iapi issueshttps://code.immerda.ch/immerda/apps/iapi/-/issues2024-01-07T20:51:22Zhttps://code.immerda.ch/immerda/apps/iapi/-/issues/38dns resource - should only allow either CNAME or A/AAAA record2024-01-07T20:51:22Zmhdns resource - should only allow either CNAME or A/AAAA recordCurrently, you can have a CNAME and a A/AAAA record, which does not work. It should only be allowed to have either a CNAME or A/AAAA recordCurrently, you can have a CNAME and a A/AAAA record, which does not work. It should only be allowed to have either a CNAME or A/AAAA recordhttps://code.immerda.ch/immerda/apps/iapi/-/issues/37Resources with deleted owners raise an error2023-09-11T19:54:44ZmhResources with deleted owners raise an errorIf you try to view a resource with a deleted owner, the following error happens:
```
Sep 11 21:50:55 iapi[25451]: 2023-09-11 21:50:55 - UncaughtThrowError - uncaught throw :not_found:
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iap...If you try to view a resource with a deleted owner, the following error happens:
```
Sep 11 21:50:55 iapi[25451]: 2023-09-11 21:50:55 - UncaughtThrowError - uncaught throw :not_found:
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:422:in `throw'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:422:in `by_uid'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/managers/resource_manager.rb:30:in `by_uid'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:46:in `block (2 levels) in owners'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:45:in `catch'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:45:in `block in owners'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/bundler/ruby/2.5.0/gems/activerecord-5.2.8.1/lib/active_record/relation/delegation.rb:71:in `each'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/bundler/ruby/2.5.0/gems/activerecord-5.2.8.1/lib/active_record/relation/delegation.rb:71:in `each'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:44:in `map'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:44:in `owners'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/resource.rb:74:in `to_api'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/resources/dns_zone.rb:32:in `to_api'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/routes/resource.rb:64:in `block (3 levels) in <class:IApi>'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/routes/resource.rb:64:in `map'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/lib/iapi/routes/resource.rb:64:in `block (2 levels) in <class:IApi>'
Sep 11 21:50:55 iapi[25451]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.2.2/lib/sinatra/base.rb:1686:in `call'
```https://code.immerda.ch/immerda/apps/iapi/-/issues/35dns resource can override a hosting entry2022-12-04T11:01:58Zo@ungehorsam.chdns resource can override a hosting entryPossible solutions:
* prevent creation of dns entries if it already resolves
* migrate hosting.yaml to iapi and check for collisionsPossible solutions:
* prevent creation of dns entries if it already resolves
* migrate hosting.yaml to iapi and check for collisionshttps://code.immerda.ch/immerda/apps/iapi/-/issues/34dns resource is missing prio and ttl fields2022-12-04T11:00:32Zo@ungehorsam.chdns resource is missing prio and ttl fieldshttps://code.immerda.ch/immerda/apps/iapi/-/issues/31Warn on wrong 2FA codes entered2022-09-20T19:40:54ZmhWarn on wrong 2FA codes enteredhttps://syslog.ravelin.com/2fa-is-missing-a-key-feature-c781c3861db
=> Notify if somebody entered valid username & password but wrong 2FAhttps://syslog.ravelin.com/2fa-is-missing-a-key-feature-c781c3861db
=> Notify if somebody entered valid username & password but wrong 2FAhttps://code.immerda.ch/immerda/apps/iapi/-/issues/28allow domain owners to create protected aliases for their domains2022-04-29T12:16:53Zo@ungehorsam.challow domain owners to create protected aliases for their domainshttps://code.immerda.ch/immerda/apps/iapi/-/issues/26undefined method `text' for nil:NilClass: in saml_idp validating a broken sig?2022-12-12T21:35:35Zmhundefined method `text' for nil:NilClass: in saml_idp validating a broken sig?There might be an SP with an old cert, however we fail to login due to the following error:
```
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: 2022-03-15 21:31:59 - NoMethodError - undefined method `text' for nil:NilClass:
Mar 15 21:31:5...There might be an SP with an old cert, however we fail to login due to the following error:
```
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: 2022-03-15 21:31:59 - NoMethodError - undefined method `text' for nil:NilClass:
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.14.0/lib/saml_idp/xml_security.rb:121:in `validate_doc'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.14.0/lib/saml_idp/xml_security.rb:63:in `validate'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.14.0/lib/saml_idp.rb:75:in `valid_signature?'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:60:in `block in verify_request'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:59:in `each'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:59:in `verify_request'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:110:in `sp_info'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/lib/iapi/routes/auth.rb:20:in `block (2 levels) in <class:IApi>'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1675:in `block in compile!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (3 levels) in route!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1032:in `route_eval'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1013:in `block (2 levels) in route!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1061:in `block in process_route'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `catch'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1059:in `process_route'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1011:in `block in route!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `each'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1008:in `route!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1129:in `block in dispatch!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1124:in `dispatch!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `block in call!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `block in invoke'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `catch'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1101:in `invoke'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:939:in `call!'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:929:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/xss_header.rb:18:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/path_traversal.rb:16:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/json_csrf.rb:26:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:50:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.1.0/lib/rack/protection/frame_options.rb:31:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.2.3/lib/rack/logger.rb:17:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.2.3/lib/rack/common_logger.rb:38:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:253:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:246:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:216:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1991:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `block in call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1769:in `synchronize'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.1.0/lib/sinatra/base.rb:1542:in `call'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.8.1/lib/thin/connection.rb:86:in `block in pre_process'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.8.1/lib/thin/connection.rb:84:in `catch'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.8.1/lib/thin/connection.rb:84:in `pre_process'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.8.1/lib/thin/connection.rb:50:in `block in process'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: /usr/local/iapi/bundler/ruby/2.5.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:1077:in `block in spawn_threadpool'
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: ERROR : Error: undefined method `text' for nil:NilClass
Mar 15 21:31:59 immer12-8.glei.ch iapi[3916]: ERROR : Sending error to client: "undefined method `text' for nil:NilClass"
```https://code.immerda.ch/immerda/apps/iapi/-/issues/24delete resources with user?2022-02-23T11:16:33Zo@ungehorsam.chdelete resources with user?Resources should be deleted with the user!
