Menu
▾
▴
[Unity-idm-discuss] oauth clients operations requires reed capability
|
From: Sander A. <sa....@fz...> - 2017-08-02 08:39:44
|
Hi Krzysztof,
I'm struggling on a new instance with oath clients. An user signs in to
the Oauth SP and the infromation to the SPs are not released. The SP
only says "Login Error! Your IdP returned you with the error
<<"server_error">>. Please contact your IdP.". In the response is
Unexpected server error. The unity log file shows the error below.
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - A new invocation
context was set
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - Login session was set
for the invocation context
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - Default locale was set
for the invocation context
2017-08-01 15:40:38,827 [qtp1441014857-149] DEBUG
unity.server.RoutingServlet - Routing request to DEFAULT destination
/oauth2-authz-consentdecider
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.AuthenticationFilter - Request to not protected
address: /oauth2-as/oauth2-authz-consentdecider
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - A new invocation
context was set
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - Login session was set
for the invocation context
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.web.InvocationContextSetupFilter - Default locale was set
for the invocation context
2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE
unity.server.TransactionalAspect - Starting sql session for
execution(PreferencesManagement.getPreference(..))
2017-08-01 15:40:38,832 [qtp1441014857-149] TRACE
unity.server.TransactionalAspect - Releassing sql session for
execution(PreferencesManagement.getPreference(..))
2017-08-01 15:40:38,832 [qtp1441014857-149] DEBUG
unity.server.web.IdPPreferences - It was impossible to establish
preferences for 9 will use defaults
pl.edu.icm.unity.exceptions.AuthorizationException: Access is denied.
The operation getPreference requires 'read' capability
at
pl.edu.icm.unity.engine.authz.AuthorizationManagerImpl.checkAuthorizati
onInternal(AuthorizationManagerImpl.java:252)
at
pl.edu.icm.unity.engine.authz.AuthorizationManagerImpl.checkAuthorizati
on(AuthorizationManagerImpl.java:179)
The same error message is shown for the operation getGroups. If I sing
in to the SP with an unity admin account it works. But I don't know
which access rights are wrong. Do you have a hint for this problem?
Best regards,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
