Project

General

Profile

Elster.de - SOP violated; the hosts do not match.

Added by David Herman over 1 year ago

Hi @ all,
I'm trying to use Open eCard for elster.de but I encounter the following error (taken from ~/.openecard/logs/richclient_info.log):
2018-03-18 10:29:54,154 [Thread-6] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:29:54,215 [Thread-6] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:29:54,251 [Thread-6] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
2018-03-18 10:32:43,840 [Thread-5] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:32:43,844 [Thread-5] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:32:43,851 [Thread-5] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
When debugging TR03112Utils.checkSameOriginPolicy(..) I see the following (different) hosts:
eid.elsteronline.de
www.elster.de

My question is: Is the implementation too strict or does elster.de violate the technical specifications?


Replies (6)

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein over 1 year ago

My question is: Is the implementation too strict or does elster.de violate the technical specifications?

As we interpret the subtle details of BSI TR-03124 (see also https://dev.openecard.org/issues/640), the
implementation within the Open eCard App is OK and the colleagues at elster.de have unfortunately set up a system,
which is (as far as we see it) not fully in line with BSI TR-03124.

RE: Elster.de - SOP violated; the hosts do not match. - Added by Anonymous over 1 year ago

Is there any way to disable this check via config? Because from what I can tell, this makes it impossible to login to ELSTER and forces me to boot windows to be able to submit my tax reports :(

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein over 1 year ago

No, to disable the SOP-check is, as far as we see it, no viable option. We'll synchronise with the colleagues in charge and try to come up with a solution.

RE: Elster.de - SOP violated; the hosts do not match. - Added by elster user 11 months ago

Hi @all,

the problem still persists... any chance of a solution?

2019-01-13 17:58:03,403+01 [Thread-14] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-01-13 17:58:03,404+01 [Thread-14] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2019-01-13 17:58:03,405+01 [Thread-14] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.
2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2019-01-13 17:58:58,915+01 [Thread-17] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.

Cheers

RE: Elster.de - SOP violated; the hosts do not match. - Added by Christoph Behnke about 2 months ago

It is still not possible to use elster.de with openeCard and nPA. Same Error Message as still posted above.

Does anyone know a workaround to uns elster.de using a Linux PC?

2019-10-10 13:39:23,599+02 [Thread-15] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-10-10 13:39:23,600+02 [Thread-15] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2019-10-10 13:39:23,613+02 [Thread-15] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.
2019-10-10 13:42:19,566+02 [SwingWorker-pool-2-thread-1] ERROR o.o.r.gui.manage.ActionEntryPanel$1:104 - Execution ended with an error.
org.openecard.addon.bind.AppExtensionException: http://www.bsi.bund.de/ecard/api/1.1/resultminor/ifdl#cancellationByUser
  ==> http://www.bsi.bund.de/ecard/api/1.1/resultminor/ifdl#cancellationByUser
  ==> PIN Management was cancelled.
    at org.openecard.common.ECardException.makeException(ECardException.java:64)
    at org.openecard.common.WSHelper$WSException.<init>(WSHelper.java:47)
    at org.openecard.addon.bind.AppExtensionException.<init>(AppExtensionException.java:36)
    at org.openecard.plugins.pinplugin.GetCardsAndPINStatusAction.execute(GetCardsAndPINStatusAction.java:147)
    at org.openecard.addon.bind.AppExtensionActionProxy.execute(AppExtensionActionProxy.java:45)
    at org.openecard.richclient.gui.manage.ActionEntryPanel$1.doInBackground(ActionEntryPanel.java:100)
    at org.openecard.richclient.gui.manage.ActionEntryPanel$1.doInBackground(ActionEntryPanel.java:94)
    at javax.swing.SwingWorker$1.call(SwingWorker.java:295)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at javax.swing.SwingWorker.run(SwingWorker.java:334)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
2019-10-10 13:55:42,602+02 [Thread-20] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-10-10 13:55:42,849+02 [Thread-20] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
    (1-6/6)