Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
|
Nov
|
Dec
|
|
From: Sander A. <sa....@fz...> - 2025-05-05 10:46:09
|
Hi Roman, yes this solved the issue. Maybe mention this change also in the 4.2.3. From 3.LATEST to 4.0 section. We did not recognized this changes because it was not listed here. But I'm not sure how many instances customized the messages. Best regards, Sander On Tue, 2025-04-29 at 09:06 +0200, Roman Krysiński wrote: > Hi Sander, > > Good question, as far as I can see in the code, in Unity-IdM 4, authN > screen can be tweaked in web endpoint configuration file. > The equivalent you are looking for seems to > be unity.endpoint.web.authnScreenTitle. For more information please > have a > look https://www.unity-idm.eu/documentation/unity-4.1.1/manual.html#e > ndpoints-authn > > Note that if the aforementioned is not configured > the AuthenticationUI.login message is taken as default. > > Please let me know if that answers your question. > > Kind regards, > Roman > > > czw., 24 kwi 2025 o 13:03 Sander Apweiler <sa....@fz...> > napisał(a): > > Hi Krzysztof, > > hi Roman, > > > > in unity 3, we were able to change the text on the "login screens" > > on > > the different endpoints by updating the AuthenticationUI.login > > parameter in message properties file. It seems this has changed in > > unity version 4. Is there any possibility to update the default > > messages? > > > > Best regards, > > Sander > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2025-04-29 07:07:14
|
Hi Sander, Good question, as far as I can see in the code, in Unity-IdM 4, authN screen can be tweaked in web endpoint configuration file. The equivalent you are looking for seems to be unity.endpoint.web.authnScreenTitle. For more information please have a look https://www.unity-idm.eu/documentation/unity-4.1.1/manual.html#endpoints-authn Note that if the aforementioned is not configured the AuthenticationUI.login message is taken as default. Please let me know if that answers your question. Kind regards, Roman czw., 24 kwi 2025 o 13:03 Sander Apweiler <sa....@fz...> napisał(a): > Hi Krzysztof, > hi Roman, > > in unity 3, we were able to change the text on the "login screens" on > the different endpoints by updating the AuthenticationUI.login > parameter in message properties file. It seems this has changed in > unity version 4. Is there any possibility to update the default > messages? > > Best regards, > Sander > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Dr. Stephanie Bauer (stellvertretende Vorsitzende), > Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Krzysztof B. <kb...@un...> - 2025-04-25 12:24:31
|
Dear Subscribers,
A small patch release with one fix was published today:
* Fixed error related to authentication with Unity, when value-less
query parameters were used
Details are available here: https://unity-idm.eu/releases/release-4-1-1/
Best regards,
Krzysztof
|
|
From: Sander A. <sa....@fz...> - 2025-04-24 11:03:15
|
Hi Krzysztof, hi Roman, in unity 3, we were able to change the text on the "login screens" on the different endpoints by updating the AuthenticationUI.login parameter in message properties file. It seems this has changed in unity version 4. Is there any possibility to update the default messages? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2025-04-17 19:40:23
|
Hi Sander, W dniu 14.04.2025 o 16:06, Sander Apweiler pisze: > Hi Krzysztof, hi Roman, > is there a possibility to set the NameFormat of attributes, released by > unity? By default it uses urn:oasis:names:tc:SAML:2.0:attrname- > format:unspecified but we have a client which would require > urn:oasis:names:tc:SAML:2.0:attrname-format:uri. Unfortunately no, we don't set NameFormat. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2025-04-17 19:15:51
|
Hi Sander, W dniu 17.04.2025 o 11:24, Sander Apweiler pisze: > Hello Krzysztof, hello Roman, > do you have any update? We got a lot of tickets from users and also the > service provider is already asking when this would be solved. > We have the fix for this issue, not released yet. Will it be suitable, if it goes out in 4.*1*.1 release? Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2025-04-17 09:25:20
|
