Menu
▾
▴
[Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: <ba...@aw...> - 2021-08-11 16:28:10
|
Dear Unity community, I'm trying to integrate Jupyter hub with Unity-idm. My goal is to authenticate users using OpenID Connect. Unity version: 3.2.3 Relevant configuration: Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg Jupyter-hub-client: https://snipboard.io/6olp81.jpg Relevant part of jupyterhub_config.py: c.GenericOAuthenticator.client_id="removed " c.GenericOAuthenticator.client_secret="removed" c.GenericOAuthenticator.oauth_callback_url=https://www.mydomain.io/jupyter/h ub/oauth_callback c.GenericOAuthenticator.authorize_url=https://idp.mydomain.io:2443/oauth/oau th2-authz c.GenericOAuthenticator.token_url=https://idp.mydomain.io:2443/oauth-token/t oken c.GenericOAuthenticator.userdata_url=https://idp.mydomain.io:2443/oauth-toke n/userinfo c.GenericOAuthenticator.username_key="userName" #c.GenericOAuthenticator.userdata_params.state="state" c.GenericOAuthenticator.userdata_params = {'state': 'state'} c.GenericOAuthenticator.scope = ['profile','openid'] I've double checked the client_id and secret many times, I'm pretty sure they are correct. What happens: 1. Go to https://mydomain.io/jupyter/ 2. Click on "Sign in with OAuth 2.0" button 3. Redirect to unity at https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry 4. Login with my username/password 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg 6. After clicking on the Confirm button I get redirected to Jupyter hub where I get a "500: Internal Server Error". Checking unity logs I see the following warning: WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Invalid user name, credential or external authentication failed. (Full stack trace at the end of the email.) This message does not tell much to me, all credentials are correct that I configured. Could someone help me out? Did I misconfigure something? Cheers, Zoltan Bakcsa 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(Authenti cationInterceptor.java:118) ~[unity-server-rest-3.2.3.jar:?] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain .java:308) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb server.java:121) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes tination.java:267) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet Controller.java:234) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController. java:208) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController. java:160) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ let.java:216) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH TTPServlet.java:301) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ let.java:220) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer vlet.java:276) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler .java:1617) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:3 10) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java :264) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler .java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler .java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java :233) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java :1296) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java: 188) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java: 186) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java: 1211) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141 ) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:1 27) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSetting Handler.java:58) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHand lerCollection.java:221) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:1 27) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java: 322) ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:71 7) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:1 27) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConne ction.java:311) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConne ction.java:543) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill .java:336) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKi ll.java:313) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouK ill.java:171) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.jav a:129) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(Rese rvedThreadExecutor.java:388) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java: 806) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.j ava:938) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at java.lang.Thread.run(Thread.java:829) [?:?] Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(Authenti cationInterceptor.java:109) ~[unity-server-rest-3.2.3.jar:?] ... 56 more |
