Menu
▾
▴
Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid user name, credential or external authentication failed
|
From: Roman K. <ro...@un...> - 2021-08-17 12:09:23
|
Hi Zoltan, > In the meantime, ideas about what could be possible misconfigured and/or working configuration examples (both Unity and Jupyter side) are welcomed. Note that I was not using Jupyter for my tests, I just configured unity according to your screenshots and used https://oauth.tools/ for testing, Please check whether clientId and secret configured in jupyterhub_config.py are the same with those generated by Unity, or regenerate client credentials in Unity and update Jupyter config file. As an aside, I noticed that Jupyter under the hood is using Tornado as a networking library, consider enabling the Tornado lib logging to see more details in the Jupyter log: https://www.tornadoweb.org/en/stable/log.html. Best regards, Roman pt., 13 sie 2021 o 21:57 <ba...@aw...> napisał(a): > Hi Roman, > > > > > Can you confirm if this is true, meaning JupyterHub queries the token > endpoint with base authentication with client id and client secret > credentials? > > I cannot confirm this. Unity operates over SSL, I cannot look into the > actual data stream between Unity and Jupyter hub so I don’t know what’s > going on under the hood. > > I suppose there is no option in Unity for logging HTTP requests (together > with the content). > > > > All I can confirm is that the “c.GenericOAuthenticator.client_id” and > “c.GenericOAuthenticator.client_secret” properties are set in > jupyterhub_config.py and their value is correct. > > Since at this point, I could not decide whether the Jupyterhub – > GenericOAuthenticator plugin or Unity does not work as it should, I set up > a Keycloak instance and checked if Jupyterhub can authenticate against it > with the same plugin. It worked. > > > > Next week I’ll try to put a HTTP proxy between Unity and Jupyterhub so > that I can sniff the communication between them. > > In the meantime, ideas about what could be possible misconfigured and/or > working configuration examples (both Unity and Jupyter side) are welcomed. > > > > Br, > > Zoltan > > > > *From:* Roman Krysiński <ro...@un...> > *Sent:* Friday, August 13, 2021 6:03 PM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* *****SPAM***** Re: [Unity-idm-discuss] OpenID connect - > Jupyter hub Invalid user name, credential or external authentication failed > > > > HI Zoltan, > > > > Thank you very much, that was helpful. > > > > > Does that mean my configuration posted in my first email looks fine? > > I haven't spottent problem in the Unity configuration at first glance. > > > > Looking at the JupyterHub however I noticed this: > > > 403 POST https://idp.my-domain.io:2443/oauth-token/token: > > Token endpoint is protected and all requests require proper authorization. > > Can you confirm if this is true, meaning JupyterHub queries the token > endpoint with base authentication with client id and client secret > credentials? > > > > Thank you, > > Roman > > > > > > pt., 13 sie 2021 o 16:18 <ba...@aw...> napisał(a): > > Hi Roman, > > > > Many thanks for looking into it. > > > > >Just check the scenario manually on my local environment for the version > you are using, but I was not able to reproduce the problem. > Does that mean my configuration posted in my first email looks fine? > > > > > please enable the logging for the rest subsystem to the trace level > > Unity logs: > ========= > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Received GET request to the OAuth2 > authorization endpoint > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Starting OAuth2 authorization request > processing > > 2021-08-13T12:37:16,122 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Request to protected address, with > OAuth2 input, will be processed: /oauth/oauth2-authz > > 2021-08-13T12:37:16,123 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Parsed OAuth request: > response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io > %2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=eyJzdGF0ZV9pZCI6ICJjNTAxMmRlYTYxMTQ0ZGUzOTgwZDkzMmI0MzkwYTFmZSIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D&scope=profile+openid > > 2021-08-13T12:37:16,134 [qtp620381176-33] TRACE > unity.server.oauth.OAuthParseServlet: Request with OAuth input handled > successfully > > 2021-08-13T12:37:16,170 [qtp620381176-36] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:16,219 [qtp620381176-36] TRACE > unity.server.oauth.ASConsentDeciderServlet: Consent is required