Elster.de - SOP violated; the hosts do not match.
Added by David Herman over 6 years ago
Hi @ all,
I'm trying to use Open eCard for elster.de but I encounter the following error (taken from ~/.openecard/logs/richclient_info.log):
2018-03-18 10:29:54,154 [Thread-6] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:29:54,215 [Thread-6] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:29:54,251 [Thread-6] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
2018-03-18 10:32:43,840 [Thread-5] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:32:43,844 [Thread-5] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:32:43,851 [Thread-5] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
When debugging TR03112Utils.checkSameOriginPolicy(..) I see the following (different) hosts:
eid.elsteronline.de
www.elster.de
My question is: Is the implementation too strict or does elster.de violate the technical specifications?
Replies (6)
RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein over 6 years ago
My question is: Is the implementation too strict or does elster.de violate the technical specifications?
As we interpret the subtle details of BSI TR-03124 (see also https://dev.openecard.org/issues/640), the
implementation within the Open eCard App is OK and the colleagues at elster.de have unfortunately set up a system,
which is (as far as we see it) not fully in line with BSI TR-03124.
RE: Elster.de - SOP violated; the hosts do not match. - Added by David Herman over 6 years ago
Oh, ok, thanks for your reply!
RE: Elster.de - SOP violated; the hosts do not match. - Added by Anonymous about 6 years ago
Is there any way to disable this check via config? Because from what I can tell, this makes it impossible to login to ELSTER and forces me to boot windows to be able to submit my tax reports :(
RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein about 6 years ago
No, to disable the SOP-check is, as far as we see it, no viable option. We'll synchronise with the colleagues in charge and try to come up with a solution.
RE: Elster.de - SOP violated; the hosts do not match. - Added by elster user over 5 years ago
Hi @all,
the problem still persists... any chance of a solution?
2019-01-13 17:58:03,403+01 [Thread-14] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match. 2019-01-13 17:58:03,404+01 [Thread-14] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided. 2019-01-13 17:58:03,405+01 [Thread-14] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect. 2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match. 2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided. 2019-01-13 17:58:58,915+01 [Thread-17] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.
Cheers
RE: Elster.de - SOP violated; the hosts do not match. - Added by Christoph Behnke about 5 years ago
It is still not possible to use elster.de with openeCard and nPA. Same Error Message as still posted above.
Does anyone know a workaround to uns elster.de using a Linux PC?
2019-10-10 13:39:23,599+02 [Thread-15] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match. 2019-10-10 13:39:23,600+02 [Thread-15] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided. 2019-10-10 13:39:23,613+02 [Thread-15] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect. 2019-10-10 13:42:19,566+02 [SwingWorker-pool-2-thread-1] ERROR o.o.r.gui.manage.ActionEntryPanel$1:104 - Execution ended with an error. org.openecard.addon.bind.AppExtensionException: http://www.bsi.bund.de/ecard/api/1.1/resultminor/ifdl#cancellationByUser ==> http://www.bsi.bund.de/ecard/api/1.1/resultminor/ifdl#cancellationByUser ==> PIN Management was cancelled. at org.openecard.common.ECardException.makeException(ECardException.java:64) at org.openecard.common.WSHelper$WSException.<init>(WSHelper.java:47) at org.openecard.addon.bind.AppExtensionException.<init>(AppExtensionException.java:36) at org.openecard.plugins.pinplugin.GetCardsAndPINStatusAction.execute(GetCardsAndPINStatusAction.java:147) at org.openecard.addon.bind.AppExtensionActionProxy.execute(AppExtensionActionProxy.java:45) at org.openecard.richclient.gui.manage.ActionEntryPanel$1.doInBackground(ActionEntryPanel.java:100) at org.openecard.richclient.gui.manage.ActionEntryPanel$1.doInBackground(ActionEntryPanel.java:94) at javax.swing.SwingWorker$1.call(SwingWorker.java:295) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at javax.swing.SwingWorker.run(SwingWorker.java:334) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2019-10-10 13:55:42,602+02 [Thread-20] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match. 2019-10-10 13:55:42,849+02 [Thread-20] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.