Menu
▾
▴
[Unity-idm-discuss] Error authenticating with remote OIDC Authz-Server/Provider
|
From: Shiraz M. <a....@fz...> - 2017-10-07 12:45:53
|
Hi, I have a remote OIDC server, which is configured in unity v2.2.0 as a custom provider, with the following settings: unity.oauth2.client.providers.eduteams.type=custom unity.oauth2.client.providers.eduteams.name<http://unity.oauth2.client.providers.eduteams.name>=eduteams unity.oauth2.client.providers.eduteams.clientId=b2access_client unity.oauth2.client.providers.eduteams.clientSecret=<SECRET> unity.oauth2.client.providers.eduteams.scopes=openid unity.oauth2.client.providers.eduteams.translationProfile=googleProfile unity.oauth2.client.providers.eduteams.registrationFormForUnknown=Google Registration Form #unity.oauth2.client.providers.eduteams.iconUrl=eduteams_logo.jpg unity.oauth2.client.providers.eduteams.enableAccountAssociation=false unity.oauth2.client.providers.eduteams.openIdConnect=true #unity.oauth2.client.providers.eduteams.openIdConnectDiscoveryEndpoint=https://oidc.test.registry.eduteams.org/.well-known/openid-configuration unity.oauth2.client.providers.eduteams.openIdConnectDiscoveryEndpoint=https://oidc.test.registry.eduteams.org unity.oauth2.client.providers.eduteams.clientAuthenticationMode=secretBasic unity.oauth2.client.providers.eduteams.authEndpoint=https://oidc.test.registry.eduteams.org/Saml2/OIDC/authorization unity.oauth2.client.providers.eduteams.accessTokenEndpoint=https://oidc.test.registry.eduteams.org/OIDC/token unity.oauth2.client.providers.eduteams.profileEndpoint=https://oidc.test.registry.eduteams.org/OIDC/userinfo #unity.oauth2.client.providers.eduteams.accessTokenFormat=standard all the necessary information about the provider endpoints are under: https://oidc.test.registry.eduteams.org/.well-known/openid-configuration finally the error trace: 2017-10-07T14:35:38,199 [qtp1417851690-862] DEBUG unity.server.oauth.RedirectRequestHandler: Starting OAuth redirection to OAuth provider https://oidc.test.registry.eduteams.org/Saml2/OIDC/author ization?response_type=code&client_id=b2access_client&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de<http://2Funity.eudat-aai.fz-juelich.de>%2Funitygw%2Foauth2ResponseConsumer&scope=openid&state=88dd2319-6ede-403e-934a-9e7d682 2c129 2017-10-07T14:35:47,445 [qtp1417851690-863] DEBUG unity.server.oauth.ResponseConsumerServlet: Received OAuth response with valid state 88dd2319-6ede-403e-934a-9e7d6822c129, redirecting to /admin/ 2017-10-07T14:35:47,587 [qtp1417851690-859] DEBUG unity.server.oauth.OAuth2RetrievalUI: RetrievalUI received OAuth response 2017-10-07T14:35:47,747 [qtp1417851690-859] DEBUG unity.server.oauth.OAuth2RetrievalUI: OAuth2 authorization code verification or processing failed pl.edu.icm.unity.engine.api.authn.AuthenticationException: Problem during user information retrieval at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:261) ~[unity-server-oauth-2.2.0.jar:?] at pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:226) ~[unity-server-oauth-2.2.0.jar:?] at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) [unity-server-oauth-2.2.0.jar:?] at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) [unity-server-oauth-2.2.0.jar:?] at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:443) [unity-server-web-common-2.2.0.jar:?] at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:511) [unity-server-web-common-2.2.0.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:393) [unity-server-web-common-2.2.0.jar:?] at com.vaadin.ui.UI.doRefresh(UI.java:731) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) [vaadin-server-7.6.4.jar:7.6.4] at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) [vaadin-server-7.6.4.jar:7.6.4] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) [unity-server-web-common-2.2.0.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) [unity-server-web-common-2.2.0.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:77) [unity-server-web-common-2.2.0.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) [unity-server-web-common-2.2.0.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) [unity-server-web-common-2.2.0.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.6.v20170531.jar:9.4.6.v20170531] at pl.edu.icm.unity.webui.VaadinEndpoint$ForwadSerlvet.service(VaadinEndpoint.java:319) [unity-server-web-common-2.2.0.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0] Any ideas how to configure it correctly? thanks in advance, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