for OAuth > request, forwarding to consent UI > > 2021-08-13T12:37:16,328 [qtp620381176-36] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:16,425 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationProfile:[[TrProfile > Embedded]] Unprocessed data from local database: > > Entity 49: > > - [userName] bakcsa > > - [persistent] 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm > > - [targetedPersistent] 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm > > - [transient] 473eea20-47b6-4180-b02f-81559c521e4d for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm > > Attributes: > > - sys:LastAuthentication: [2021-08-13T12:10:25] > > - firstname: [Zoltan] > > - surname: [Bakcsa] > > - name: [Zoltan Bakcsa] > > - sys:AuthorizationRole: [System Manager] > > - sys:CredentialRequirements: [Password requirement] > > - email: [{"value":ba...@aw... > ,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] > > - sys:Preferences: > [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate > credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] > > In group: / > > Groups: [/moderators, /] > > Requester: 08e778e4-39a5-4a89-a5a2-ed100edf6d30 > > Requester attributes: > > - sys:oauth:clientType: [CONFIDENTIAL] > > - sys:oauth:allowedReturnURI: [ > https://www.my-domain.io/jupyter/hub/oauth_callback] > > - sys:oauth:allowedGrantFlows: [authorizationCode, implicit, client, > openidHybrid] > > - sys:oauth:clientName: [Jupyter hub login] > > Protocol: OAuth2:authorizationCode > > 2021-08-13T12:37:16,437 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationRule:[[TrProfile > Embedded], [r: 1]] Condition OK > > 2021-08-13T12:37:16,438 [qtp620381176-36] DEBUG > unity.server.externaltranslation.CreateAttributeAction:[[TrProfile > Embedded], [r: 1], [08e778e4-39a5-4a89-a5a2-ed100edf6d30 - eId: 49]] > Created a new attribute: userName: [bakcsa] with meta [userName, userName, > false] > > 2021-08-13T12:37:16,443 [qtp620381176-36] DEBUG > unity.server.externaltranslation.OutputTranslationEngine: Output > translation result: > > TranslationResult: > > attributes=[name: [Zoltan Bakcsa] with meta [Name, Name, false], > sys:CredentialRequirements: [Password requirement] with meta > [sys:CredentialRequirements, Defines which credential requirements are set > for the owner, false], email: [{"value":ba...@aw...,"confirmationData":{"confirmed":true,"confirmationDate":1,"sentRequestAmount":0},"tags":[]}] > with meta [E-mail address, E-mail address, false], sys:Preferences: > [{"pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences":"{\"spSettings\":{}}","io.imunity.webadmin.identities.IdentitiesTablePreferences":"{\"colSettings\":{\"scheduledOperation\":{\"width\":-1.0,\"order\":11,\"collapsed\":true},\"credStatus::user_password\":{\"width\":-1.0,\"order\":12,\"collapsed\":true},\"profile\":{\"width\":-1.0,\"order\":10,\"collapsed\":true},\"type\":{\"width\":-1.0,\"order\":1,\"collapsed\":false},\"local\":{\"width\":-1.0,\"order\":4,\"collapsed\":true},\"target\":{\"width\":-1.0,\"order\":7,\"collapsed\":true},\"identity\":{\"width\":-1.0,\"order\":2,\"collapsed\":false},\"credStatus::Certificate > credential\":{\"width\":-1.0,\"order\":14,\"collapsed\":true},\"dynamic\":{\"width\":-1.0,\"order\":5,\"collapsed\":true},\"realm\":{\"width\":-1.0,\"order\":8,\"collapsed\":true},\"remoteIdP\":{\"width\":-1.0,\"order\":9,\"collapsed\":true},\"entity\":{\"width\":-1.0,\"order\":0,\"collapsed\":false},\"status\":{\"width\":-1.0,\"order\":3,\"collapsed\":false},\"credReq\":{\"width\":-1.0,\"order\":6,\"collapsed\":true},\"credStatus::sys:password\":{\"width\":-1.0,\"order\":13,\"collapsed\":true}},\"checkBoxSettings\":{\"groupByEntities\":true,\"showTargeted\":true}}"}] > with meta [sys:Preferences, Preferences of the user, false], surname: > [Bakcsa] with meta [Surname, null, false], userName: [bakcsa] with meta > [userName, userName, false], sys:LastAuthentication: [2021-08-13T12:10:25] > with meta [sys:LastAuthentication, Stores date and time of the last > successful authentication. The format is ISO time in UTC time zone with > seconds precision, e.g.: 2011-12-03T10:15:30, false], firstname: [Zoltan] > with meta [Firstname, null, false], sys:AuthorizationRole: [System Manager] > with meta [Authorization role, Defines what operations are allowed for the > bearer. The attribute of this type defines the access in the group where it > is defined and in all subgroups. In subgroup it can be redefined to grant > more access. Roles: > > <b>System Manager</b> - System manager with all privileges. > > <b>Contents