9:25 p.m.
I find Satosa having problems with the metadata signature validation since yesterday.
Signatures created by both pyff and shib/xmlsectool cause satosa_saml_metadata.py fail
with
saml2.sigver.XmlsecError: data and digest do not match. I am not aware of any
configuration changes that are related to the issue.
Did someone reload and check metadata recently, with or without system update or a new
Docker image?
This leads me to another question. Is Satosa capable of reloading metadata without
restart?
Best regards
Rainer
7:21 a.m.
On 2017-09-19 23:25, Rainer Hoerbe wrote:
I find Satosa having problems with the metadata
signature validation since yesterday. Signatures created by both pyff and shib/xmlsectool
cause satosa_saml_metadata.py fail with
saml2.sigver.XmlsecError: data and digest do not match. I am not aware of any
configuration changes that are related to the issue.
Did you check that signature via some other tool?
Did someone reload and check metadata recently, with
or without system update or a new Docker image?
What metadata? Which docker image are you using. I don't think we
automatically push any docker images to the public docker hub...
This leads me to another question. Is Satosa capable
of reloading metadata without restart?
I use mdq servers for that (in production).
Cheers Leif
9:14 a.m.
On Wed, 2017-09-20 at 09:21 +0200, Leif Johansson wrote:
I don't think we automatically push any docker
images to the public
docker hub...
We push a new latest tag whenever master is updated (and tests are
passing of course) and we push a version tag for every release.
Automatically from travis-ci.
That means that there was a new latest tag 2 days ago (when I updated
the README) but the code has not updated since the release of 3.4.8.
There might of course be some updates to the requirements during that
time but if they break something we need more/better tests.
Br
--
Johan Lundberg
SUNET
Tulegatan 11
113 53 Stockholm
+46730714375
7:29 a.m.
Hi Rainer,
I am using/testing/operating a number of SATOSA instances at the moment
and didn't experience this.
- Which OS and version ?
- Are you using xmlsec1 binary ? Can you verify the signature manually ?
//Ioannis
On 20/09/2017 12:25 πμ, Rainer Hoerbe wrote:
I find Satosa having problems with the metadata
signature validation since yesterday. Signatures created by both pyff and shib/xmlsectool
cause satosa_saml_metadata.py fail with
saml2.sigver.XmlsecError: data and digest do not match. I am not aware of any
configuration changes that are related to the issue.
Did someone reload and check metadata recently, with or without system update or a new
Docker image?
This leads me to another question. Is Satosa capable of reloading metadata without
restart
Best regards
Rainer
_______________________________________________
Satosa-dev mailing list
Satosa-dev at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-dev
--
------------------------------------------------------------------
Ioannis Kakavas - ikakavas at grnet.gr
Identity and Security Engineer
GRNET Network Operations Centre
Greek Research & Technology Network - http://www.grnet.gr
7, Kifisias Av. 115 23 Athens, Greece
Office: +30 2107474255
PGP Fingerprint: A5AA FB5E 740A 603B FAB1 9920 D70F 0CD5 9DE3 C262
------------------------------------------------------------------
1:51 p.m.
On 20/09/2017 12:25 πμ, Rainer Hoerbe wrote:
This leads me to another question. Is Satosa capable of reloading metadata without
restart?
No, but you can gracefully reload gunicorn
kill -HUP masterpid
If you consume eduGAIN metadata as a whole though, gracefully reloading
wouldn't help much as it needs 1-2 mins to load all metadata :/
I think we exclusively use MDX in all our SATOSA instances
//Ioannis
Best regards
Rainer
_______________________________________________
Satosa-dev mailing list
Satosa-dev at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-dev
--
------------------------------------------------------------------
Ioannis Kakavas - ikakavas at grnet.gr
Identity and Security Engineer
GRNET Network Operations Centre
Greek Research & Technology Network - http://www.grnet.gr
7, Kifisias Av. 115 23 Athens, Greece
Office: +30 2107474255
PGP Fingerprint: A5AA FB5E 740A 603B FAB1 9920 D70F 0CD5 9DE3 C262
------------------------------------------------------------------
2432
days inactive
2433
days old
4 comments
4 participants
participants (4)
-
ikakavas@noc.grnet.gr -
leifj@sunet.se -
lundberg@sunet.se -
rainer@hoerbe.at