Project

General

Profile

Elster.de - SOP violated; the hosts do not match.

Added by David Herman over 1 year ago

Hi @ all,
I'm trying to use Open eCard for elster.de but I encounter the following error (taken from ~/.openecard/logs/richclient_info.log):
2018-03-18 10:29:54,154 [Thread-6] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:29:54,215 [Thread-6] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:29:54,251 [Thread-6] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
2018-03-18 10:32:43,840 [Thread-5] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2018-03-18 10:32:43,844 [Thread-5] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2018-03-18 10:32:43,851 [Thread-5] ERROR o.o.addons.activate.ActivateAction:388 - No redirect address available for an error redirect.
When debugging TR03112Utils.checkSameOriginPolicy(..) I see the following (different) hosts:
eid.elsteronline.de
www.elster.de

My question is: Is the implementation too strict or does elster.de violate the technical specifications?


Replies (5)

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein over 1 year ago

My question is: Is the implementation too strict or does elster.de violate the technical specifications?

As we interpret the subtle details of BSI TR-03124 (see also https://dev.openecard.org/issues/640), the
implementation within the Open eCard App is OK and the colleagues at elster.de have unfortunately set up a system,
which is (as far as we see it) not fully in line with BSI TR-03124.

RE: Elster.de - SOP violated; the hosts do not match. - Added by vzpoxntolvst vzpoxntolvst about 1 year ago

Is there any way to disable this check via config? Because from what I can tell, this makes it impossible to login to ELSTER and forces me to boot windows to be able to submit my tax reports :(

RE: Elster.de - SOP violated; the hosts do not match. - Added by Detlef Hühnlein about 1 year ago

No, to disable the SOP-check is, as far as we see it, no viable option. We'll synchronise with the colleagues in charge and try to come up with a solution.

RE: Elster.de - SOP violated; the hosts do not match. - Added by elster user 8 months ago

Hi @all,

the problem still persists... any chance of a solution?

2019-01-13 17:58:03,403+01 [Thread-14] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-01-13 17:58:03,404+01 [Thread-14] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2019-01-13 17:58:03,405+01 [Thread-14] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.
2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.o.common.util.TR03112Utils:72 - SOP violated; the hosts do not match.
2019-01-13 17:58:58,914+01 [Thread-17] ERROR o.openecard.binding.tctoken.TCToken:106 - No CommunicationErrorAddress to perform a redirect provided.
2019-01-13 17:58:58,915+01 [Thread-17] ERROR o.o.addons.activate.ActivateAction:422 - No redirect address available for an error redirect.

Cheers

    (1-5/5)