Bug#1104213: opensaml: autopkgtest regression: certificate name was not acceptable

Paul Gevers elbrus at debian.org
Sun Apr 27 11:03:44 BST 2025 

Source: opensaml
Version: 3.3.1-1
Control: found -1 3.2.1-3
Severity: serious
User: debian-ci at lists.debian.org
Usertags: regression

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails most of the 
time since recently (mid April 2025), including on stable. Can you 
please investigate the situation and fix it? I copied some of the output 
at the bottom of this report. If I'm not mistaken, the test uses an 
external website and something's wrong with it.

The release team has announced [1] that failing autopkgtest on amd64 and 
arm64 are considered RC in testing.

More information about this bug and the reason for filing it can be 
found on 
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://lists.debian.org/debian-devel-announce/2019/07/msg00002.html

https://ci.debian.net/packages/o/opensaml/testing/amd64/60285619/

230s FAIL: samltest
230s ==============
230s
230s Running cxxtest tests (316 tests).........
230s In SAML1AssertionTest::testSignature:
230s 
/tmp/autopkgtest-lxc.g3n9py65/downtmp/build.Tha/src/samltest/signature/SAML1AssertionTest.h:40: 
Warning: Test skipped: Waiting for 
https://shibboleth.atlassian.net/browse/CPPOST-125
230s s
230s In SAML1RequestTest::testSignature:
230s 
/tmp/autopkgtest-lxc.g3n9py65/downtmp/build.Tha/src/samltest/signature/SAML1RequestTest.h:43: 
Warning: Test skipped: Waiting for 
https://shibboleth.atlassian.net/browse/CPPOST-125
230s s
230s In SAML1ResponseTest::testSignature:
230s 
/tmp/autopkgtest-lxc.g3n9py65/downtmp/build.Tha/src/samltest/signature/SAML1ResponseTest.h:43: 
Warning: Test skipped: Waiting for 
https://shibboleth.atlassian.net/browse/CPPOST-125
230s s..1745747138 ERROR XMLTooling.TrustEngine.PKIX : certificate name 
was not acceptable
230s ...............................................1745747138 ERROR 
OpenSAML.MessageDecoder.SAML1Artifact : replay detected of artifact 
(AAGmvK93AsWGNdEuCU9RCaIIqlHJZpEvMgKUt7BTheNeMRZaKk/tfU8D
230s )
230s .1745747138 ERROR OpenSAML.SecurityPolicyRule.MessageFlow : replay 
detected of message ID (_09c29477940b4b626cfd32734a15d65d)
230s .1745747138 WARN OpenSAML.SecurityPolicyRule.AudienceRestriction : 
unacceptable AudienceRestrictionCondition in assertion 
(<saml:AudienceRestrictionCondition 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
230s             <saml:Audience>https://sp.example.org</saml:Audience>
230s         </saml:AudienceRestrictionCondition>)
230s 
.................................................................................................................................................................................................................................................1745747138 
ERROR OpenSAML.MessageDecoder.SAML2Artifact : replay detected of 
artifact (AAQAAaa8r3cCxYY10S4JT1EJogiqUclmKc7/9hsVQNvhzsClf9x7ubIbtOY=
230s )
230s .1745747138 ERROR OpenSAML.SecurityPolicyRule.MessageFlow : replay 
detected of message ID (_267d14254f9d1deadf73a6d7aef00c47)
230s .1745747138 ERROR OpenSAML.SecurityPolicyRule.MessageFlow : replay 
detected of message ID (_9c6f9775985e772673263178f131647c)
230s .1745747138 ERROR OpenSAML.SecurityPolicyRule.MessageFlow : replay 
detected of message ID (_9f372a1b23ff92e96ec27989d4a70821)
230s .1745747178 ERROR OpenSAML.MetadataProvider.XML : metadata instance 
was invalid at time of acquisition
230s 1745747179 WARN OpenSAML.MetadataProvider.XML : adjusted reload 
interval to 0 seconds
230s 1745747179 WARN OpenSAML.MetadataProvider.XML : trying backup file, 
exception loading remote resource: Metadata instance was invalid at time 
of acquisition.
230s 1745747179 ERROR XMLTooling.ParserPool : fatal error on line 0, 
column 0, message: unable to open primary document entity 
'/tmp/autopkgtest-lxc.g3n9py65/downtmp/build.Tha/src/samltest/data/saml2/metadata/InCommon-metadata.xml.bck'
230s 1745747179 ERROR OpenSAML.MetadataProvider.XML : error while 
loading resource 
(../samltest/data/saml2/metadata/InCommon-metadata.xml.bck): XML 
error(s) during parsing, check log for specifics
230s
230s In XMLMetadataProviderTest::testHTTPProvider:
230s saml2/metadata/XMLMetadataProviderTest.h:56: Error: Test failed: 
XML error(s) during parsing, check log for specifics
230s In XMLMetadataProviderTest::testBadSig:
230s saml2/metadata/XMLMetadataProviderTest.h:93: Error: Test failed: 
Unable to access local file 
(../samltest/data/saml2/metadata/InCommon-metadata.xml.bck)
230s 1745747179 ERROR OpenSAML.MetadataProvider.Chaining : 
MetadataProvider child element of type MetadataFilter ignored
230s 1745747179 ERROR OpenSAML.MetadataProvider.Chaining : 
MetadataProvider child element of type MetadataFilter ignored
230s .
230s In XMLMetadataProviderTest::testXMLProvider:
230s saml2/metadata/XMLMetadataProviderTest.h:134: Error: Test failed: 
Unable to access local file 
(../samltest/data/saml2/metadata/InCommon-metadata.xml.bck)
230s In XMLMetadataProviderTest::testXMLWithExcludes:
230s saml2/metadata/XMLMetadataProviderTest.h:171: Error: Test failed: 
Unable to access local file 
(../samltest/data/saml2/metadata/InCommon-metadata.xml.bck)
230s In XMLMetadataProviderTest::testXMLWithIncludes:
230s saml2/metadata/XMLMetadataProviderTest.h:197: Error: Test failed: 
Unable to access local file 
(../samltest/data/saml2/metadata/InCommon-metadata.xml.bck)
230s 1745747179 WARN OpenSAML.SecurityPolicyRule.AudienceRestriction : 
unacceptable AudienceRestriction in assertion (<saml:AudienceRestriction 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
230s             <saml:Audience>https://sp.example.org</saml:Audience>
230s         </saml:AudienceRestriction>)
230s 1745747179 WARN OpenSAML.SecurityPolicyRule.BearerConfirmation : 
bearer confirmation failed on lack of request/response correlation
230s ..
230s Failed 5 and Skipped 3 of 316 tests
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-shibboleth-devel/attachments/20250427/d3970fa4/attachment.sig>

More information about the Pkg-shibboleth-devel mailing list