-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing the DigiD-configuration shows certificate verify failed #4079
Comments
Probably this worked because the configuration never attempted to load the metadata from URL before, since this error can be traced back to: https://github.com/maykinmedia/django-digid-eherkenning/blob/57d68ad456fbe3f27031706830e641f77087b190/digid_eherkenning/models/base.py#L210 which comes because the python3-saml tooling is used to retrieve the metadata: https://github.com/maykinmedia/django-digid-eherkenning/blob/57d68ad456fbe3f27031706830e641f77087b190/digid_eherkenning/models/base.py#L200 and that thing itself is using |
I created an upstream issue SAML-Toolkits/python3-saml#403 - but next week I can work on a fix in our python3-saml fork. |
Replaced IDP metadata fetching via urllib with requests. Projects making use of requests/self-certifi set up the CA bundle to wire up additional trusted root CAs, which are picked up by requests, so this should also work properly. Upstream issue: SAML-Toolkits#403 Open Forms issue: open-formulieren/open-forms#4079
Needs to be backported as far as |
django-digid-eherkenning bump is required because of the updated maykin-python3-saml version which contains a necessary bugfix. Backport-of: #4087
django-digid-eherkenning bump is required because of the updated maykin-python3-saml version which contains a necessary bugfix. Backport-of: #4087
Version 2.5.4
Sentry 353824
Saving the DigiD configuration with a valid configuration (and PKIO cert) leads to the above error for both pre-prod as prod. I suspect this has to do with version 2.5.3 which updated to DigiD-library version 0.12.0.
This worked - configuration was saved - in an earlier version of Open Forms.
The text was updated successfully, but these errors were encountered: