0-4.fc25
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1414020 1414021 1414024 (view as bug list)
Environment:
Last Closed: 2017-01-27 19:21:33 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github https://github.com/UNINETT mod_auth_mellon issues 108 0 None None None 2017-01-17 14:40:54 UTC

Description John Dennis 2017-01-17 14:40:54 UTC 
When an ECP client signals it is ECP capable and authentication is required for the protected resource it is trying to access mellon responds with PAOS content that wraps the SAML AuthnRequest. The HTTP Content-Type header must be "application/vnd.paos+xml". However in some versions of Apache the returned Content-Type header is "text/html" which breaks the ECP flow because the ECP client does not expect it.

The problem arises because mellon was using the wrong Apache call to set the Content-Type header. In some versions of Apache this worked but in others it did not.

Upstream bug: https://github.com/UNINETT/mod_auth_mellon/issues/108

Upstream git commit: 040a1ae5cb2aab38b2bc716cc3d0d6fa7b998a7a
Comment 1 Fedora Update System 2017-01-17 17:02:00 UTC 
mod_auth_mellon-0.12.0-4.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1e7da20dd
Comment 2 Fedora Update System 2017-01-19 09:10:10 UTC 
mod_auth_mellon-0.12.0-4.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1e7da20dd
Comment 3 Fedora Update System 2017-01-27 19:21:33 UTC 
mod_auth_mellon-0.12.0-4.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.