Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: Roman K. <ro...@un...> - 2021-08-12 10:03:06
|
HI Zoltan, This is to let you know that we are working on this, and we will let you know after investigation. Thanks for reaching out to the community. Roman śr., 11 sie 2021 o 17:34 <ba...@aw...> napisał(a): > Dear Unity community, > > > > I’m trying to integrate Jupyter hub with Unity-idm. My goal is to > authenticate users using OpenID Connect. > > > > Unity version: > > 3.2.3 > > > > Relevant configuration: > > Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg > > Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg > > Jupyter-hub-client: https://snipboard.io/6olp81.jpg > > > > Relevant part of jupyterhub_config.py: > > > > c.GenericOAuthenticator.client_id="removed " > > c.GenericOAuthenticator.client_secret="removed" > > c.GenericOAuthenticator.oauth_callback_url= > https://www.mydomain.io/jupyter/hub/oauth_callback > > c.GenericOAuthenticator.authorize_url= > https://idp.mydomain.io:2443/oauth/oauth2-authz > > c.GenericOAuthenticator.token_url= > https://idp.mydomain.io:2443/oauth-token/token > > c.GenericOAuthenticator.userdata_url= > https://idp.mydomain.io:2443/oauth-token/userinfo > > c.GenericOAuthenticator.username_key="userName" > > #c.GenericOAuthenticator.userdata_params.state="state" > > c.GenericOAuthenticator.userdata_params = {'state': 'state'} > > c.GenericOAuthenticator.scope = ['profile','openid'] > > > > I’ve double checked the client_id and secret many times, I’m pretty sure > they are correct. > > What happens: > > 1. Go to https://mydomain.io/jupyter/ > 2. Click on “Sign in with OAuth 2.0” button > 3. Redirect to unity at > https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry > 4. Login with my username/password > 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg > 6. After clicking on the Confirm button I get redirected to Jupyter > hub where I get a “500: Internal Server Error”. > > > > Checking unity logs I see the following warning: > > WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > (Full stack trace at the end of the email.) > > > > This message does not tell much to me, all credentials are correct that I > configured. > > Could someone help me out? Did I misconfigure something? > > > > Cheers, > > Zoltan Bakcsa > > > > > > 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
