Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xmlsec can not read already opened file (djangosaml2) #944

Open
jesusangel opened this issue Dec 5, 2023 · 2 comments
Open

xmlsec can not read already opened file (djangosaml2) #944

jesusangel opened this issue Dec 5, 2023 · 2 comments
Labels
Windows

Comments

@jesusangel
Copy link

Hello:

I am facing some issues while trying to make the djangosaml2 sample work in Windows. I can not sign the request before sending it to the IdP because xmlsec can not read the temporary file with the assertion XML. The problem is that this temporary file keeps opened by python process and the xmlsec process can not open it.

Code Version

pysaml2 7.4.2
djangosaml2 1.8.0

Expected Behavior

The _run_xmlsec method signs the temporary file XML.

Current Behavior

DEBUG 2023-12-05 15:29:16,726 sigver 22356 11672 xmlsec command: C:\Users\myuser\AppData\local\programs\xmlsec\bin\xmlsec.exe --sign --privkey-pem N:\SourceCode\djangosp\private.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest --node-id id-SFVg3EEXWZWs8abLc --output C:\Users\myuser\AppData\Local\Temp\tmpjkz4mohv.xml --lax-key-search C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml
ERROR 2023-12-05 15:44:30,729 sigver 22356 11672 returncode=1
error=I/O error : Permission denied
I/O error : Permission denied
I/O warning : failed to load external entity "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Error: failed to parse xml file "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Error: failed to load template "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"
Signature status: ERROR
Error: failed to sign file "C:\Users\myuser\AppData\Local\Temp\tmp2g3e_xbd.xml"

I think the problem is in sigver.py sign_statement function:

781: tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
796: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

The make_temp function does not close the tempfile after creating it, so the xmlsec.exe process can not open it.

I managed to copy the assertion XML to other file and I was able to sign it:

xmlsec.exe --sign --privkey-pem N:\SourceCode\djangosp\private.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest --node-id id-SFVg3EEXWZWs8abLc --output C:\tmp\out.xml --lax-key-search C:\tmp\tmp.xml
Signature status: OK

Possible Solution

No idea.

Steps to Reproduce

Just clone the djangosaml2 project, configure it and try to login.
@peppelinux
Copy link
Member

this issue should be moved to pysaml2

the issue is related to windows's kernel that have tese kind of problem in accessing files in parallel R/W ops

@jesusangel
Copy link
Author

this issue should be moved to pysaml2

the issue is related to windows's kernel that have tese kind of problem in accessing files in parallel R/W ops

The issue is already in pysaml2, isn't it? Maybe you sugest moving the issue to djangosaml2?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c00kiemon5ter @jesusangel @peppelinux