Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: <ba...@aw...> - 2021-08-13 19:57:56
|
Hi Roman, > Can you confirm if this is true, meaning JupyterHub queries the token endpoint with base authentication with client id and client secret credentials? I cannot confirm this. Unity operates over SSL, I cannot look into the actual data stream between Unity and Jupyter hub so I don’t know what’s going on under the hood. I suppose there is no option in Unity for logging HTTP requests (together with the content). All I can confirm is that the “c.GenericOAuthenticator.client_id” and “c.GenericOAuthenticator.client_secret” properties are set in jupyterhub_config.py and their value is correct. Since at this point, I could not decide whether the Jupyterhub – GenericOAuthenticator plugin or Unity does not work as it should, I set up a Keycloak instance and checked if Jupyterhub can authenticate against it with the same plugin. It worked. Next week I’ll try to put a HTTP proxy between Unity and Jupyterhub so that I can sniff the communication between them. In the meantime, ideas about what could be possible misconfigured and/or working configuration examples (both Unity and Jupyter side) are welcomed. Br, Zoltan From: Roman Krysiński <ro...@un...> Sent: Friday, August 13, 2021 6:03 PM To: ba...@aw... Cc: Unity ML <uni...@li...> Subject: *****SPAM***** Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed HI Zoltan, Thank you very much, that was helpful. > Does that mean my configuration posted in my first email looks fine? I haven't spottent problem in the Unity configuration at first glance. Looking at the JupyterHub however I noticed this: > 403 POST https://idp.my-domain.io:2443/oauth-token/token: Token endpoint is protected and all requests require proper authorization. Can you confirm if this is true, meaning JupyterHub queries the token endpoint with base authentication with client id and client secret credentials? Thank you, Roman pt., 13 sie 2021 o 16:18 <ba...@aw... <mailto:ba...@aw...> > napisał(a): Hi Roman, Many thanks for looking into it. >Just check the scenario manually on my local environment for the version you are using, but I was not able to reproduce the problem. Does that mean my configuration posted in my first email looks fine? > please enable the logging for the rest subsystem to the trace level Unity logs: ========= 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE unity.server.oauth.OAuthParseServlet: Received GET request to the OAuth2 authorization endpoint 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE unity.server.oauth.OAuthParseServlet: Starting OAuth2 authorization request processing 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE unity.server.oauth.OAuthParseServlet: Request to protected address, with OAuth2 input, will be processed: /oauth/oauth2-authz 2021-08-13T12:37:16,123 [qtp620381176-33] TRACE unity.server.oauth.OAuthParseServlet: Parsed OAuth request: response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io <http://2Fwww.my-domain.io> %2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=eyJzdGF0ZV9pZCI6ICJjNTAxMmRlYTYxMTQ0ZGUzOTgwZDkzMmI0MzkwYTFmZSIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D&scope=profile+openid 2021-08-13T12:37:16,134 [qtp620381176-33] TRACE unity.server.oauth.OAuthParseServlet: Request with OAuth input handled successfully 2021-08-13T12:37:16,170 [qtp620381176-36] TRACE unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing address, with OAuth context: /oauth/oauth2-authz-web-entry 2021-08-13T12:37:16,219 [qtp620381176-36] TRACE unity.server.oauth.ASConsentDeciderServlet: Consent is required for OAuth request, forwarding to consent UI 2021-08-13T12:37:16,328 [qtp620381176-36] TRACE unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing address, with OAuth context: /oauth/oauth2-authz-web-entry 2021-08-13T12:37:16,425 [qtp620381176-36] DEBUG unity.server.externaltranslation.OutputTranslationProfile:[[TrProfile Embedded]] Unprocessed data from local database: Entity 49: - [userName] bakcsa - [persistent] 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm - [targetedPersistent] 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm - [transient] 473eea20-47b6-4180-b02f-81559c521e4d for 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm Attributes: - sys:LastAuthentication: [2021-08-13T12:10:25] - firstname: [Zoltan] - surname: [Bakcsa] - name: [Zoltan Bakcsa] - sys:AuthorizationRole: [System Manager] - sys:CredentialRequirements: [Password requirement] - email: [{"value":ba...@aw... <mailto:ba...@aw...> ,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] - sys:Preferences: [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] In group: / Groups: [/moderators, /] Requester: 08e778e4-39a5-4a89-a5a2-ed100edf6d30 Requester attributes: - sys:oauth:clientType: [CONFIDENTIAL] - sys:oauth:allowedReturnURI: [https://www.my-domain.io/jupyter/hub/oauth_callback] - sys:oauth:allowedGrantFlows: [authorizationCode, implicit, client, openidHybrid] - sys:oauth:clientName: [Jupyter hub login] Protocol: OAuth2:authorizationCode 2021-08-13T12:37:16,437 [qtp620381176-36] DEBUG unity.server.externaltranslation.OutputTranslationRule:[[TrProfile Embedded], [r: 1]] Condition OK 2021-08-13T12:37:16,438 [qtp620381176-36] DEBUG unity.server.externaltranslation.CreateAttributeAction:[[TrProfile Embedded], [r: 1], [08e778e4-39a5-4a89-a5a2-ed100edf6d30 - eId: 49]] Created a new attribute: userName: [bakcsa] with meta [userName, userName, false] 2021-08-13T12:37:16,443 [qtp620381176-36] DEBUG unity.server.externaltranslation.OutputTranslationEngine: Output translation result: TranslationResult: attributes=[name: [Zoltan Bakcsa] with meta [Name, Name, false], sys:CredentialRequirements: [Password requirement] with meta [sys:CredentialRequirements, Defines which credential requirements are set for the owner, false], email: [{"value":ba...@aw... <mailto:ba...@aw...> ,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] with meta [E-mail address, E-mail address, false], sys:Preferences: [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] with meta [sys:Preferences, Preferences of the user, false], surname: [Bakcsa] with meta [Surname, null, false], userName: [bakcsa] with meta [userName, userName, false], sys:LastAuthentication: [2021-08-13T12:10:25] with meta [sys:LastAuthentication, Stores date and time of the last successful authentication. The format is ISO time in UTC time zone with seconds precision, e.g.: 2011-12-03T10:15:30, false], firstname: [Zoltan] with meta [Firstname, null, false], sys:AuthorizationRole: [System Manager] with meta [Authorization role, Defines what operations are allowed for the bearer. The attribute of this type defines the access in the group where it is defined and in all subgroups. In subgroup it can be redefined to grant more access. Roles: <b>System Manager</b> - System manager with all privileges. <b>Contents Manager</b> - Allows for performing all management operations related to groups, entities and attributes. Also allows for reading information about hidden attributes. <b>Privileged Inspector</b> - Allows for reading entities, groups and attributes, including the attributes visible locally only. No modifications are possible <b>Inspector</b> - Allows for reading entities, groups and attributes. No modifications are possible <b>Regular User</b> - Allows owners for reading of the basic system information, retrieval of information about themselves and also for changing self managed attributes, identities and passwords <b>Anonymous User</b> - Allows for minimal access to the system: owners can get basic system information and retrieve information about themselves , false]] identities=[[userName] bakcsa, [persistent] 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm, [targetedPersistent] 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm, [transient] 473eea20-47b6-4180-b02f-81559c521e4d for 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm] attributesToPersist=[] identitiesToPersist=[] redirectURL=null 2021-08-13T12:37:16,572 [qtp620381176-33] TRACE unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal address /oauth/oauth2-authz-web-entry/UIDL/ 2021-08-13T12:37:17,632 [qtp620381176-29] TRACE unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal address /oauth/oauth2-authz-web-entry/UIDL/ 2021-08-13T12:37:24,831 [qtp620381176-33] TRACE unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal address /oauth/oauth2-authz-web-entry/UIDL/ 2021-08-13T12:37:25,142 [qtp620381176-29] TRACE unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing address, with OAuth context: /oauth/oauth2-authz-web-entry 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE unity.server.rest.AuthenticationInterceptor: Processing authenticator pwd 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE unity.server.rest.HttpBasicRetrievalBase: HTTP BASIC auth header found 2021-08-13T12:37:25,379 [qtp620381176-29] TRACE unity.server.rest.AuthenticationInterceptor: Authenticator pwd returned deny 2021-08-13T12:37:25,379 [qtp620381176-29] DEBUG unity.server.rest.AuthenticationInterceptor: Authentication set failed to authenticate the client using flow pwd, will try another: pl.edu.icm.unity.engine.api.authn.AuthenticationException: AuthenticationProcessorImpl.authnFailed 2021-08-13T12:37:25,379 [qtp620381176-29] INFO unity.server.rest.AuthenticationInterceptor: Authentication failed for client 2021-08-13T12:37:25,380 [qtp620381176-29] WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://token.as.oauth.unity.icm.edu.pl/}DiscoveryResource <http://token.as.oauth.unity.icm.edu.pl/%7DDiscoveryResource> has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) ~[unity-server-rest-3.2.3.jar:?] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at java.lang.Thread.run(Thread.java:829) [?:?] Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) ~[unity-server-rest-3.2.3.jar:?] ... 56 more 2021-08-13T12:37:25,381 [qtp620381176-29] DEBUG unity.server.rest.EngineExceptionMapper: Access denied for rest client pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) ~[unity-server-rest-3.2.3.jar:?] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at java.lang.Thread.run(Thread.java:829) [?:?] Jupyter-hub logs: ============== swarm-1 | [I 2021-08-13 12:46:27.940 JupyterHub log:189] 200 GET /jupyter/hub/login?next=%2Fjupyter%2Fhub%2F (@::ffff:10.0.0.2) 3.06ms swarm-1 | [D 2021-08-13 12:46:28.028 JupyterHub log:189] 200 GET /jupyter/hub/static/favicon.ico?v=fde5757cd3892b979919d3b1faa88a410f28829feb5ba22b6cf069f2c6c98675fceef90f932e49b510e74d65c681d5846b943e7f7cc1b41867422f0481085c1f (@::ffff:10.0.0.2) 1.32ms swarm-1 | [I 2021-08-13 12:46:34.633 JupyterHub oauth2:111] OAuth redirect: 'https://www.my-domain.io/jupyter/hub/oauth_callback' swarm-1 | [D 2021-08-13 12:46:34.633 JupyterHub base:526] Setting cookie oauthenticator-state: {'httponly': True, 'expires_days': 1} swarm-1 | [I 2021-08-13 12:46:34.634 JupyterHub log:189] 302 GET /jupyter/hub/oauth_login?next=%2Fjupyter%2Fhub%2F -> https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code <https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=%5bsecret%5d&scope=profile+openid> &redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=[secret]&scope=profile+openid (@::ffff:10.0.0.2) 1.87ms swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub oauth2:389] Error fetching access token 403 POST https://idp.my-domain.io:2443/oauth-token/token: { swarm-1 | "error": "AuthenticationException", swarm-1 | "message": "Invalid user name, credential or external authentication failed. " swarm-1 | } swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub web:1789] Uncaught exception GET /jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D (::ffff:10.0.0.2) swarm-1 | HTTPServerRequest(protocol='http', host='my-domain.io <http://my-domain.io> ', method='GET', uri='/jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D', version='HTTP/1.1', remote_ip='::ffff:10.0.0.2') swarm-1 | Traceback (most recent call last): swarm-1 | File "/usr/local/lib/python3.8/dist-packages/tornado/web.py", line 1704, in _execute swarm-1 | result = await result swarm-1 | File "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line 231, in get swarm-1 | user = await self.login_user() swarm-1 | File "/usr/local/lib/python3.8/dist-packages/jupyterhub/handlers/base.py", line 754, in login_user swarm-1 | authenticated = await self.authenticate(data) swarm-1 | File "/usr/local/lib/python3.8/dist-packages/jupyterhub/auth.py", line 469, in get_authenticated_user swarm-1 | authenticated = await maybe_future(self.authenticate(handler, data)) swarm-1 | File "/usr/local/lib/python3.8/dist-packages/oauthenticator/generic.py", line 169, in authenticate swarm-1 | token_resp_json = await self._get_token(headers, params) swarm-1 | File "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line 390, in fetch swarm-1 | raise e swarm-1 | File "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line 369, in fetch swarm-1 | resp = await self.http_client.fetch(req, **kwargs) swarm-1 | tornado.httpclient.HTTPClientError: HTTP 403: Forbidden swarm-1 | swarm-1 | [D 2021-08-13 12:46:36.638 JupyterHub base:1285] No template for 500 swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:181] { swarm-1 | "X-Forwarded-Proto": "http", swarm-1 | "X-Forwarded-Port": "80", swarm-1 | "Connection": "close", swarm-1 | "X-Forwarded-Server": "my-domain.io <http://my-domain.io> ", swarm-1 | "X-Forwarded-Host": "my-domain.io <http://my-domain.io> ", swarm-1 | "X-Forwarded-For": "82.218.144.186,::ffff:10.0.0.2", swarm-1 | "Cookie": "_shibsession_64656661756c7468747470733a2f2f706f6c61727465702e696f2f73686962626f6c657468=[secret]; jupyterhub-session-id=[secret]; _xsrf=[secret]; oauthenticator-state=[secret]", swarm-1 | "Accept-Language": "en-US,en;q=0.9,hu;q=0.8,de;q=0.7", swarm-1 | "Accept-Encoding": "gzip, deflate, br", swarm-1 | "Referer": https://idp.my-domain.io:2443/, swarm-1 | "Sec-Ch-Ua-Mobile": "?0", swarm-1 | "Sec-Ch-Ua": "\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\"", swarm-1 | "Sec-Fetch-Dest": "document", swarm-1 | "Sec-Fetch-User": "?1", swarm-1 | "Sec-Fetch-Mode": "navigate", swarm-1 | "Sec-Fetch-Site": "same-site", swarm-1 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", swarm-1 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.73", swarm-1 | "Upgrade-Insecure-Requests": "1", swarm-1 | "Cache-Control": "max-age=0", swarm-1 | "Host": "my-domain.io <http://my-domain.io> " swarm-1 | } swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:189] 500 GET /jupyter/hub/oauth_callback?code=[secret]&state=[secret] (@::ffff:10.0.0.2) 72.98ms From: Roman Krysiński <ro...@un... <mailto:ro...@un...> > Sent: Friday, August 13, 2021 11:54 AM To: ba...@aw... <mailto:ba...@aw...> Cc: Unity ML <uni...@li... <mailto:uni...@li...> > Subject: *****SPAM***** Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed HI Zoltan, Just check the scenario manually on my local environment for the version you are using, but I was not able to reproduce the problem. In order to proceed further with investigation, please enable the logging for the rest subsystem to the trace level, do a re-test of your scenario and provide the log records from the unity. To enable trace logging for rest, make sure to have the following in log4j2.xml file <Logger name="unity.server.rest" level="TRACE"/> Also if you could enable the trace logging for Jupyter and provide output that would be helpful. One thing which is puzzling me is why the oauth client queries the revocation endpoint after login? Thank you, Roman From: Roman Krysiński <ro...@un... <mailto:ro...@un...> > Sent: Thursday, August 12, 2021 12:02 PM To: ba...@aw... <mailto:ba...@aw...> Cc: Unity ML <uni...@li... <mailto:uni...@li...> > Subject: Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed HI Zoltan, This is to let you know that we are working on this, and we will let you know after investigation. Thanks for reaching out to the community. Roman śr., 11 sie 2021 o 17:34 <ba...@aw... <mailto:ba...@aw...> > napisał(a): Dear Unity community, I’m trying to integrate Jupyter hub with Unity-idm. My goal is to authenticate users using OpenID Connect. Unity version: 3.2.3 Relevant configuration: Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg Jupyter-hub-client: https://snipboard.io/6olp81.jpg Relevant part of jupyterhub_config.py: c.GenericOAuthenticator.client_id="removed " c.GenericOAuthenticator.client_secret="removed" c.GenericOAuthenticator.oauth_callback_url=https://www.mydomain.io/jupyter/hub/oauth_callback c.GenericOAuthenticator.authorize_url=https://idp.mydomain.io:2443/oauth/oauth2-authz c.GenericOAuthenticator.token_url=https://idp.mydomain.io:2443/oauth-token/token c.GenericOAuthenticator.userdata_url=https://idp.mydomain.io:2443/oauth-token/userinfo c.GenericOAuthenticator.username_key="userName" #c.GenericOAuthenticator.userdata_params.state="state" c.GenericOAuthenticator.userdata_params = {'state': 'state'} c.GenericOAuthenticator.scope = ['profile','openid'] I’ve double checked the client_id and secret many times, I’m pretty sure they are correct. What happens: 1. Go to https://mydomain.io/jupyter/ 2. Click on “Sign in with OAuth 2.0” button 3. Redirect to unity at https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry 4. Login with my username/password 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg 6. After clicking on the Confirm button I get redirected to Jupyter hub where I get a “500: Internal Server Error”. Checking unity logs I see the following warning: WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://token.as.oauth.unity.icm.edu.pl/}RevocationResource <http://token.as.oauth.unity.icm.edu.pl/%7DRevocationResource> has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Invalid user name, credential or external authentication failed. (Full stack trace at the end of the email.) This message does not tell much to me, all credentials are correct that I configured. Could someone help me out? Did I misconfigure something? Cheers, Zoltan Bakcsa 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://token.as.oauth.unity.icm.edu.pl/}RevocationResource <http://token.as.oauth.unity.icm.edu.pl/%7DRevocationResource> has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) ~[unity-server-rest-3.2.3.jar:?] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core-3.3.1.jar:3.3.1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.2.3.jar:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] at java.lang.Thread.run(Thread.java:829) [?:?] Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user name, credential or external authentication failed. at pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) ~[unity-server-rest-3.2.3.jar:?] ... 56 more _______________________________________________ Unity-idm-discuss mailing list Uni...@li... <mailto:Uni...@li...> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss _______________________________________________ Unity-idm-discuss mailing list Uni...@li... <mailto:Uni...@li...> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss |
