Project

General

Profile

Elster.de - SOP violated; the hosts do not match.

Added by David Herman 9 months ago

Hi @ all,
I'm trying to use Open eCard for elster.de but I encounter the following error (taken from ~/.openecard/logs/richclient_info.log):
2018-03-18 10:29:54,154 [Thread-6] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:29:54,215 [Thread-6] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:29:54,251 [Thread-6] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
2018-03-18 10:32:43,840 [Thread-5] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:32:43,844 [Thread-5] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:32:43,851 [Thread-5] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
When debugging TR03112Utils.checkSameOriginPolicy(..) I see the following (different) hosts:
eid.elsteronline.de
www.elster.de

My question is: Is the implementation too strict or does elster.de violate the technical specifications?


Replies (4)

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein 9 months ago

My question is: Is the implementation too strict or does elster.de violate the technical specifications?

As we interpret the subtle details of BSI TR-03124 (see also https://dev.openecard.org/issues/640), the
implementation within the Open eCard App is OK and the colleagues at elster.de have unfortunately set up a system,
which is (as far as we see it) not fully in line with BSI TR-03124.

RE: Elster.de - SOP violated; the hosts do not match. - Added by David Herman 9 months ago

Oh, ok, thanks for your reply!

RE: Elster.de - SOP violated; the hosts do not match. - Added by vzpoxntolvst vzpoxntolvst 4 months ago

Is there any way to disable this check via config? Because from what I can tell, this makes it impossible to login to ELSTER and forces me to boot windows to be able to submit my tax reports :(

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein 4 months ago

No, to disable the SOP-check is, as far as we see it, no viable option. We'll synchronise with the colleagues in charge and try to come up with a solution.

    (1-4/4)