Manager</b> - Allows for performing all management operations > related to groups, entities and attributes. Also allows for reading > information about hidden attributes. > > <b>Privileged Inspector</b> - Allows for reading entities, groups and > attributes, including the attributes visible locally only. No modifications > are possible > > <b>Inspector</b> - Allows for reading entities, groups and attributes. No > modifications are possible > > <b>Regular User</b> - Allows owners for reading of the basic system > information, retrieval of information about themselves and also for > changing self managed attributes, identities and passwords > > <b>Anonymous User</b> - Allows for minimal access to the system: owners > can get basic system information and retrieve information about themselves > > , false]] > > identities=[[userName] bakcsa, [persistent] > 62eb128f-a74a-49d6-856c-30b70bacd6e7@defaultRealm, [targetedPersistent] > 8dc6fece-24a4-45b6-ad94-80f8b44c3a16 for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm, [transient] > 473eea20-47b6-4180-b02f-81559c521e4d for > 08e778e4-39a5-4a89-a5a2-ed100edf6d30@defaultRealm] > > attributesToPersist=[] > > identitiesToPersist=[] > > redirectURL=null > > 2021-08-13T12:37:16,572 [qtp620381176-33] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:17,632 [qtp620381176-29] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:24,831 [qtp620381176-33] TRACE > unity.server.oauth.OAuthGuardFilter: Ignoring request to Vaadin internal > address /oauth/oauth2-authz-web-entry/UIDL/ > > 2021-08-13T12:37:25,142 [qtp620381176-29] TRACE > unity.server.oauth.OAuthGuardFilter: Request to OAuth post-processing > address, with OAuth context: /oauth/oauth2-authz-web-entry > > 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE > unity.server.rest.AuthenticationInterceptor: Processing authenticator pwd > > 2021-08-13T12:37:25,374 [qtp620381176-29] TRACE > unity.server.rest.HttpBasicRetrievalBase: HTTP BASIC auth header found > > 2021-08-13T12:37:25,379 [qtp620381176-29] TRACE > unity.server.rest.AuthenticationInterceptor: Authenticator pwd returned deny > > 2021-08-13T12:37:25,379 [qtp620381176-29] DEBUG > unity.server.rest.AuthenticationInterceptor: Authentication set failed to > authenticate the client using flow pwd, will try another: > pl.edu.icm.unity.engine.api.authn.AuthenticationException: > AuthenticationProcessorImpl.authnFailed > > 2021-08-13T12:37:25,379 [qtp620381176-29] INFO > unity.server.rest.AuthenticationInterceptor: Authentication failed for > client > > 2021-08-13T12:37:25,380 [qtp620381176-29] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}DiscoveryResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > > 2021-08-13T12:37:25,381 [qtp620381176-29] DEBUG > unity.server.rest.EngineExceptionMapper: Access denied for rest client > > pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user > name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > > > > > Jupyter-hub logs: > ============== > > swarm-1 | [I 2021-08-13 12:46:27.940 JupyterHub log:189] 200 GET > /jupyter/hub/login?next=%2Fjupyter%2Fhub%2F (@::ffff:10.0.0.2) 3.06ms > > swarm-1 | [D 2021-08-13 12:46:28.028 JupyterHub log:189] 200 GET > /jupyter/hub/static/favicon.ico?v=fde5757cd3892b979919d3b1faa88a410f28829feb5ba22b6cf069f2c6c98675fceef90f932e49b510e74d65c681d5846b943e7f7cc1b41867422f0481085c1f > (@::ffff:10.0.0.2) 1.32ms > > swarm-1 | [I 2021-08-13 12:46:34.633 JupyterHub oauth2:111] OAuth > redirect: 'https://www.my-domain.io/jupyter/hub/oauth_callback' > > swarm-1 | [D 2021-08-13 12:46:34.633 JupyterHub base:526] Setting > cookie oauthenticator-state: {'httponly': True, 'expires_days': 1} > > swarm-1 | [I 2021-08-13 12:46:34.634 JupyterHub log:189] 302 GET > /jupyter/hub/oauth_login?next=%2Fjupyter%2Fhub%2F -> > https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=[secret]&scope=profile+openid > <https://idp.my-domain.io:2443/oauth/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fwww.my-domain.io%2Fjupyter%2Fhub%2Foauth_callback&client_id=08e778e4-39a5-4a89-a5a2-ed100edf6d30&state=%5bsecret%5d&scope=profile+openid> > (@::ffff:10.0.0.2) 1.87ms > > swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub oauth2:389] Error > fetching access token 403 POST > https://idp.my-domain.io:2443/oauth-token/token: { > > swarm-1 | "error": "AuthenticationException", > > swarm-1 | "message": "Invalid user name, credential or external > authentication failed. " > > swarm-1 | } > > swarm-1 | [E 2021-08-13 12:46:36.636 JupyterHub web:1789] Uncaught > exception GET > /jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D > (::ffff:10.0.0.2) > > swarm-1 | HTTPServerRequest(protocol='http', host='my-domain.io', > method='GET', > uri='/jupyter/hub/oauth_callback?code=pRxT-T8ySyI8UJxnRTtSShspr_GWNZvYazCWR_Nlb40&state=eyJzdGF0ZV9pZCI6ICJjMTk4OGYyMmY5ZTA0ZTQ1YWUzMTBmY2Q4MDEwMTIwMyIsICJuZXh0X3VybCI6ICIvanVweXRlci9odWIvIn0%3D', > version='HTTP/1.1', remote_ip='::ffff:10.0.0.2') > > swarm-1 | Traceback (most recent call last): > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/tornado/web.py", line 1704, in > _execute > > swarm-1 | result = await result > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 231, in get > > swarm-1 | user = await self.login_user() > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/jupyterhub/handlers/base.py", line > 754, in login_user > > swarm-1 | authenticated = await self.authenticate(data) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/jupyterhub/auth.py", line 469, in > get_authenticated_user > > swarm-1 | authenticated = await > maybe_future(self.authenticate(handler, data)) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/generic.py", line > 169, in authenticate > > swarm-1 | token_resp_json = await self._get_token(headers, > params) > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 390, in fetch > > swarm-1 | raise e > > swarm-1 | File > "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line > 369, in fetch > > swarm-1 | resp = await self.http_client.fetch(req, **kwargs) > > swarm-1 | tornado.httpclient.HTTPClientError: HTTP 403: Forbidden > > swarm-1 | > > swarm-1 | [D 2021-08-13 12:46:36.638 JupyterHub base:1285] No template > for 500 > > swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:181] { > > swarm-1 | "X-Forwarded-Proto": "http", > > swarm-1 | "X-Forwarded-Port": "80", > > swarm-1 | "Connection": "close", > > swarm-1 | "X-Forwarded-Server": "my-domain.io", > > swarm-1 | "X-Forwarded-Host": "my-domain.io", > > swarm-1 | "X-Forwarded-For": "82.218.144.186,::ffff:10.0.0.2", > > swarm-1 | "Cookie": > "_shibsession_64656661756c7468747470733a2f2f706f6c61727465702e696f2f73686962626f6c657468=[secret]; > jupyterhub-session-id=[secret]; _xsrf=[secret]; > oauthenticator-state=[secret]", > > swarm-1 | "Accept-Language": "en-US,en;q=0.9,hu;q=0.8,de;q=0.7", > > swarm-1 | "Accept-Encoding": "gzip, deflate, br", > > swarm-1 | "Referer": https://idp.my-domain.io:2443/, > > swarm-1 | "Sec-Ch-Ua-Mobile": "?0", > > swarm-1 | "Sec-Ch-Ua": "\"Chromium\";v=\"92\", \" Not > A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\"", > > swarm-1 | "Sec-Fetch-Dest": "document", > > swarm-1 | "Sec-Fetch-User": "?1", > > swarm-1 | "Sec-Fetch-Mode": "navigate", > > swarm-1 | "Sec-Fetch-Site": "same-site", > > swarm-1 | "Accept": > "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", > > swarm-1 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; > x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 > Safari/537.36 Edg/92.0.902.73", > > swarm-1 | "Upgrade-Insecure-Requests": "1", > > swarm-1 | "Cache-Control": "max-age=0", > > swarm-1 | "Host": "my-domain.io" > > swarm-1 | } > > swarm-1 | [E 2021-08-13 12:46:36.640 JupyterHub log:189] 500 GET > /jupyter/hub/oauth_callback?code=[secret]&state=[secret] (@::ffff:10.0.0.2) > 72.98ms > > > > > > *From:* Roman Krysiński <ro...@un...> > *Sent:* Friday, August 13, 2021 11:54 AM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* *****SPAM***** Re: [Unity-idm-discuss] OpenID connect - > Jupyter hub Invalid user name, credential or external authentication failed > > > > > > HI Zoltan, > > > > Just check the scenario manually on my local environment for the version > you are using, but I was not able to reproduce the problem. > > > > In order to proceed further with investigation, please enable the logging > for the rest subsystem to the trace level, do a re-test of your scenario > and provide the log records from the unity. > > > > To enable trace logging for rest, make sure to have the following in > log4j2.xml file > > <Logger name="unity.server.rest" level="TRACE"/> > > Also if you could enable the trace logging for Jupyter and provide output > that would be helpful. One thing which is puzzling me is why the oauth > client queries the revocation endpoint after login? > > > > Thank you, > > Roman > > > > *From:* Roman Krysiński <ro...@un...> > *Sent:* Thursday, August 12, 2021 12:02 PM > *To:* ba...@aw... > *Cc:* Unity ML <uni...@li...