Menu
▾
▴
[Unity-idm-discuss] No authentication assertion found
|
From: Alvaro A. <alv...@tu...> - 2018-12-11 14:36:37
|
Hello, I'm trying to set up an OAuth 2 endpoint with a SAML authenticator (DFN AAI). Half of the authentication process seems to be working: I get forwarded to Unity (2.7.2) and see all the IdP's. Unfortunately I get an error after entering my credentials. According to the log file there is no assertion found in the SAML response. Does any one has an idea how to go about this problem? 2018-12-11T14:30:50,126 [qtp1177522153-91] DEBUG unity.server.saml.SAMLRetrievalUI: Starting remote SAML authn, current relative URI is /oauth2-as/oauth2-authz-web-entry 2018-12-11T14:30:50,240 [qtp1177522153-93] DEBUG unity.server.saml.RedirectRequestHandler: Starting SAML HTTP Redirect binding exchange with IdP https://idp2.tu-dresden.de/idp/profile/SAML2/Redirect/SSO 2018-12-11T14:30:52,410 [qtp1177522153-93] DEBUG unity.server.saml.SamlHttpServlet: Got SAML response using the HTTP POST binding 2018-12-11T14:30:52,670 [qtp1177522153-91] WARN unity.server.saml.SAMLRetrievalUI: SAML response verification or processing failed pl.edu.icm.unity.engine.api.authn.AuthenticationException: The SAML response is either invalid or is issued by an untrusted identity provider. at pl.edu.icm.unity.saml.SAMLResponseValidatorUtil.verifySAMLResponse(SAMLResponseValidatorUtil.java:88) ~[unity-server-saml-2.7.2.jar:?] at pl.edu.icm.unity.saml.sp.SAMLVerificator.getRemotelyAuthenticatedInput(SAMLVerificator.java:312) ~[unity-server-saml-2.7.2.jar:?] at pl.edu.icm.unity.saml.sp.SAMLVerificator.verifySAMLResponse(SAMLVerificator.java:283) ~[unity-server-saml-2.7.2.jar:?] at pl.edu.icm.unity.saml.sp.web.SAMLRetrievalUI.onSamlAnswer(SAMLRetrievalUI.java:213) [unity-server-saml-2.7.2.jar:?] at pl.edu.icm.unity.saml.sp.web.SAMLRetrievalUI.refresh(SAMLRetrievalUI.java:275) [unity-server-saml-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.column.AuthNPanelBase.refresh(AuthNPanelBase.java:35) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.column.ColumnInstantAuthenticationScreen.refreshAuthenticationState(ColumnInstantAuthenticationScreen.java:320) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.column.ColumnInstantAuthenticationScreen.refresh(ColumnInstantAuthenticationScreen.java:123) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:257) [unity-server-web-common-2.7.2.jar:?] at com.vaadin.ui.UI.doRefresh(UI.java:861) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:269) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:171) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:76) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1601) [vaadin-server-8.5.2.jar:8.5.2] at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:445) [vaadin-server-8.5.2.jar:8.5.2] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:77) [unity-server-web-common-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.webui.authn.ProxyAuthenticationFilter.doFilter(ProxyAuthenticationFilter.java:122) [unity-server-web-common-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:260) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleNotProtectedResource(AuthenticationFilter.java:103) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:80) [unity-server-web-common-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:232) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleRememberMe(AuthenticationFilter.java:206) [unity-server-web-common-2.7.2.jar:?] at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:84) [unity-server-web-common-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) [unity-server-engine-api-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at pl.edu.icm.unity.oauth.as.webauthz.OAuthGuardFilter.doFilterInterruptible(OAuthGuardFilter.java:91) [unity-server-oauth-2.7.2.jar:?] at pl.edu.icm.unity.oauth.as.webauthz.OAuthGuardFilter.doFilter(OAuthGuardFilter.java:52) [unity-server-oauth-2.7.2.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) [jetty-rewrite-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:690) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] Caused by: eu.unicore.samly2.exceptions.SAMLValidationException: There was no authentication assertion found in the SAML response at eu.unicore.samly2.validators.SSOAuthnResponseValidator.validate(SSOAuthnResponseValidator.java:128) ~[samly2-2.3.3.jar:2.3.3] at pl.edu.icm.unity.saml.SAMLResponseValidatorUtil.verifySAMLResponse(SAMLResponseValidatorUtil.java:85) ~[unity-server-saml-2.7.2.jar:?] ... 82 more Kind regards, Alvaro -- Dipl.-Inf. Alvaro Aguilera Wissenschaftlicher Mitarbeiter Technische Universität Dresden Zentrum für Informationsdienste und Hochleistungsrechnen Verteiltes und Datenintensives Rechnen Büro: Falkenbrunnen, Raum 242 Chemnitzer Straße 46b 01187 Dresden Tel: +49 (351) 463 33491 Email: alv...@tu... Web: http://www.tu-dresden.de/zih OTR-Fingerprint: 9CD3BC97 ACFB7430 D084BA9D 4BEB1775 4B0BA9F1 |
