Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
(1) |
Nov
|
Dec
|
|
From: Roman K. <ro...@un...> - 2021-07-26 11:45:56
|
Good morning Sander, Are you referring to the logo on the authentication screen? If so, then the logo for each endpoint can be set either via Console or configuration file. In the console: Identity Provider -> Endpoints -> Select specific endpoint -> Enter "Users Authentication" tab -> Go to Presentation section -> here you can either upload a local image or provide a link to remote one. If it comes to configuration file, the specific endpoint's configuration option to set, is "unity.endpoint.web.authnScreenLogo" (for more information please take a look at Unity doc: http://www.unity-idm.eu/documentation/unity-3.5.2/manual.html#_common_options_for_endpoints ) More sophisticated look and feel requirements can be achieved by customizations and branding. <http://www.unity-idm.eu/documentation/unity-3.5.2/manual.html#branding> Please let me know if you have any questions. Best regards, Roman pon., 26 lip 2021 o 11:03 Sander Apweiler <sa....@fz...> napisał(a): > Good morning Krzysztof, > > we have a community, using our unity instance with dedicated endpoints. > The community want to have their logo inplace instead of the default > logo on this instance. > > I already inspected the template ans found that the is set in the body- > main-ui.ftl, being more precise in the executed code and via styles.css > > Is there an easy way to to exchange the logo only on single endpoints, > without coping the whole theme and replacing the logo? > > I know the unity.endpoint.web.template parameter but within I would > need to call the body-main-ui.ftl. > > Do you have another idea about this issue? > > Cheers, > Sander > -- > Federated Systems and Data > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Volker Rieke > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2021-07-26 09:03:42
|
Good morning Krzysztof, we have a community, using our unity instance with dedicated endpoints. The community want to have their logo inplace instead of the default logo on this instance. I already inspected the template ans found that the is set in the body- main-ui.ftl, being more precise in the executed code and via styles.css Is there an easy way to to exchange the logo only on single endpoints, without coping the whole theme and replacing the logo? I know the unity.endpoint.web.template parameter but within I would need to call the body-main-ui.ftl. Do you have another idea about this issue? Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-07-09 11:08:44
|
Dear Subscribers, A minor update with a fix for the too short validity time of credential reset code was published under the number 3.5.2. Best regards, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2021-06-24 10:43:27
|
Hi Sander, W dniu 24.06.2021 o 11:32, Sander Apweiler pisze: > Hi all, > sometimes users get an "OAuth ERROR - Authorization SErver got an > invalid request. No OAuth context" when they are forwarded from SP or > come back from IdP. We can not reproduce it, but it appears from time > to time. Can you give me some information, when this error is raised? We have received reports with that situation from some other users as well and seen it (although very rarely) on our instances. We are investigating, trying to address that in 3.6 release. We are confident that the case when error happens after returning from remote IdP will be addressed: we are completely refactor the handling of that process, should be much more stable. The other case is bit of mystery still - under investigation. Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-06-24 09:32:20
|
Hi all, sometimes users get an "OAuth ERROR - Authorization SErver got an invalid request. No OAuth context" when they are forwarded from SP or come back from IdP. We can not reproduce it, but it appears from time to time. Can you give me some information, when this error is raised? Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2021-06-23 07:36:12
|
Good morning Sander, That's a known issue on Java 9+ with groovy - sorry we can't do anything about it, besides crossing fingers that groovy guys fix it at some point. With Java 11 at least that's harmless. Best, Roman śr., 23 cze 2021 o 06:32 Sander Apweiler <sa....@fz...> napisał(a): > Good morning Krzysztof, > we switched to java 11 on one server this morning. After restarting > unity (3.5.1.) we got a warning about groovy lib. > > > [ ~]$ java --version > openjdk 11.0.11 2021-04-20 LTS > OpenJDK Runtime Environment 18.9 (build 11.0.11+9-LTS) > OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9-LTS, mixed mode, sharing) > [ ~]$ sudo systemctl restart unity-idm-3.5.1; tail -f > /usr/local/unity/unity-3.5.1/logs/unity-startup.log > Jun 23, 2021 6:20:59 AM CEST: Stopping UNITY Server > Jun 23, 2021 6:20:59 AM CEST: Stopped UNITY Server > tail: /usr/local/unity/unity-3.5.1/logs/unity-startup.log: file truncated > Jun 23, 2021, 6:21:05 AM CEST: Starting UNITY Web Server > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by > org.codehaus.groovy.vmplugin.v7.Java7$1 > (file:/usr/local/unity/unity-3.5.1/lib/groovy-2.5.6.jar) to constructor > java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int) > WARNING: Please consider reporting this to the maintainers of > org.codehaus.groovy.vmplugin.v7.Java7$1 > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release > Jun 23, 2021, 6:23:31 AM CEST: UNITY Server Started > > Cheers, > Sander > -- > Federated Systems and Data > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Volker Rieke > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2021-06-23 04:32:28
|
Good morning Krzysztof, we switched to java 11 on one server this morning. After restarting unity (3.5.1.) we got a warning about groovy lib. [ ~]$ java --version openjdk 11.0.11 2021-04-20 LTS OpenJDK Runtime Environment 18.9 (build 11.0.11+9-LTS) OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9-LTS, mixed mode, sharing) [ ~]$ sudo systemctl restart unity-idm-3.5.1; tail -f /usr/local/unity/unity-3.5.1/logs/unity-startup.log Jun 23, 2021 6:20:59 AM CEST: Stopping UNITY Server Jun 23, 2021 6:20:59 AM CEST: Stopped UNITY Server tail: /usr/local/unity/unity-3.5.1/logs/unity-startup.log: file truncated Jun 23, 2021, 6:21:05 AM CEST: Starting UNITY Web Server WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/usr/local/unity/unity-3.5.1/lib/groovy-2.5.6.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int) WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Jun 23, 2021, 6:23:31 AM CEST: UNITY Server Started Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-06-21 09:21:58
|
W dniu 21.06.2021 o 10:51, Sander Apweiler pisze: > Hi Krzysztof, > > a attached it in a txt file. > hmm, looks ok. From looking into code... this should not happen. Looks like some library problem, but looks fine to me. So most likely something very weird. I'd need to be able to reproduce it somehow. From the log it seems that this happened when parsing a certificate of one of the trusted SAML IDPs. Can you tell what federations you have enabled? I'd need to try to configure the same and see if it happens on my end. Also please provide your java version. Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-06-21 08:51:21
|
Hi Krzysztof, a attached it in a txt file. On Mon, 2021-06-21 at 10:44 +0200, Krzysztof Benedyczak wrote: > Good morning Sander, > > W dniu 21.06.2021 o 07:18, Sander Apweiler pisze: > > Good morning Krzysztof, > > we have a serious issue with unity. The last four servers we > > updated > > successful to unity 3.5.1, including our test servers, this morning > > we > > started the migration of the server, which is in production. > > > > We updated from 3.3.4 to 3.5.1 and disabled the admin interface. We > > have the following error in startup log: > > > > Jun 21, 2021 7:11:39 AM CEST: Starting UNITY Web Server > > Exception in thread "main" > > org.springframework.context.ApplicationContextException: Failed to > > start bean 'engineInitialization'; nested exception is > > java.lang.NoSuchMethodError: > > org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle > > /asn1/ASN1Primitive;)Z > > at > > org.springframework.context.support.DefaultLifecycleProcessor.doSta > > rt(DefaultLifecycleProcessor.java:185) > > at > > org.springframework.context.support.DefaultLifecycleProcessor.acces > > s$200(DefaultLifecycleProcessor.java:53) > > at > > org.springframework.context.support.DefaultLifecycleProcessor$Lifec > > ycleGroup.start(DefaultLifecycleProcessor.java:360) > > at > > org.springframework.context.support.DefaultLifecycleProcessor.start > > Beans(DefaultLifecycleProcessor.java:158) > > at > > org.springframework.context.support.DefaultLifecycleProcessor.onRef > > resh(DefaultLifecycleProcessor.java:122) > > at > > org.springframework.context.support.AbstractApplicationContext.fini > > shRefresh(AbstractApplicationContext.java:894) > > at > > org.springframework.context.support.AbstractApplicationContext.refr > > esh(AbstractApplicationContext.java:553) > > at > > pl.edu.icm.unity.engine.server.UnityApplication.run(UnityApplicatio > > n.java:60) > > at > > pl.edu.icm.unity.engine.server.UnityApplication.main(UnityApplicati > > on.java:69) > > Caused by: java.lang.NoSuchMethodError: > > org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle > > /asn1/ASN1Primitive;)Z > > at > > eu.emi.security.authn.x509.helpers.DNComparator.normalizeAVA(DNComp > > arator.java:93) > > > Can you please paste the exact contents of your unity's installation > lib/ folder? > > Thanks, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-06-21 08:44:33
|
Good morning Sander, W dniu 21.06.2021 o 07:18, Sander Apweiler pisze: > Good morning Krzysztof, > we have a serious issue with unity. The last four servers we updated > successful to unity 3.5.1, including our test servers, this morning we > started the migration of the server, which is in production. > > We updated from 3.3.4 to 3.5.1 and disabled the admin interface. We > have the following error in startup log: > > Jun 21, 2021 7:11:39 AM CEST: Starting UNITY Web Server > Exception in thread "main" org.springframework.context.ApplicationContextException: Failed to start bean 'engineInitialization'; nested exception is java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle/asn1/ASN1Primitive;)Z > at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:185) > at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:53) > at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:360) > at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:158) > at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:122) > at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:894) > at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) > at pl.edu.icm.unity.engine.server.UnityApplication.run(UnityApplication.java:60) > at pl.edu.icm.unity.engine.server.UnityApplication.main(UnityApplication.java:69) > Caused by: java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle/asn1/ASN1Primitive;)Z > at eu.emi.security.authn.x509.helpers.DNComparator.normalizeAVA(DNComparator.java:93) Can you please paste the exact contents of your unity's installation lib/ folder? Thanks, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-06-21 05:19:03
|
Good morning Krzysztof,
we have a serious issue with unity. The last four servers we updated
successful to unity 3.5.1, including our test servers, this morning we
started the migration of the server, which is in production.
We updated from 3.3.4 to 3.5.1 and disabled the admin interface. We
have the following error in startup log:
Jun 21, 2021 7:11:39 AM CEST: Starting UNITY Web Server
Exception in thread "main" org.springframework.context.ApplicationContextException: Failed to start bean 'engineInitialization'; nested exception is java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle/asn1/ASN1Primitive;)Z
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:185)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:53)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:360)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:158)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:122)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:894)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553)
at pl.edu.icm.unity.engine.server.UnityApplication.run(UnityApplication.java:60)
at pl.edu.icm.unity.engine.server.UnityApplication.main(UnityApplication.java:69)
Caused by: java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle/asn1/ASN1Primitive;)Z
at eu.emi.security.authn.x509.helpers.DNComparator.normalizeAVA(DNComparator.java:93)
at eu.emi.security.authn.x509.helpers.DNComparator.preNormalize(DNComparator.java:58)
at eu.emi.security.authn.x509.impl.X500NameUtils.getComparableForm(X500NameUtils.java:168)
at pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter.getCertificateKey(AbstractMetaToConfigConverter.java:195)
at pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter.updatePKICerts(AbstractMetaToConfigConverter.java:171)
at pl.edu.icm.unity.saml.metadata.cfg.MetaToSPConfigConverter.convertToProperties(MetaToSPConfigConverter.java:111)
at pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter.convertToProperties(AbstractMetaToConfigConverter.java:93)
at pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter.convertToProperties(AbstractMetaToConfigConverter.java:75)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager.reloadSingle(RemoteMetaManager.java:150)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager.access$100(RemoteMetaManager.java:34)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager$MetadataConsumer.updateMetadata(RemoteMetaManager.java:168)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager$MetadataConsumer.access$300(RemoteMetaManager.java:154)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager.lambda$registerMetadataConsumers$0(RemoteMetaManager.java:102)
at pl.edu.icm.unity.saml.metadata.srv.MetadataSourceHandler.notifyConsumer(MetadataSourceHandler.java:207)
at pl.edu.icm.unity.saml.metadata.srv.MetadataSourceHandler.feedWithCached(MetadataSourceHandler.java:183)
at pl.edu.icm.unity.saml.metadata.srv.MetadataSourceHandler.addConsumer(MetadataSourceHandler.java:72)
at pl.edu.icm.unity.saml.metadata.srv.RemoteMetadataServiceImpl.registerConsumer(RemoteMetadataServiceImpl.java:77)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager.registerMetadataConsumers(RemoteMetaManager.java:101)
at pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager.<init>(RemoteMetaManager.java:59)
