Re: [Unity-idm-discuss] Using UNICORE with Unity

[Alvaro A. <alv...@tu...>]

Hi Krzysztof,

thank you for the hint. I changed the authenticator type and it goes an 
step further but still get an authentication error:


**************************
UNITY Server Started
**************************
2015-11-30 13:20:12,965 [main] INFO org.eclipse.jetty.server.Server  - 
jetty-8.1.18.v20150929
2015-11-30 13:20:13,094 [main] INFO 
org.eclipse.jetty.server.AbstractConnector  - Started 
NIO...@un...:2443
2015-11-30 13:20:13,095 [main] INFO unity.server.config.JettyServerBase  
- Jetty HTTP server was started
2015-11-30 13:20:26,330 [qtp1704979234-39] DEBUG 
unity.server.ldap.LdapClient  - Established connection to LDAP server
2015-11-30 13:20:26,353 [qtp1704979234-39] DEBUG 
unity.server.ldap.LdapClient  - Established user's DN is: 
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de
2015-11-30 13:20:26,388 [qtp1704979234-39] DEBUG 
unity.server.ldap.LdapClient  - LDAP bind as user 
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de was successful
2015-11-30 13:20:26,695 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationProfile [TrProfile 
LDAP-Test] - Input received from IdP ldap:
Identities:
  - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de (x500Name)
Attributes:
  - uid: [projektnutzer01]
  - homeDirectory: [/home/projektnutzer01]
  - ou: [Zentr.f.Inform.dienste u.Hochleistrechn., Fak. Mathematik und 
Naturwissenschaften]
  - uidNumber: [20000037]
  - givenName: [Projekt01]
  - objectClass: [inetOrgPerson, organizationalPerson, person, top, 
posixAccount]
  - sn: [Nutzer]
  - cn: [projektnutzer01]
  - gidNumber: [40000007]

2015-11-30 13:20:26,697 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 1] - Condition OK
2015-11-30 13:20:26,729 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapIdentityAction [TrProfile LDAP-Test] 
[r: 1] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - 
Mapped identity: [x500Name] uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de
2015-11-30 13:20:26,730 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 2] - Condition OK
2015-11-30 13:20:26,730 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapIdentityAction [TrProfile LDAP-Test] 
[r: 2] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - 
Mapped identity: [userName] projektnutzer01
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 3] - Condition OK
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapAttributeAction [TrProfile 
LDAP-Test] [r: 3] [ldap - 
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Mapped attribute: 
cn: [projektnutzer01]
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 4] - Condition OK
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapAttributeAction [TrProfile 
LDAP-Test] [r: 4] [ldap - 
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Mapped attribute: 
urn:unicore:attrType:xlogin: [projektnutzer01]
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 5] - Condition OK
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapAttributeAction [TrProfile 
LDAP-Test] [r: 5] [ldap - 
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Attribute value 
evaluated to null, skipping
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationRule [TrProfile 
LDAP-Test] [r: 6] - Condition OK
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.MapGroupAction [TrProfile LDAP-Test] 
[r: 6] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - 
Mapped group: /portal
2015-11-30 13:20:26,783 [qtp1704979234-39] DEBUG 
unity.server.externaltranslation.InputTranslationEngine  - No identity 
needs to be added
2015-11-30 13:20:26,803 [qtp1704979234-39] INFO 
unity.server.externaltranslation.InputTranslationEngine  - Adding to 
group /portal
2015-11-30 13:20:26,811 [qtp1704979234-39] INFO 
unity.server.rest.AuthenticationInterceptor  - Authentication failed for 
client
2015-11-30 13:20:26,814 [qtp1704979234-39] WARN 
org.apache.cxf.phase.PhaseInterceptorChain  - Interceptor for 
{http://ws.samlidp.unicore.unity.icm.edu.pl/}SAMLETDAuthnImplService#{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest 
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Invalid user name, credential or 
external authentication failed.
         at 
pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:114)
         at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
         at 
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
         at 
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
         at 
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
         at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
         at 
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
         at 
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
         at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
         at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
         at 
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
         at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
         at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
         at 
org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
         at 
org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:256)
         at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
         at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
         at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
         at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
         at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
         at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
         at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
         at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
         at 
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
         at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
         at 
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:317)
         at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
         at org.eclipse.jetty.server.Server.handle(Server.java:370)
         at 
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
         at 
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
         at 
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
         at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:861)
         at 
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:236)
         at 
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
         at 
org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
         at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
         at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
         at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
         at 
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
         at java.lang.Thread.run(Thread.java:745)
Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: 
Invalid user name, credential or external authentication failed.
         at 
pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:105)
         ... 40 more


any idea?

Thanks again,
Alvaro



On 11/30/2015 10:28 AM, Krzysztof Benedyczak wrote:
> Hi,
>
> W dniu 30.11.2015 o 10:22, Alvaro Aguilera pisze:
>> Hi Bern,
>>
>> when I add the authenticator to the endpoint like this:
>>
>> ...
>> unityServer.core.authenticators.6.authenticatorName=ldapZIH
>> unityServer.core.authenticators.6.authenticatorType=ldap with 
>> web-password
>> unityServer.core.authenticators.6.verificatorConfigurationFile=conf/authenticators/ldap-zih.properties 
>>
>>
>> unityServer.core.authenticators.6.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json 
>>
>>
>> ...
>> unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
>> unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties 
>>
>>
>> unityServer.core.endpoints.4.contextPath=/unicore-soapidp
>> unityServer.core.endpoints.4.endpointRealm=defaultRealm
>> unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML 
>> service
>> unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;certWS;ldapZIH
>>
>>
>> I get the following error:
>>
>> ------------------
>> 2015-11-30 10:12:07,007 [main] FATAL unity.server.EngineInitialization -
>> Can't load endpoints which are configured
>> java.lang.NullPointerException
>
> Your authenticator is configured for the web endpoints
>
> unityServer.core.authenticators.6.authenticatorType=ldap with 
> web-password
>
> that is it can retrieve password via web widget and is useful for 
> instance for authN from UNICORE portal. You need to have "ldap with 
> cxf-httpbasic" in order to get password from web service client 
> (unicore/X)
>
> I'll have to check this NPE - looks like a regression, the logged 
> error should be informative.
>
> Best,
> Krzysztof
>


-- 
Dipl.-Inf. Alvaro Aguilera
Wissenschaftlicher Mitarbeiter

Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen
Verteiltes und Datenintensives Rechnen

Büro:   Falkenbrunnen, Raum 256
         Chemnitzer Straße 46b
         01187 Dresden
Tel:    +49 (351) 463 33491
Email:  alv...@tu...
Web:    http://www.tu-dresden.de/zih

OTR-Fingerprint:
9CD3BC97 ACFB7430 D084BA9D 4BEB1775 4B0BA9F1