Plan:
1. Warn user and list all resources that will be deleted.
2. Provide option for transferring resource.
3. Delete with user.Resources should be deleted with the user!
Plan:
1. Warn user and list all resources that will be deleted.
2. Provide option for transferring resource.
3. Delete with user.https://code.immerda.ch/immerda/apps/iapi/-/issues/23can't create email alias for a schleuder list2021-09-10T13:33:48Zmhcan't create email alias for a schleuder listwanted to create: alias@example.com -> schleuder@example.com this fails with `failed`
Also if you set an owner you get: `failed with EmailUnavailable`wanted to create: alias@example.com -> schleuder@example.com this fails with `failed`
Also if you set an owner you get: `failed with EmailUnavailable`https://code.immerda.ch/immerda/apps/iapi/-/issues/20testflake: mail_crypt.rb:94:in `Integer': invalid value for Integer(): ""2022-09-02T14:43:12Zmhtestflake: mail_crypt.rb:94:in `Integer': invalid value for Integer(): ""The following looks like a test-flake -discovered in a CI run for !45:
https://code.immerda.ch/immerda/apps/iapi/-/jobs/15222
```
/var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_...The following looks like a test-flake -discovered in a CI run for !45:
https://code.immerda.ch/immerda/apps/iapi/-/jobs/15222
```
/var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_crypt.rb:94:in `Integer': invalid value for Integer(): "" (ArgumentError)
from /var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_crypt.rb:94:in `initialize'
from /var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_crypt.rb:125:in `new'
from /var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_crypt.rb:125:in `deserialize'
from /var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/lib/iapi/utils/mail_crypt.rb:284:in `authenticate'
from /var/lib/gitlab-runner/runners/container-immer13-14.glei.ch/builds/immerda/apps/iapi/bin/mailcrypt-cli.rb:242:in `<main>'
```https://code.immerda.ch/immerda/apps/iapi/-/issues/19Quota Regeneration2021-06-08T15:20:15Zo@ungehorsam.chQuota RegenerationCurrently deleted objects count towards your usage regarding quotas. The idea would be to have some job every once in a while that reduces that, so you can create new things eventually after deleting old ones.Currently deleted objects count towards your usage regarding quotas. The idea would be to have some job every once in a while that reduces that, so you can create new things eventually after deleting old ones.https://code.immerda.ch/immerda/apps/iapi/-/issues/16Automatically Managed Objects2022-02-25T13:41:09Zo@ungehorsam.chAutomatically Managed ObjectsI am a bit worried by the api's for automatically managed mailboxes,forwards,domains,etc. I think it would be good to have a `system` boolean on Iaddresses and domains, and allow them to only delete things which were automatically create...I am a bit worried by the api's for automatically managed mailboxes,forwards,domains,etc. I think it would be good to have a `system` boolean on Iaddresses and domains, and allow them to only delete things which were automatically created in the first place.
The problem is a bit the transition, where we need to actually mark the existing ones.
