Cannot grant a role to a user from a institution with a mixed case SHO

[phavekes]

This issue is imported from pivotal - Originaly created at Dec 31, 2019 by Pieter van der Meulen

Cannot grant a role to a user from a institution with a mixed case SHO

Granting the role results in a "The identity could not be granted the chosen role due to a server error." in the RA interface.

Logs:

{"channel":"request","level":"INFO","message":"Matched route \"command_handle\".","context":{"route":"command_handle","route_parameters":{"_controller":"Surfnet\\StepupMiddleware\\ApiBundle\\Controller\\CommandController::handleAction","_route":"command_handle"},"request_uri":"https://sa-mw.test2.surfconext.nl/command","method":"POST"},"extra":{"server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"c47ccd7d446937bb9cf4a482686aaf3f"}}
{"channel":"security","level":"INFO","message":"Basic authentication Authorization header found for user.","context":{"username":"ra"},"extra":{"server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"c47ccd7d446937bb9cf4a482686aaf3f"}}
Dec 31 12:40:50 test-app stepup-middleware[30460]: {"channel":"app","level":"NOTICE","message":"Received request to process Command \"Surfnet\\StepupMiddleware\\CommandHandlingBundle\\Identity\\Command\\AccreditIdentityCommand[310f5615-8afd-4dcb-b0a5-51fc8989318c]\"","context":[],"extra":{"server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"NOTICE","message":"Ensuring that the actor institution is on the whitelist, or the actor is SRAA","context":[],"extra":{"server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"ERROR","message":"Exception occurred while processing command \"Surfnet\\StepupMiddleware\\CommandHandlingBundle\\Identity\\Command\\AccreditIdentityCommand[310f5615-8afd-4dcb-b0a5-51fc8989318c]\": \"An Identity may only be accredited by configured institutions.\", rolling back transaction","context":{"exception":{"class":"Surfnet\\Stepup\\Exception\\DomainException","message":"An Identity may only be accredited by configured institutions.","code":0,"file":"/opt/stepup/Stepup-Middleware-3.0.2-20191107152854Z-b754930f35b65ec1fa211ff51ce7cd3be69f970a/src/Surfnet/Stepup/Identity/Identity.php:599"}},"extra":{"art":"17765","server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"CRITICAL","message":"An Identity may only be accredited by configured institutions.","context":{"exception":{"class":"Surfnet\\Stepup\\Exception\\DomainException","message":"An Identity may only be accredited by configured institutions.","code":0,"file":"/opt/stepup/Stepup-Middleware-3.0.2-20191107152854Z-b754930f35b65ec1fa211ff51ce7cd3be69f970a/src/Surfnet/Stepup/Identity/Identity.php:599"}},"extra":{"art":"17765","server":"sa-mw.test2.surfconext.nl","application":"middleware","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"request","level":"INFO","message":"Matched route \"ra_management_create_ra\".","context":{"route":"ra_management_create_ra","route_parameters":{"_controller":"Surfnet\\StepupRa\\RaBundle\\Controller\\RaManagementController::createRaAction","identityId":"25711854-5069-46f0-bf8a-ea0b5249f50f","_route":"ra_management_create_ra"},"request_uri":"https://ra.test2.surfconext.nl/management/create-ra/25711854-5069-46f0-bf8a-ea0b5249f50f","method":"POST"},"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"NOTICE","message":"Logged in user with a session within time limits detected, updating session state","context":[],"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"NOTICE","message":"Page for Accreditation of Identity to Ra or Raa requested","context":[],"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"INFO","message":"Command \'Identity:AccreditIdentity\' with UUID \'310f5615-8afd-4dcb-b0a5-51fc8989318c\' is executing","context":[],"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"WARNING","message":"Command \'Identity:AccreditIdentity\' with UUID \'310f5615-8afd-4dcb-b0a5-51fc8989318c\' could not be executed (Surfnet\\Stepup\\Exception\\DomainException: An Identity may only be accredited by configured institutions.)","context":[],"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}
{"channel":"app","level":"CRITICAL","message":"Accreditation of Identity \"25711854-5069-46f0-bf8a-ea0b5249f50f\" of Institution \"Institution-D.NL\" for Institution \"institution-d.nl\" with role \"raa\" failed: \"Surfnet\\Stepup\\Exception\\DomainException: An Identity may only be accredited by configured institutions.\"","context":[],"extra":{"server":"ra.test2.surfconext.nl","application":"registration-authority","request_id":"319448f1657f293eac66896c018b36a3"}}

Tested with Middleware 3.0.2 and RA 3.0.1

Estimation: 2 - 4 h

[phavekes]

This needs to be also be fixed for the selectlist on the following RA pages:

• https://ra.stepup.example.com/institution-configuration
• https://ra.stepup.example.com/locations

https://www.pivotaltracker.com/story/show/170487492/comments/210387776 (bstrooband - Jan 14, 2020)