Hello Krzysztof, hello Roman, do you have any update? We got a lot of tickets from users and also the service provider is already asking when this would be solved. Best regards, Sander On Mon, 2025-04-14 at 08:44 +0200, Sander Apweiler wrote: > Hi Krzysztof, hi Roman, > it loks like there is still an issue in the login process. > > > For some service, so far only for public client with PKCE reproduced, > we got a NullPointer Exception after being redirected from Home IdP: > > > HTTP ERROR 500 java.lang.NullPointerException: Cannot invoke > "String.replace(java.lang.CharSequence, java.lang.CharSequence)" > because "arg" is null > URI: /unitygw/spSAMLResponseConsumer > STATUS: 500 > MESSAGE: java.lang.NullPointerException: Cannot invoke > "String.replace(java.lang.CharSequence, java.lang.CharSequence)" > because "arg" is null > SERVLET: pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet > -6666410a > CAUSED BY: java.lang.NullPointerException: Cannot invoke > "String.replace(java.lang.CharSequence, java.lang.CharSequence)" > because "arg" is null > Caused by: > > java.lang.NullPointerException: Cannot invoke > "String.replace(java.lang.CharSequence, java.lang.CharSequence)" > because "arg" is null > at > pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.decodePlusIntoSpace > (URIBuilderFixer.java:40) > at > pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.lambda$newInstance$ > 0(URIBuilderFixer.java:31) > at > java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipe > line.java:197) > at > java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(A > rrayList.java:1708) > at > java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline > .java:509) > at > java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractP > ipeline.java:499) > at > java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Redu > ceOps.java:921) > at > java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline > .java:234) > at > java.base/java.util.stream.ReferencePipeline.collect(ReferencePipelin > e.java:682) > at > pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.newInstance(URIBuil > derFixer.java:32) > at > pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.newInstance(URIBuil > derFixer.java:24) > at > pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet.getRedirectWithC > ontextIdParam(SAMLResponseConsumerServlet.java:83) > at > pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet.postProcessRespo > nse(SAMLResponseConsumerServlet.java:76) > at > pl.edu.icm.unity.saml.SamlHttpResponseServlet.process(SamlHttpRespons > eServlet.java:67) > at > pl.edu.icm.unity.saml.SamlHttpResponseServlet.doPost(SamlHttpResponse > Servlet.java:42) > at > jakarta.servlet.http.HttpServlet.service(HttpServlet.java:547) > at > jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) > at > org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.jav > a:736) > at > org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(Servl > etHandler.java:1614) > at > org.eclipse.jetty.ee10.servlets.CrossOriginFilter.handle(CrossOriginF > ilter.java:317) > at > org.eclipse.jetty.ee10.servlets.CrossOriginFilter.doFilter(CrossOrigi > nFilter.java:270) > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.jav > a:205) > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletH > andler.java:1586) > at > io.imunity.vaadin.endpoint.common.InvocationContextSetupFilter.doFilt > er(InvocationContextSetupFilter.java:67) > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.jav > a:205) > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletH > andler.java:1586) > at > io.imunity.vaadin.endpoint.common.RemoteRedirectedAuthnResponseProces > singFilter.doFilter(RemoteRedirectedAuthnResponseProcessingFilter.jav > a:48) > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.jav > a:205) > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletH > andler.java:1586) > at > org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(Se > rvletHandler.java:1547) > at > org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel > .java:814) > at > org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.j > ava:431) > at > org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.j > ava:464) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.jav > a:571) > at > org.eclipse.jetty.ee10.servlet.SessionHandler.handle(SessionHandler.j > ava:703) > at > org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler > .java:765) > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIP > SettingHandler.java:67) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Cont > extHandlerCollection.java:181) > at > org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.hand > le(RewriteHandler.java:159) > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > at > org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPa > tternRule.java:89) > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandle > r.java:143) > at > org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.hand > le(RewriteHandler.java:159) > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > at > org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPa > tternRule.java:89) > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandle > r.java:143) > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler. > java:597) > at > org.eclipse.jetty.server.Handler$Wrapper.handle(Handler.java:716) > at > pl.edu.icm.unity.engine.server.TraceBlockingHandler.handle(TraceBlock > ingHandler.java:34) > at org.eclipse.jetty.server.Server.handle(Server.java:179) > at > org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run > (HttpChannelState.java:619) > at > org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConne > ction.java:411) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra > ctConnection.java:322) > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) > at > org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConn > ection.java:574) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java: > 390) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java > :150) > at > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) > at > org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChanne > lEndPoint.java:53) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runT > ask(AdaptiveExecutionStrategy.java:478) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.cons > umeTask(AdaptiveExecutionStrategy.java:441) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryP > roduce(AdaptiveExecutionStrategy.java:293) > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run( > AdaptiveExecutionStrategy.java:201) > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.r > un(ReservedThreadExecutor.java:410) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo > l.java:971) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(Queued > ThreadPool.java:1201) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThrea > dPool.java:1156) > at java.base/java.lang.Thread.run(Thread.java:1583) > > > The exception is shown in the browser to the users and we see it in > the > logs. We can reproduce this with the service > https://sensors.gfz-potsdam.de/ > > Best regards, > Sander > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2025-04-14 14:06:37
|
Hi Krzysztof, hi Roman, is there a possibility to set the NameFormat of attributes, released by unity? By default it uses urn:oasis:names:tc:SAML:2.0:attrname- format:unspecified but we have a client which would require urn:oasis:names:tc:SAML:2.0:attrname-format:uri. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2025-04-14 06:44:53
|
Hi Krzysztof, hi Roman, it loks like there is still an issue in the login process. For some service, so far only for public client with PKCE reproduced, we got a NullPointer Exception after being redirected from Home IdP: HTTP ERROR 500 java.lang.NullPointerException: Cannot invoke "String.replace(java.lang.CharSequence, java.lang.CharSequence)" because "arg" is null URI: /unitygw/spSAMLResponseConsumer STATUS: 500 MESSAGE: java.lang.NullPointerException: Cannot invoke "String.replace(java.lang.CharSequence, java.lang.CharSequence)" because "arg" is null SERVLET: pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet-6666410a CAUSED BY: java.lang.NullPointerException: Cannot invoke "String.replace(java.lang.CharSequence, java.lang.CharSequence)" because "arg" is null Caused by: java.lang.NullPointerException: Cannot invoke "String.replace(java.lang.CharSequence, java.lang.CharSequence)" because "arg" is null at pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.decodePlusIntoSpace(URIBuilderFixer.java:40) at pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.lambda$newInstance$0(URIBuilderFixer.java:31) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1708) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921) at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) at pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.newInstance(URIBuilderFixer.java:32) at pl.edu.icm.unity.engine.api.utils.URIBuilderFixer.newInstance(URIBuilderFixer.java:24) at pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet.getRedirectWithContextIdParam(SAMLResponseConsumerServlet.java:83) at pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet.postProcessResponse(SAMLResponseConsumerServlet.java:76) at pl.edu.icm.unity.saml.SamlHttpResponseServlet.process(SamlHttpResponseServlet.java:67) at pl.edu.icm.unity.saml.SamlHttpResponseServlet.doPost(SamlHttpResponseServlet.java:42) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:547) at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) at org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) at org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1614) at org.eclipse.jetty.ee10.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:317) at org.eclipse.jetty.ee10.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:270) at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) at io.imunity.vaadin.endpoint.common.