Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: Roman K. <ro...@un...> - 2021-08-13 09:54:21
|
HI Zoltan, Just check the scenario manually on my local environment for the version you are using, but I was not able to reproduce the problem. In order to proceed further with investigation, please enable the logging for the rest subsystem to the trace level, do a re-test of your scenario and provide the log records from the unity. To enable trace logging for rest, make sure to have the following in log4j2.xml file <Logger name="unity.server.rest" level="TRACE"/> Also if you could enable the trace logging for Jupyter and provide output that would be helpful. One thing which is puzzling me is why the oauth client queries the revocation endpoint after login? Thank you, Roman *From:* Roman Krysiński <ro...@un...> > *Sent:* Thursday, August 12, 2021 12:02 PM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid > user name, credential or external authentication failed > > > > HI Zoltan, > > > > This is to let you know that we are working on this, and we will let you > know after investigation. > > > > Thanks for reaching out to the community. > > Roman > > > > śr., 11 sie 2021 o 17:34 <ba...@aw...> napisał(a): > > Dear Unity community, > > > > I’m trying to integrate Jupyter hub with Unity-idm. My goal is to > authenticate users using OpenID Connect. > > > > Unity version: > > 3.2.3 > > > > Relevant configuration: > > Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg > > Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg > > Jupyter-hub-client: https://snipboard.io/6olp81.jpg > > > > Relevant part of jupyterhub_config.py: > > > > c.GenericOAuthenticator.client_id="removed " > > c.GenericOAuthenticator.client_secret="removed" > > c.GenericOAuthenticator.oauth_callback_url= > https://www.mydomain.io/jupyter/hub/oauth_callback > > c.GenericOAuthenticator.authorize_url= > https://idp.mydomain.io:2443/oauth/oauth2-authz > > c.GenericOAuthenticator.token_url= > https://idp.mydomain.io:2443/oauth-token/token > > c.GenericOAuthenticator.userdata_url= > https://idp.mydomain.io:2443/oauth-token/userinfo > > c.GenericOAuthenticator.username_key="userName" > > #c.GenericOAuthenticator.userdata_params.state="state" > > c.GenericOAuthenticator.userdata_params = {'state': 'state'} > > c.GenericOAuthenticator.scope = ['profile','openid'] > > > > I’ve double checked the client_id and secret many times, I’m pretty sure > they are correct. > > What happens: > > 1. Go to https://mydomain.io/jupyter/ > 2. Click on “Sign in with OAuth 2.0” button > 3. Redirect to unity at > https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry > 4. Login with my username/password > 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg > 6. After clicking on the Confirm button I get redirected to Jupyter > hub where I get a “500: Internal Server Error”. > > > > Checking unity logs I see the following warning: > > WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > (Full stack trace at the end of the email.) > > > > This message does not tell much to me, all credentials are correct that I > configured. > > Could someone help me out? Did I misconfigure something? > > > > Cheers, > > Zoltan Bakcsa > > > > > > 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > |
