Menu
▾
▴
Re: [Unity-idm-discuss] oauth clients operations requires reed capability
|
From: Sander A. <sa....@fz...> - 2017-08-02 08:55:41
|
Hi Krzysztof, the problem is solved. I forgot to assign the regular user role. Best regards, Sander Am Mittwoch, den 02.08.2017, 10:38 +0200 schrieb Sander Apweiler: > Hi Krzysztof, > > I'm struggling on a new instance with oath clients. An user signs in > to the Oauth SP and the infromation to the SPs are not released. The > SP only says "Login Error! Your IdP returned you with the error > <<"server_error">>. Please contact your IdP.". In the response is > Unexpected server error. The unity log file shows the error below. > > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - A new invocation > context was set > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - Login session was > set for the invocation context > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - Default locale was > set for the invocation context > 2017-08-01 15:40:38,827 [qtp1441014857-149] DEBUG > unity.server.RoutingServlet - Routing request to DEFAULT destination > /oauth2-authz-consentdecider > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.AuthenticationFilter - Request to not protected > address: /oauth2-as/oauth2-authz-consentdecider > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - A new invocation > context was set > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - Login session was > set for the invocation context > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.web.InvocationContextSetupFilter - Default locale was > set for the invocation context > 2017-08-01 15:40:38,827 [qtp1441014857-149] TRACE > unity.server.TransactionalAspect - Starting sql session for > execution(PreferencesManagement.getPreference(..)) > 2017-08-01 15:40:38,832 [qtp1441014857-149] TRACE > unity.server.TransactionalAspect - Releassing sql session for > execution(PreferencesManagement.getPreference(..)) > 2017-08-01 15:40:38,832 [qtp1441014857-149] DEBUG > unity.server.web.IdPPreferences - It was impossible to establish > preferences for 9 will use defaults > pl.edu.icm.unity.exceptions.AuthorizationException: Access is denied. > The operation getPreference requires 'read' capability > at > pl.edu.icm.unity.engine.authz.AuthorizationManagerImpl.checkAuthoriza > tionInternal(AuthorizationManagerImpl.java:252) > at > pl.edu.icm.unity.engine.authz.AuthorizationManagerImpl.checkAuthoriza > tion(AuthorizationManagerImpl.java:179) > > The same error message is shown for the operation getGroups. If I > sing in to the SP with an unity admin account it works. But I don't > know which access rights are wrong. Do you have a hint for this > problem? > > Best regards, > Sander > -- > Federated Systems and Data > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ------------------------------------------------------------------- > ---- > ------------------------------------------------------------------- > ---- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------------- > ---- > ------------------------------------------------------------------- > ---- > ------------------------------------------------------------------- > ----------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