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:67) at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) at io.imunity.vaadin.endpoint.common.RemoteRedirectedAuthnResponseProcessingFilter.doFilter(RemoteRedirectedAuthnResponseProcessingFilter.java:48) at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) at org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1547) at org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:814) at org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:431) at org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:464) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571) at org.eclipse.jetty.ee10.servlet.SessionHandler.handle(SessionHandler.java:703) at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:765) at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:597) at org.eclipse.jetty.server.Handler$Wrapper.handle(Handler.java:716) at pl.edu.icm.unity.engine.server.TraceBlockingHandler.handle(TraceBlockingHandler.java:34) at org.eclipse.jetty.server.Server.handle(Server.java:179) at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:619) at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:411) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) at org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:574) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:390) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:150) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:478) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:441) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:201) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:410) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156) at java.base/java.lang.Thread.run(Thread.java:1583) The exception is shown in the browser to the users and we see it in the logs. We can reproduce this with the service https://sensors.gfz-potsdam.de/ Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2025-04-10 10:09:44
|
Hi Sander, This should be fixed in 4.0.6 release. Best regards, Roman czw., 10 kwi 2025 o 11:26 Sander Apweiler <sa....@fz...> napisał(a): > Hello Roman, > we have some further information from another users. Not sure if this > is still relevant or already fixed with 4.0.6 release. It seems that > unity adds a second ? in the URL when trying to redirect to the IdP: > > https://login.helmholtz.de/oauth2-as/authentication?x-client-ver=8.0.0.0&x-client-SKU=ID_NET472?redirectToIdP=81c6ea9e-fe8b-4f71-8906-56b2cd76607d > > Best regards, > Sander > > > On Thu, 2025-03-27 at 14:57 +0100, Roman Krysiński wrote: > > Hello Sander, > > > > Thank you for reproduction steps, those are essential to find the > > root cause. > > > > We are working on it. > > > > Best regards, > > Roman > > > > czw., 27 mar 2025 o 14:03 Sander Apweiler <sa....@fz...> > > napisał(a): > > > Hello Krzysztof, hello Roman, > > > > > > yesterday we moved to unity 4.0.5 after testing the release in a > > > broader audience but still not that close to our production > > > environment. Sadly we now get again an increasing number of tickets > > > about login fails and errors where the browsers are not allowed to > > > show > > > the unity page. > > > > > > The redirect loop happens on the WAYF/discovery page if the service > > > is > > > a public client. E.g. https://sensors.gfz-potsdam.de/ > > > > > > If the users have a broken login, for example due to the first > > > problem, > > > and start using another service, even confidential services, the > > > browser shows the error about not being allowed to show the page. > > > 1. Go To another service, e.g. https://codebase.helmholtz.cloud/ > > > 2. Select Login with Helmholtz ID > > > 3. Select an IdP from the WAYF/discovery page > > > > > > Please let us know if we can provide you any further information. > > > > > > Best regards, > > > Sander > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Dr. Stephanie Bauer (stellvertretende Vorsitzende), > Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Krzysztof B. <kb...@un...> - 2025-04-10 09:40:22
|
Dear Subscribers,
A new feature release was published today.
The 4.1.0 release focuses on improving authentication, with a particular
emphasis on better MFA handling.
* *Authentication Method Reference (AMR)* support: Administrators can
now utilize information on active AMRs in the configuration of
dynamic attributes and claims returned by any IdP endpoint.
* OAuth IdP recognizes *requested ACRs* (Authentication Context
References).
* OAuth and SAML *authenticators can request ACRs*: Requests can be
fixed (set in configuration) or dynamic, forwarding the requested
ACR from the downstream client (useful for proxy IdP scenarios).
* Unity now returns the *auth_time* claim.
Additionally, Unity introduces a proprietary feature allowing OAuth
clients to specify a whitelist of claims, effectively filtering the
returned claims to only those values deemed relevant.
All relevant resources are linked from the release page:
https://unity-idm.eu/releases/release-4-1-0/
Thank you,
Krzysztof
|
|
From: Sander A. <sa....@fz...> - 2025-04-10 09:26:23
|
Hello Roman, we have some further information from another users. Not sure if this is still relevant or already fixed with 4.0.6 release. It seems that unity adds a second ? in the URL when trying to redirect to the IdP: https://login.helmholtz.de/oauth2-as/authentication?x-client-ver=8.0.0.0&x-client-SKU=ID_NET472?redirectToIdP=81c6ea9e-fe8b-4f71-8906-56b2cd76607d Best regards, Sander On Thu, 2025-03-27 at 14:57 +0100, Roman Krysiński wrote: > Hello Sander, > > Thank you for reproduction steps, those are essential to find the > root cause. > > We are working on it. > > Best regards, > Roman > > czw., 27 mar 2025 o 14:03 Sander Apweiler <sa....@fz...> > napisał(a): > > Hello Krzysztof, hello Roman, > > > > yesterday we moved to unity 4.0.5 after testing the release in a > > broader audience but still not that close to our production > > environment. Sadly we now get again an increasing number of tickets > > about login fails and errors where the browsers are not allowed to > > show > > the unity page. > > > > The redirect loop happens on the WAYF/discovery page if the service > > is > > a public client. E.g. https://sensors.gfz-potsdam.de/ > > > > If the users have a broken login, for example due to the first > > problem, > > and start using another service, even confidential services, the > > browser shows the error about not being allowed to show the page. > > 1. Go To another service, e.g. https://codebase.helmholtz.cloud/ > > 2. Select Login with Helmholtz ID > > 3. Select an IdP from the WAYF/discovery page > > > > Please let us know if we can provide you any further information. > > > > Best regards, > > Sander > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2025-03-31 13:49:58
|
Sander, W dniu 27.03.2025 o 14:02, Sander Apweiler pisze: > Hello Krzysztof, hello Roman, > > yesterday we moved to unity 4.0.5 after testing the release in a > broader audience but still not that close to our production > environment. Sadly we now get again an increasing number of tickets > about login fails and errors where the browsers are not allowed to show > the unity page. > > The redirect loop happens on the WAYF/discovery page if the service is > a public client. E.g. https://sensors.gfz-potsdam.de/ > > If the users have a broken login, for example due to the first problem, > and start using another service, even confidential services, the > browser shows the error about not being allowed to show the page. > 1. Go To another service, e.g. https://codebase.helmholtz.cloud/ > 2. Select Login with Helmholtz ID > 3. Select an IdP from the WAYF/discovery page > The main part of the problem should be addressed in 4.0.6. We are aware of another - similar - problem, however this other one happens rarely, perhaps some hard to find race condition. Nevertheless 4.0.6 should greatly improve stability in your case. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2025-03-31 13:47:49
|
Dear Subscribers,
A subsequent patch release, improving version 4 stability was published.
Two problems were addressed in this patch release:
* *Page opening errors when authenticating using Unity as IdP*
* *Fixed creation of subgroups in UpMan which are designated as
sub-projects*
For the complete list see the changelog. All the details are available
at https://unity-idm.eu/releases/release-4-0-6/
Best,
Krzysztof
|
|
From: Roman K. <ro...@un...> - 2025-03-27 13:58:31
|