> > *Subject:* Re: [Unity-idm-discuss] OpenID connect - Jupyter hub Invalid > user name, credential or external authentication failed > > > > HI Zoltan, > > > > This is to let you know that we are working on this, and we will let you > know after investigation. > > > > Thanks for reaching out to the community. > > Roman > > > > śr., 11 sie 2021 o 17:34 <ba...@aw...> napisał(a): > > Dear Unity community, > > > > I’m trying to integrate Jupyter hub with Unity-idm. My goal is to > authenticate users using OpenID Connect. > > > > Unity version: > > 3.2.3 > > > > Relevant configuration: > > Identity Provider - General tab: https://snipboard.io/WXrU3V.jpg > > Identity Provider - Clients tab: https://snipboard.io/pTxEek.jpg > > Jupyter-hub-client: https://snipboard.io/6olp81.jpg > > > > Relevant part of jupyterhub_config.py: > > > > c.GenericOAuthenticator.client_id="removed " > > c.GenericOAuthenticator.client_secret="removed" > > c.GenericOAuthenticator.oauth_callback_url= > https://www.mydomain.io/jupyter/hub/oauth_callback > > c.GenericOAuthenticator.authorize_url= > https://idp.mydomain.io:2443/oauth/oauth2-authz > > c.GenericOAuthenticator.token_url= > https://idp.mydomain.io:2443/oauth-token/token > > c.GenericOAuthenticator.userdata_url= > https://idp.mydomain.io:2443/oauth-token/userinfo > > c.GenericOAuthenticator.username_key="userName" > > #c.GenericOAuthenticator.userdata_params.state="state" > > c.GenericOAuthenticator.userdata_params = {'state': 'state'} > > c.GenericOAuthenticator.scope = ['profile','openid'] > > > > I’ve double checked the client_id and secret many times, I’m pretty sure > they are correct. > > What happens: > > 1. Go to https://mydomain.io/jupyter/ > 2. Click on “Sign in with OAuth 2.0” button > 3. Redirect to unity at > https://idp.mydomain.io:2443/oauth/oauth2-authz-web-entry > 4. Login with my username/password > 5. Confirmation dialog: https://snipboard.io/XG5Ui8.jpg > 6. After clicking on the Confirm button I get redirected to Jupyter > hub where I get a “500: Internal Server Error”. > > > > Checking unity logs I see the following warning: > > WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > (Full stack trace at the end of the email.) > > > > This message does not tell much to me, all credentials are correct that I > configured. > > Could someone help me out? Did I misconfigure something? > > > > Cheers, > > Zoltan Bakcsa > > > > > > 2021-08-11T14:30:40,648 [qtp1132146097-94] WARN > org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for { > http://token.as.oauth.unity.icm.edu.pl/}RevocationResource has thrown > exception, unwinding now > > org.apache.cxf.interceptor.Fault: Invalid user name, credential or > external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:118) > ~[unity-server-rest-3.2.3.jar:?] > > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > ~[cxf-core-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > ~[javax.servlet-api-3.1.0.jar:3.1.0] > > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > ~[cxf-rt-transports-http-3.3.1.jar:3.3.1] > > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:310) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:264) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:472) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:325) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:295) > ~[jetty-servlets-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1296) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > ~[jetty-servlet-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1211) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:58) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) > ~[jetty-rewrite-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:717) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at org.eclipse.jetty.server.Server.handle(Server.java:500) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) > ~[unity-server-engine-3.2.3.jar:?] > > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:386) > ~[jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:562) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:378) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) > [jetty-server-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > [jetty-io-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > [jetty-util-9.4.22.v20191022.jar:9.4.22.v20191022] > > at java.lang.Thread.run(Thread.java:829) [?:?] > > Caused by: pl.edu.icm.unity.engine.api.authn.AuthenticationException: > Invalid user name, credential or external authentication failed. > > at > pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:109) > ~[unity-server-rest-3.2.3.jar:?] > > ... 56 more > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > |
