Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: Roman K. <ro...@un...> - 2021-08-13 16:03:26
|
HI Zoltan, Thank you very much, that was helpful. > Does that mean my configuration posted in my first email looks fine? I haven't spottent problem in the Unity configuration at first glance. Looking at the JupyterHub however I noticed this: > 403 POST https://idp.my-domain.io:2443/oauth-token/token: Token endpoint is protected and all requests require proper authorization. Can you confirm if this is true, meaning JupyterHub queries the token endpoint with base authentication with client id and client secret credentials? Thank you, Roman pt., 13 sie 2021 o 16:18 <ba...@aw...> napisał(a): > Hi Roman, > > > > Many thanks for looking into it. > > > > >Just check the scenario manually on my local environment for the version > you are using, but I was not able to reproduce the problem. > Does that mean my configuration posted in my first email looks fine? > > > > > please enable the logging for the rest subsystem to the trace level > > Unity logs: > ========= > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Received GET request to the OAuth2 > authorization endpoint > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Starting OAuth2 authorization request > processing > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Request to protected address, with > OAuth2 input, will be processed: /oauth/oauth2-authz > > 2021-08-13T12:37:16,123 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Parsed OAuth request: > response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io > %2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=eyJzdGF0ZV9pZCI6ICJjNTAxMmRlYTYxMTQ0ZGUzOTgwZDkzMmI0MzkwYTFmZSIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D&scope=profile+openid > > 2021-08-13T12:37:16,134 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Request with OAuth input handled > successfully > > 2021-08-13T12:37:16,170 [qtp620381176-36] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:16,219 [qtp620381176-36] TRACE > unity.server.oauth.ASConsentDeciderServlet: Consent is required for OAuth > request, forwarding to consent UI > > 2021-08-13T12:37:16,328 [qtp620381176-36] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:16,425 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationProfile:[[TrProfile > Embedded]] Unprocessed data from local database: > > Entity 49: > > - [userName] bakcsa > > - [persistent] 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm > > - [targetedPersistent] 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm > > - [transient] 473eea20-47b6-4180-b02f-81559c521e4d for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm > > Attributes: > > - sys:LastAuthentication: [2021-08-13T12:10:25] > > - firstname: [Zoltan] > > - surname: [Bakcsa] > > - name: [Zoltan Bakcsa] > > - sys:AuthorizationRole: [System Manager] > > - sys:CredentialRequirements: [Password requirement] > > - email: [{"value":ba...@aw... > ,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] > > - sys:Preferences: > [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate > credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] > > In group: / > > Groups: [/moderators, /] > > Requester: 08e778e4-39a5-4a89-a5a2-ed100edf6d30 > > Requester attributes: > > - sys:oauth:clientType: [CONFIDENTIAL] > > - sys:oauth:allowedReturnURI: [ > https://www.my-domain.io/jupyter/hub/oauth_callback] > > - sys:oauth:allowedGrantFlows: [authorizationCode, implicit, client, > openidHybrid] > > - sys:oauth:clientName: [Jupyter hub login] > > Protocol: OAuth2:authorizationCode > > 2021-08-13T12:37:16,437 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationRule:[[TrProfile > Embedded], [r: 1]] Condition OK > > 2021-08-13T12:37:16,438 [qtp620381176-36] DEBUG > unity.server.externaltranslation.CreateAttributeAction:[[TrProfile > Embedded], [r: 1], [08e778e4-39a5-4a89-a5a2-ed100edf6d30 - eId: 49]] > Created a new attribute: userName: [bakcsa] with meta [userName, userName, > false] > > 2021-08-13T12:37:16,443 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationEngine: Output > translation result: > > TranslationResult: > > attributes=[name: [Zoltan Bakcsa] with meta [Name, Name, false], > sys:CredentialRequirements: [Password requirement] with meta > [sys:CredentialRequirements, Defines which credential requirements are set > for the owner, false], email: [{"value":ba...@aw...,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] > with meta [E-mail address, E-mail address, false], sys:Preferences: > [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate > credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] > with meta [sys:Preferences, Preferences of the user, false], surname: > [Bakcsa] with meta [Surname, null, false], userName: [bakcsa] with meta > [userName, userName, false], sys:LastAuthentication: [2021-08-13T12:10:25] > with meta [sys:LastAuthentication, Stores date and time of the last > successful authentication. The format is ISO time in UTC time zone with > seconds precision, e.g.: 2011-12-03T10:15:30, false], firstname: [Zoltan] > with meta [Firstname, null, false], sys:AuthorizationRole: [System Manager] > with meta [Authorization role, Defines what operations are allowed for the > bearer. The attribute of this type defines the access in the group where it > is defined and in all subgroups. In subgroup it can be redefined to grant > more access. Roles: > > <b>System Manager</b> - System manager with all privileges. > > <b>Contents Manager</b> - Allows for performing all management operations > related to groups, entities and attributes. Also allows for reading > information about hidden attributes. > > <b>Privileged Inspector</b> - Allows for reading entities, groups and > attributes, including the attributes visible locally only. No modifications > are possible > > <b>Inspector</b> - Allows for reading entities, groups and attributes. No > modifications are possible > > <b>Regular User</b> - Allows owners for reading of the basic system > information, retrieval of information about themselves and also for > changing self managed attributes, identities and passwords > > <b>Anonymous User</b> - Allows for minimal access to the system: owners > can get basic system information and retrieve information about themselves > > , false]] > > identities=[[userName] bakcsa, [persistent] > 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm, [targetedPersistent] > 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm, [transient] > 473eea20-47b6-4180-b02f-81559c521e4d for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm] > > attributesToPersist=[] > > identitiesToPersist=[] > > redirectURL=null > > 2021-08-13T12:37:16,572 [qtp620381176-33] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:17,632 [qtp620381176-29] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:24,831 [qtp620381176-33] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:25,142 [qtp620381176-29] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE > unity.server.rest.AuthenticationInterceptor: Processing authenticator pwd > > 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE > unity.server.rest.HttpBasicRetrievalBase: HTTP BASIC auth header found > > 2021-08-13T12:37:25,379 [qtp620381176-29] TRACE > unity.server.rest.AuthenticationInterceptor: Authenticator pwd returned deny > > 2021-08-13T12:37:25,379 [qtp620381176-29] DEBUG > unity.server.rest.AuthenticationInterceptor: Authentication set failed to > authenticate the client using flow pwd, will try another: > pl.edu.icm.unity.engine.api.authn.AuthenticationException: > AuthenticationProcessorImpl.authnFailed > > 2021-08-13T12:37:25,379 [qtp620381176-29] INFO > unity.server.rest.AuthenticationInterceptor: Authentication failed for > client > > 2021-08-13T12:37:25,380 [qtp620381176-29] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}DiscoveryResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > > 2021-08-13T12:37:25,381 [qtp620381176-29] DEBUG > unity.server.rest.EngineExceptionMapper: Access denied for rest client > > pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user > name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > > > > > Jupyter-hub logs: > ============== > > swarm-1 | [I 2021-08-13 12:46:27.940 JupyterHub log:189] 200 GET > /jupyter/hub/login?next=%2Fjupyter%2Fhub%2F (@::ffff:10.0.0.2) 3.06ms > > swarm-1 | [D 2021-08-13 12:46:28.028 JupyterHub log:189] 200 GET > /jupyter/hub/static/favicon.ico?v=fde5757cd3892b979919d3b1faa88a410f28829feb5ba22b6cf069f2c6c98675fceef90f932e49b510e74d65c681d5846b943e7f7cc1b41867422f0481085c1f > (@::ffff:10.0.0.2) 1.32ms > > swarm-1 | [I 2021-08-13 12:46:34.633 JupyterHub oauth2:111] OAuth > redirect: 'https://www.my-domain.io/jupyter/hub/oauth_callback' > > swarm-1 | [D 2021-08-13 12:46:34.633 JupyterHub base:526] Setting > cookie oauthenticator-state: {'httponly': True, 'expires_days': 1} > > swarm-1 | [I 2021-08-13 12:46:34.634 JupyterHub log:189] 302 GET > /jupyter/hub/oauth_login?next=%2Fjupyter%2Fhub%2F -> > https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=[secret]&scope=profile+openid > <https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=%5bsecret%5d&scope=profile+openid> > (@::ffff:10.0.0.2) 1.87ms > > swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub oauth2:389] Error > fetching access token 403 POST > https://idp.my-domain.io:2443/oauth-token/token: { > > swarm-1 | "error": "AuthenticationException", > > swarm-1 | "message": "Invalid user name, credential or external > authentication failed. " > > swarm-1 | } > > swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub web:1789] Uncaught > exception GET > /jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D > (::ffff:10.0.0.2) > > swarm-1 | HTTPServerRequest(protocol='http', host='my-domain.io', > method='GET', > uri='/jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D', > version='HTTP/1.1', remote_ip='::ffff:10.0.0.2') > > swarm-1 | Traceback (most recent call last): > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/tornado/web.py", line 1704, in > _execute > > swarm-1 | result = await result > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 231, in get > > swarm-1 | user = await self.login_user() > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/jupyterhub/handlers/base.py", line > 754, in login_user > > swarm-1 | authenticated = await self.authenticate(data) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/jupyterhub/auth.py", line 469, in > get_authenticated_user > > swarm-1 | authenticated = await > maybe_future(self.authenticate(handler, data)) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/generic.py", line > 169, in authenticate > > swarm-1 | token_resp_json = await self._get_token(headers, > params) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 390, in fetch > > swarm-1 | raise e > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 369, in fetch > > swarm-1 | resp = await self.http_client.fetch(req, **kwargs) > > swarm-1 | tornado.httpclient.HTTPClientError: HTTP 403: Forbidden > > swarm-1 | > > swarm-1 | [D 2021-08-13 12:46:36.638 JupyterHub base:1285] No template > for 500 > > swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:181] { > > swarm-1 | "X-Forwarded-Proto": "http", > > swarm-1 | "X-Forwarded-Port": "80", > > swarm-1 | "Connection": "close", > > swarm-1 | "X-Forwarded-Server": "my-domain.io", > > swarm-1 | "X-Forwarded-Host": "my-domain.io", > > swarm-1 | "X-Forwarded-For": "82.218.144.186,::ffff:10.0.0.2", > > swarm-1 | "Cookie": > "_shibsession_64656661756c7468747470733a2f2f706f6c61727465702e696f2f73686962626f6c657468=[secret]; > jupyterhub-session-id=[secret]; _xsrf=[secret]; > oauthenticator-state=[secret]", > > swarm-1 | "Accept-Language": "en-US,en;q=0.9,hu;q=0.8,de;q=0.7", > > swarm-1 | "Accept-Encoding": "gzip, deflate, br", > > swarm-1 | "Referer": https://idp.my-domain.io:2443/, > > swarm-1 | "Sec-Ch-Ua-Mobile": "?0", > > swarm-1 | "Sec-Ch-Ua": "\"Chromium\";v=\"92\", \" Not > A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\"", > > swarm-1 | "Sec-Fetch-Dest": "document", > > swarm-1 | "Sec-Fetch-User": "?1", > > swarm-1 | "Sec-Fetch-Mode": "navigate", > > swarm-1 | "Sec-Fetch-Site": "same-site", > > swarm-1 | "Accept": > "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", > > swarm-1 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; > x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 > Safari/537.36 Edg/92.0.902.73", > > swarm-1 | "Upgrade-Insecure-Requests": "1", > > swarm-1 | "Cache-Control": "max-age=0", > > swarm-1 | "Host": "my-domain.io" > > swarm-1 | } > > swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:189] 500 GET > /jupyter/hub/oauth_callback?code=[secret]&state=[secret] (@::ffff:10.0.0.2) > 72.98ms > > > > > > *From:* Roman Krysiński <ro...@un...> > *Sent:* Friday, August 13, 2021 11:54 AM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* *****SPAM***** Re: [Unity-idm-discuss] OpenID connect - > Jupyter hub Invalid user name, credential or external authentication failed > > > > > > HI Zoltan, > > > > Just check the scenario manually on my local environment for the version > you are using, but I was not able to reproduce the problem. > > > > In order to proceed further with investigation, please enable the logging > for the rest subsystem to the trace level, do a re-test of your scenario > and provide the log records from the unity. > > > > To enable trace logging for rest, make sure to have the following in > log4j2.xml file > > <Logger name="unity.server.rest" level="TRACE"/> > > Also if you could enable the trace logging for Jupyter and provide output > that would be helpful. One thing which is puzzling me is why the oauth > client queries the revocation endpoint after login? > > > > Thank you, > > Roman > > > > *From:* Roman Krysiński <ro...@un...> > *Sent:* Thursday, August 12, 2021 12:02 PM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid > user name, credential or external authentication failed > > > > HI Zoltan, > > > > This is to let you know that we are working on this, and we will let you > know after investigation. > > > > Thanks for reaching out to the community. > > Roman > > > > śr., 11 sie 2021 o 17:34 <ba...@aw...> napisał(a): > > Dear Unity community, > > > > I’m trying to integrate Jupyter hub with Unity-idm. My goal is to > authenticate users using OpenID Connect. > > > > Unity version: > > 3.2.3 > > > > Relevant configuration: > > Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg > > Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg > > Jupyter-hub-client: https://snipboard.io/6olp81.jpg > > > > Relevant part of jupyterhub_config.py: > > > > c.GenericOAuthenticator.client_id="removed " > > c.GenericOAuthenticator.client_secret="removed" > > c.GenericOAuthenticator.oauth_callback_url= > https://www.mydomain.io/jupyter/hub/oauth_callback > > c.GenericOAuthenticator.authorize_url= > https://idp.mydomain.io:2443/oauth/oauth2-authz > > c.GenericOAuthenticator.token_url= > https://idp.mydomain.io:2443/oauth-token/token > > c.GenericOAuthenticator.userdata_url= > https://idp.mydomain.io:2443/oauth-token/userinfo > > c.GenericOAuthenticator.username_key="userName" > > #c.GenericOAuthenticator.userdata_params.state="state" > > c.GenericOAuthenticator.userdata_params = {'state': 'state'} > > c.GenericOAuthenticator.scope = ['profile','openid'] > > > > I’ve double checked the client_id and secret many times, I’m pretty sure > they are correct. > > What happens: > > 1. Go to https://mydomain.io/jupyter/ > 2. Click on “Sign in with OAuth 2.0” button > 3. Redirect to unity at > https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry > 4. Login with my username/password > 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg > 6. After clicking on the Confirm button I get redirected to Jupyter > hub where I get a “500: Internal Server Error”. > > > > Checking unity logs I see the following warning: > > WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > (Full stack trace at the end of the email.) > > > > This message does not tell much to me, all credentials are correct that I > configured. > > Could someone help me out? Did I misconfigure something? > > > > Cheers, > > Zoltan Bakcsa > > > > > > 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