Hello Sander, Thank you for reproduction steps, those are essential to find the root cause. We are working on it. Best regards, Roman czw., 27 mar 2025 o 14:03 Sander Apweiler <sa....@fz...> napisał(a): > Hello Krzysztof, hello Roman, > > yesterday we moved to unity 4.0.5 after testing the release in a > broader audience but still not that close to our production > environment. Sadly we now get again an increasing number of tickets > about login fails and errors where the browsers are not allowed to show > the unity page. > > The redirect loop happens on the WAYF/discovery page if the service is > a public client. E.g. https://sensors.gfz-potsdam.de/ > > If the users have a broken login, for example due to the first problem, > and start using another service, even confidential services, the > browser shows the error about not being allowed to show the page. > 1. Go To another service, e.g. https://codebase.helmholtz.cloud/ > 2. Select Login with Helmholtz ID > 3. Select an IdP from the WAYF/discovery page > > Please let us know if we can provide you any further information. > > Best regards, > Sander > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Dr. Stephanie Bauer (stellvertretende Vorsitzende), > Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2025-03-27 13:03:04
|
Hello Krzysztof, hello Roman, yesterday we moved to unity 4.0.5 after testing the release in a broader audience but still not that close to our production environment. Sadly we now get again an increasing number of tickets about login fails and errors where the browsers are not allowed to show the unity page. The redirect loop happens on the WAYF/discovery page if the service is a public client. E.g. https://sensors.gfz-potsdam.de/ If the users have a broken login, for example due to the first problem, and start using another service, even confidential services, the browser shows the error about not being allowed to show the page. 1. Go To another service, e.g. https://codebase.helmholtz.cloud/ 2. Select Login with Helmholtz ID 3. Select an IdP from the WAYF/discovery page Please let us know if we can provide you any further information. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: piotrpiernik <pio...@gm...> - 2025-03-18 08:54:21
|
Dear Laura Thank you for problems reporting. 1. Yes, i confirm the problem with creating subproject. We will provide the fix in next release 2. Could you please check the home endpoint config, - are this enquiry forms included in "Enabled enquiry forms" property? Best regards Piotr > > On 14 mar 2025 at 15:37, Laura Hofer <l....@fz...> wrote: > > > Hi Krzysztof, Hi Roman, > > while testing Unity 4.0.5, we noticed the following problems: > Firstly, when creating subprojects on the Upman endpoint, the projects > are always created as subgroups first and not as subprojects, although > this was specified when they were created. However, as soon as the > subgroup is created, it can be configured as a subproject. > Secondly, we have a problem with the display of the Account Update > feature on the Home endpoint. Old join enquiries and newly created ones > are no longer displayed on the home endpoint. Do we need to reconfigure > anything? The problem has existed since at least version 4.0.4. > > Kind regards, > Laura > > -- > Juelich Supercomputing Centre > Institute for Advanced Simulation > Forschungszentrum Juelich GmbH > 52425 Juelich, Germany > E-Mail: l....@fz... > Phone: +49 2461 61-6576 > Fax: +49 2461 61-6656 > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Laura H. <l....@fz...> - 2025-03-14 14:37:02
|
Hi Krzysztof, Hi Roman, while testing Unity 4.0.5, we noticed the following problems: Firstly, when creating subprojects on the Upman endpoint, the projects are always created as subgroups first and not as subprojects, although this was specified when they were created. However, as soon as the subgroup is created, it can be configured as a subproject. Secondly, we have a problem with the display of the Account Update feature on the Home endpoint. Old join enquiries and newly created ones are no longer displayed on the home endpoint. Do we need to reconfigure anything? The problem has existed since at least version 4.0.4. Kind regards, Laura -- Juelich Supercomputing Centre Institute for Advanced Simulation Forschungszentrum Juelich GmbH 52425 Juelich, Germany E-Mail: l....@fz... Phone: +49 2461 61-6576 Fax: +49 2461 61-6656 ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2025-03-10 12:27:05
|
