** Description changed: + [Impact] + + * liblasso3 fails when processing an ECP authn response + + * ECP authn responses are required to make Keystone <-> Keystone + federation work + + [Test Case] + + TBD + + [Regression Potential] + + Minimal. There are very few other packages that depend on it, and the + change is trivial. There are fixes in handling SAML responses in which + only the assertions are signed, in addition to a couple of fixes around + handling assertion hints unexpectedly aborting. + + ------------------------------------------------------------------- + The liblasso3 package (dependency of libapache2-mod-auth-mellon) fails when processing a ECP authn response. Error message given by the Apache2 Mellon auth module: [auth_mellon:error] Error processing ECP authn response. Lasso error: [101] Signature element not found. This issue can be reproduced into an OpenStack environment with Keystone to Keystone federation, using Apache2 Mellon module for the SP (service provider). I managed to reproduce this on: * Ubuntu 18.04 (Bionic) with liblasso3 2.5.1-0ubuntu1.1 * Ubuntu 20.04 (Focal) with liblasso3 2.6.0-7ubuntu1 This was fixed in the upstream Lasso project (https://dev.entrouvert.org/issues/26828), and it is shipped with versions 2.6.1 or newer. I tested liblasso3 2.6.1 on both Bionic and Focal and it fixes the problem.
** Summary changed: - liblasso3 on Bionic fails to process the ECP authn response + [SRU] liblasso3 on Bionic fails to process the ECP authn response -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897117 Title: [SRU] liblasso3 on Bionic fails to process the ECP authn response To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lasso/+bug/1897117/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