This concerns everything that is done by the `PuppetMasterItools` clinet authentication role.https://code.immerda.ch/immerda/apps/iapi/-/issues/15delayed job strangeness2021-03-16T16:19:33Zo@ungehorsam.chdelayed job strangenessthe `manage_cron_job` does not ensure that cron strings are updated, nor are old jobs removed....the `manage_cron_job` does not ensure that cron strings are updated, nor are old jobs removed....https://code.immerda.ch/immerda/apps/iapi/-/issues/12mailman site list2020-11-30T10:02:55Zo@ungehorsam.chmailman site listfor every mailman backend added/removed we need to add/remove a site list to email_mailmanfor every mailman backend added/removed we need to add/remove a site list to email_mailmanhttps://code.immerda.ch/immerda/apps/iapi/-/issues/9WKD contents consistency2020-08-29T17:53:17Zo@ungehorsam.chWKD contents consistency- [ ] Remove Keys of non-existent mailboxes. needs [this](https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/2)
- [ ] Warn users if horde and WKD disagree (e.g. send a mail..) see [here](https://code.immerda.ch/immerda/app...- [ ] Remove Keys of non-existent mailboxes. needs [this](https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/2)
- [ ] Warn users if horde and WKD disagree (e.g. send a mail..) see [here](https://code.immerda.ch/immerda/apps/iapi/-/commit/4f69a0b8f9f7d6571d683f030c11537809a75913#01cbb14324948fa6b04662e359686e1ab5330e1d_0_17) for similar codehttps://code.immerda.ch/immerda/apps/iapi/-/issues/6how can we run the test in CI2020-10-21T14:41:03Zo@ungehorsam.chhow can we run the test in CIjust wanted to start a discussion on how we will run the tests in CI, because to me it is not clear how, when and where.
Here are some issues that we need to resolve:
1. the tests depend on iapi-hack and there is no pinning of the iapi...just wanted to start a discussion on how we will run the tests in CI, because to me it is not clear how, when and where.
Here are some issues that we need to resolve:
1. the tests depend on iapi-hack and there is no pinning of the iapi-hack version needed
2. iapi-hack needs containers to be started
3. the tests depend on the socket client from https://code.immerda.ch/immerda/ibox/puppet-modules/-/tree/master/ib_iapi/files, again no pinning
for 1 and 3, my solution would be to hard-code a commit hash in .gitlab-ci.yaml, I find that simpler and better for this usecase than submodules or such.
but 2 I am not sure how to deal with... I guess we could use the container config of iapi in iapi-hack as the base, then start a postgres container as service, then have a modified `setup.rb` which just fills in the db and creates the config for the iapi, then we can start iapi and run the tests. is there an easier/cleaner way which does not require yet another mode of setting up the environment?https://code.immerda.ch/immerda/apps/iapi/-/issues/3Error when validating saml request for SP with unsigned requests2022-12-12T21:14:51ZmhError when validating saml request for SP with unsigned requestsSometimes the log shows the following error:
```
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: 2020-06-01 15:09:59 - NoMethodError - undefined method `gsub' for nil:NilClass:
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/ia...Sometimes the log shows the following error:
```
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: 2020-06-01 15:09:59 - NoMethodError - undefined method `gsub' for nil:NilClass:
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.8.0/lib/saml_idp/xml_security.rb:57:in `validate'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.8.0/lib/saml_idp.rb:74:in `valid_signature?'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.8.0/lib/saml_idp/service_provider.rb:26:in `valid_signature?'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.8.0/lib/saml_idp/request.rb:119:in `valid_signature?'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/saml_idp-0.8.0/lib/saml_idp/request.rb:98:in `valid?'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:58:in `verify_request'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/lib/iapi/managers/saml_manager.rb:68:in `sp_info'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/lib/iapi/routes/auth.rb:149:in `block (2 levels) in <class:IApi>'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1635:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1635:in `block in compile!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:992:in `block (3 levels) in route!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1011:in `route_eval'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:992:in `block (2 levels) in route!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1040:in `block in process_route'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1038:in `catch'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1038:in `process_route'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:990:in `block in route!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:989:in `each'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:989:in `route!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1097:in `block in dispatch!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `block in invoke'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `catch'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `invoke'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1094:in `dispatch!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:924:in `block in call!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `block in invoke'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `catch'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1076:in `invoke'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:924:in `call!'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:913:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/xss_header.rb:18:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/path_traversal.rb:16:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/json_csrf.rb:26:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/base.rb:50:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/base.rb:50:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-protection-2.0.5/lib/rack/protection/frame_options.rb:31:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.0.7/lib/rack/logger.rb:15:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.0.7/lib/rack/common_logger.rb:33:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:231:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:224:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/rack-2.0.7/lib/rack/head.rb:12:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:194:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1957:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1502:in `block in call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1729:in `synchronize'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/sinatra-2.0.5/lib/sinatra/base.rb:1502:in `call'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.7.2/lib/thin/connection.rb:86:in `block in pre_process'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `catch'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `pre_process'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/thin-1.7.2/lib/thin/connection.rb:50:in `block in process'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: /usr/local/iapi/bundler/ruby/2.5.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:1077:in `block in spawn_threadpool'
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: ERROR : Error: undefined method `gsub' for nil:NilClass
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: ERROR : Sending error to client: "undefined method `gsub' for nil:NilClass"
```
Looks like the saml request is invalid.
Is for:
```
Jun 01 15:09:59 immer12-8.glei.ch iapi[29878]: 0.0.0.0 - - [01/Jun/2020:15:09:59 +0200] "POST /auth/sp_info HTTP/1.1" 400 53 0.0108
```
Which seems to come from `lib/iapi/managers/saml_manager.rb` (Line 58) - Which does not initialize service provider fingerprint if we allow unsigned requests.