Hi Hubert, Thanks for this offer! You can contribute translations in here: https://hosted.weblate.org/projects/unity-idm/ Also, we will need to enable Spanish locale as one with provided translations. That's trivial, I'll open a ticket to get it done. Best, Krzysztof W dniu 10.03.2025 o 09:56, Hubert Siejkowski pisze: > Dear Krzysztof, > dear Roman, > > We’re rolling out language support for our Spanish users of our > platform and were wondering if it’s possible to add Spanish > localisation in Unity-IdM. If there is no existing localisation, how > can we help out with translating some of the basic phrases? > > All the best, > Hubert > > ACC Cyfronet of the AGH University of Krakow > Interdisciplinary Scientific Computing Laboratory > www.cyfronet.pl > > --- > Uprzejmie informujemy, że: > 1. Administratorem danych osobowych przekazanych przez Panią/Pana w > korespondencji e-mail jest Akademia Górniczo-Hutnicza im. Stanisława > Staszica w Krakowie (Akademickie Centrum Komputerowe Cyfronet AGH), > al. A. Mickiewicza 30, 30-059 Kraków, REGON: 00000157700022, NIP: > 6750001923. > 2. Pani/Pana dane osobowe przetwarzane są w celu załatwienia sprawy > będącej przedmiotem wiadomości, w tym w celu niezbędnego kontaktu > z Panią/Panem. > 3. Ma Pani/Pan prawo żądania od Administratora dostępu do swoich > danych osobowych, ich sprostowania, usunięcia, przenoszenia, > ograniczenia ich przetwarzania, prawo do cofnięcia zgody na > przetwarzanie oraz prawo wniesienia sprzeciwu wobec przetwarzania – w > przypadkach i na warunkach określonych w ogólnym rozporządzeniu > o ochronie danych osobowych z dnia 27 kwietnia 2016 r. (RODO). > 4. Ze szczegółowymi informacjami na temat przetwarzania Pani/Pana > danych osobowych można zapoznać się tutaj > (https://www.cyfronet.pl/16906,artykul,ochrona_danych.html). > > Ta wiadomość i jej treść są zastrzeżone w zakresie wskazanym na > stronie internetowej http://www.cyfronet.pl/stopka/ > This e-mail and its content are reserved to the extent indicated on > the website http://www.cyfronet.pl/stopka/ > Diese Nachricht und ihr Inhalt sind in dem auf der Website angegebenen > Umfang vorbehalten http://www.cyfronet.pl/stopka/ > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss |
|
From: Hubert S. <hub...@cy...> - 2025-03-10 08:56:19
|
Dear Krzysztof, dear Roman, We’re rolling out language support for our Spanish users of our platform and were wondering if it’s possible to add Spanish localisation in Unity-IdM. If there is no existing localisation, how can we help out with translating some of the basic phrases? All the best, Hubert ACC Cyfronet of the AGH University of Krakow Interdisciplinary Scientific Computing Laboratory www.cyfronet.pl --- Uprzejmie informujemy, że: 1. Administratorem danych osobowych przekazanych przez Panią/Pana w korespondencji e-mail jest Akademia Górniczo-Hutnicza im. Stanisława Staszica w Krakowie (Akademickie Centrum Komputerowe Cyfronet AGH), al. A. Mickiewicza 30, 30-059 Kraków, REGON: 00000157700022, NIP: 6750001923. 2. Pani/Pana dane osobowe przetwarzane są w celu załatwienia sprawy będącej przedmiotem wiadomości, w tym w celu niezbędnego kontaktu z Panią/Panem. 3. Ma Pani/Pan prawo żądania od Administratora dostępu do swoich danych osobowych, ich sprostowania, usunięcia, przenoszenia, ograniczenia ich przetwarzania, prawo do cofnięcia zgody na przetwarzanie oraz prawo wniesienia sprzeciwu wobec przetwarzania – w przypadkach i na warunkach określonych w ogólnym rozporządzeniu o ochronie danych osobowych z dnia 27 kwietnia 2016 r. (RODO). 4. Ze szczegółowymi informacjami na temat przetwarzania Pani/Pana danych osobowych można zapoznać się tutaj (https://www.cyfronet.pl/16906,artykul,ochrona_danych.html). Ta wiadomość i jej treść są zastrzeżone w zakresie wskazanym na stronie internetowej http://www.cyfronet.pl/stopka/ This e-mail and its content are reserved to the extent indicated on the website http://www.cyfronet.pl/stopka/ Diese Nachricht und ihr Inhalt sind in dem auf der Website angegebenen Umfang vorbehalten http://www.cyfronet.pl/stopka/ |
|
From: Krzysztof B. <kb...@un...> - 2025-03-06 12:26:24
|
Dear Subscribers, A subsequent patch release, improving version 4 stability was published. The most important bugfixes in this patch release: * *Fixed auto-proxy authentication feature* * *Fixed loading of IdPs from SAML metadata w/o expected names set* For the complete list see the changelog. All the details are available at https://unity-idm.eu/releases/release-4-0-5/ Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2025-03-05 08:57:28
|
Dear Krzysztof, dear Roman, we have the issue about NullPointer Exceptions (Cannot invoke "String.compareToIgnoreCase(String)" because "thisName" is null) while the login endpoints are loaded. We encountered the problem to one SAML federation, which is our main login source. Can we do anything in the configuration to avoid this problem. At the moment no login is possible. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2025-02-03 21:44:38
|
W dniu 22.01.2025 o 08:54, Sander Apweiler pisze: > Good morning Krzysztof, > I'm sorry for the delay. I tried to reproduce the issue on my site. > Sadly I was not able to reproduce it and did not got any feedback from > users so far. Which configuration do you need? > I'd need to know what happened on user's end. In particular how this situation looked in web browser's console (and naturally on its main UI) Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2025-02-03 21:42:56
|
W dniu 22.01.2025 o 09:39, Sander Apweiler pisze: > Good morning Krzysztof, > good morning Roman, > at the moment we have some issues with increasing memory usage of > unity. It seems that we have a growing number of initiated but not > finalised logins. Is there any possibility to cancel and clean up those > stucked logins in a shorter timeframe? Hi Sander, So it depends a bit on what are the dominant cases when a login is abandoned. Assuming we have a simple situation, that someone hits Unity sign-in page, and closes a browser tab, then what happens is that HTTP session needs to be shut down. This should be governed by the realm configuration of the endpoint. You have there login session timeout. HTTP session timeout is roughly synced with it. HTH, Krzysztof |
|
From: Roman K. <ro...@un...> - 2025-01-31 07:00:44
|
Hi Sander, Sorry to be long in my replay. Thank you very much for the reproduction steps, this issue has been on our radar for a long time, and we did address one issue that contributes to the problem. This will be released in our next minor version, however we are monitoring this and looking forward to your feedback once the new version is deployed. Best regards, Roman pt., 17 sty 2025 o 13:39 Sander Apweiler <sa....@fz...> napisał(a): > Hello Krzysztof, > luckily we are able to reproduce the "Can't Open This Page" problem. I > attached some screenshots from the network console as well. > > How to reproduce it: > - Start authN session in a browser tab (being on IdP selection page is > fine) > - Open a second browser tab > - Start a new authN session in second browser tab from the same > service, like you did in in the first tab > - Select your IdP > > Before the user is forwarded the browser error is shown. It happens on > both protocols SAML and OAuth between unity and downstream service. It > seems that it is triggered from "offline-stub.html" file > > Best regards, > Sander > > On Thu, 2025-01-02 at 17:51 +0100, Krzysztof Benedyczak wrote: > > > > Hi Sander, > > > > > > > > > > I hope you had nice holidays, and happy new year! > > > > > > > > > > Can you please clarify the two of your issues: > > > > > > > > > > W dniu 20.12.2024 o 11:25, Sander Apweiler pisze: > > > > > > > > > > - After selecting the remote IdP, browsers sometimes shows errors > > > about > > > not allowed to show the content. Sounds a bit like CSP problems. > > > > > > > Can you please describe this in more details? What does it mean > > "selecting"? user clicks on an entry in grid, or tries to sign in to > > it? Can we get some screenshot with dev tools network tab opened? > > > > > > > > > > > > > > - Attributes without a display name are empty in the "Add > > > attributes" > > > list if they are selected > > > > > > > Can you specify about which place of the app you are referring to? > > > > Thank you, > > Krzysztof > > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Dr. Stephanie Bauer (stellv. Vorsitzende), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