at pl.edu.icm.unity.saml.sp.SAMLVerificator.setSerializedConfiguration(SAMLVerificator.java:185)
at pl.edu.icm.unity.engine.authn.AuthenticatorLoader.verifyConfiguration(AuthenticatorLoader.java:117)
at pl.edu.icm.unity.engine.authn.AuthenticatorManagementImpl.verifyConfiguration(AuthenticatorManagementImpl.java:188)
at pl.edu.icm.unity.engine.authn.AuthenticatorManagementImpl.createAuthenticator(AuthenticatorManagementImpl.java:95)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
at pl.edu.icm.unity.store.rdbms.tx.SQLTransactionEngine.runInTransaction(SQLTransactionEngine.java:45)
at pl.edu.icm.unity.store.tx.TransactionalAspect.retryIfNeeded4Method(TransactionalAspect.java:75)
at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.aspectj.AspectJAfterAdvice.invoke(AspectJAfterAdvice.java:47)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:62)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy111.createAuthenticator(Unknown Source)
at pl.edu.icm.unity.engine.server.EngineInitialization.loadAuthenticatorsFromConfiguration(EngineInitialization.java:924)
at pl.edu.icm.unity.engine.server.EngineInitialization.initializeAuthenticators(EngineInitialization.java:892)
at pl.edu.icm.unity.engine.server.EngineInitialization.initializeSystemContentsFromConfigFile(EngineInitialization.java:406)
at pl.edu.icm.unity.engine.server.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:374)
at pl.edu.icm.unity.engine.server.EngineInitialization.start(EngineInitialization.java:262)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:182)
... 8 more
Do you know what could cause this problem? On the four previous servers
we didn't had any problem.
Cheers,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Krzysztof B. <kb...@un...> - 2021-06-16 13:32:27
|
Hi Sander, W dniu 15.06.2021 o 09:24, Sander Apweiler pisze: > Good morning Krzysztof, > last week we updated from version 3.4.3 to 3.5.1. This week a user > reported the following error: > > "Problem occurred during authentication process. > > The error is: This implementation doesn't support authn requests with > RequestedAuthnContext set. > You will be automatically redirected in 5s back to the service which > requested authentication, with the above information." > > I asked the IdP as well as the SP, if they changed something and they > can not remember. Maybe this corelation between the error and unity > update is wrong, but did unity change something here? Do you know when > this error is raised by unity? > > I paste the unity log below. This is not a regression, I'm fairly certain that this limitation is present in Unity from the version 1.0.0. There is a small chance that there was a bug in unity, i.e. that RequestedAuthnContext was accepted, and that we had accidentally fixed recently. But honestly I'd say probability of this situation is extremly low. If this is a call for full support of SAML AuthnContexts that's a longer story. Perhaps we would need some workaround for now. Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-06-15 07:24:20
|
Good morning Krzysztof,
last week we updated from version 3.4.3 to 3.5.1. This week a user
reported the following error:
"Problem occurred during authentication process.
The error is: This implementation doesn't support authn requests with
RequestedAuthnContext set.
You will be automatically redirected in 5s back to the service which
requested authentication, with the above information."
I asked the IdP as well as the SP, if they changed something and they
can not remember. Maybe this corelation between the error and unity
update is wrong, but did unity change something here? Do you know when
this error is raised by unity?
I paste the unity log below.
2021-06-15T08:46:17,369 [qtp848193662-12599] DEBUG unity.server.core.ClientIPSettingHandler: Handling client 85.16.232.92 request to URL /saml-idp/saml2idp-web?SAMLRequest=nVNNj9owEP0rke%2F5AsKqFrCioKpIu9sI0h56qRxnWKw6dtbjLLS%2Ffu1AVrRqc%2BAUZ%2Bb5vZk349n9qZbBKxgUWs1JGiXkfjFDVsuGLlt7UFt4aQFt4GAKaZeYk9YoqhkKpIrVgNRyuls%2BPtBRlNDGaKu5liTYrOfkx%2FhDBuM0mZZ7YJPxuNyn2YgE33pBd8MBEVvYKLRMWRdKRmmYTMM0K5IpnUxpehdNsuw7CfIL9UehKqGeh%2BsozyCkn4siD%2FMvu4IEa9eJUMx20gdrG6RxLPWzUNEBZH3Q0v6OKoh9m6Gomu4wcofwCCUJlohg%2FOWVVtjWYHZgXgWHr9uHv%2BnYUXiihiE22tiYOS87tvhdqPvjTMqS8Z%2FkbDrtrDBXbg83yfqKyGJY%2Fw%2FVWXyl1U%2F7yZFv1rmWgv%2B6ZdqftKmZHUb7iKjCfQel1jCFApR1zkqpjysDzMKcWNMCifu6LgsIVbeOznkLp5vWcaXrhhmBfvZwYtz2nl8Tr6RzbAv7WyYwCOOUe2oXzt3nqE3ltxm4a6zwPvgpXebyr3oW59x%2F7HjPXj%2FZxRs%3D
2021-06-15T08:46:17,370 [qtp848193662-12599] DEBUG unity.server.saml.SamlServletExtractionUtils: Got SAML request using the HTTP Redirect binding
2021-06-15T08:46:17,370 [qtp848193662-12599] WARN unity.server.saml.ErrorHandler: SAML error is going to be returned to the SAML requester by the IdP
eu.unicore.samly2.exceptions.SAMLResponderException: This implementation doesn't support authn requests with RequestedAuthnContext set.
at pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator.validate(UnityAuthnRequestValidator.java:71) ~[unity-server-saml-3.5.1.jar:?]
at pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:34) ~[unity-server-saml-3.5.1.jar:?]
at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:219) ~[unity-server-saml-3.5.1.jar:?]
at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:143) ~[unity-server-saml-3.5.1.jar:?]
at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:96) ~[unity-server-saml-3.5.1.jar:?]
at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:76) ~[unity-server-saml-3.5.1.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) ~[javax.servlet-api-3.1.0.jar:3.1.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:74) ~[unity-server-web-common-3.5.1.jar:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:274) ~[unity-server-web-common-3.5.1.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleNotProtectedResource(AuthenticationFilter.java:106) ~[unity-server-web-common-3.5.1.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:83) ~[unity-server-web-common-3.5.1.jar:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) ~[unity-server-engine-api-3.5.1.jar:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) ~[unity-server-engine-3.5.1.jar:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.5.1.jar:?]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]
Best regards,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Sander A. <sa....@fz...> - 2021-06-09 07:36:36
|
Thanks for the information. I Updated this week to 3.5.1. I'll keep an eye on this if this happens again. Cheers, Sander On Wed, 2021-06-09 at 09:32 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 09.06.2021 o 08:48, Sander Apweiler pisze: > > Good morning, > > we found a problem in the invitations via upman. We found this > > issue in > > unity 3.4.3. The problem is that the email addresses are some where > > checked case sensitive. I use my email address to explain the > > problem. > > - Users are registered at unity with the email, send by IdP: > > Sa....@fz... > > - Project manager sends an invitation to the email sa.apweiler@fz- > > juelich.de > > - Invitation is created with link to the registration form, not > > enquiry > > form > > - User follows the link and got an error "It seems you are already > > registered, please sign in" > > > > Of course email addresses are not case sensitive, but it seems that > > the > > check if a user having this email address is registered is missing > > a > > transformation to lower case in the comparison. > > > That sounds like https://unity-idm.atlassian.net/browse/UY-1126 fixed > while ago in 3.4.5. > > Cheers, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-06-09 07:33:04
|
Hi Sander, W dniu 09.06.2021 o 08:48, Sander Apweiler pisze: > Good morning, > we found a problem in the invitations via upman. We found this issue in > unity 3.4.3. The problem is that the email addresses are some where > checked case sensitive. I use my email address to explain the problem. > - Users are registered at unity with the email, send by IdP: > Sa....@fz... > - Project manager sends an invitation to the email sa.apweiler@fz- > juelich.de > - Invitation is created with link to the registration form, not enquiry > form > - User follows the link and got an error "It seems you are already > registered, please sign in" > > Of course email addresses are not case sensitive, but it seems that the > check if a user having this email address is registered is missing a > transformation to lower case in the comparison. > That sounds like https://unity-idm.atlassian.net/browse/UY-1126 fixed while ago in 3.4.5. Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-06-09 06:49:13
|
Good morning, we found a problem in the invitations via upman. We found this issue in unity 3.4.3. The problem is that the email addresses are some where checked case sensitive. I use my email address to explain the problem. - Users are registered at unity with the email, send by IdP: Sa....@fz... - Project manager sends an invitation to the email sa.apweiler@fz- juelich.de - Invitation is created with link to the registration form, not enquiry form - User follows the link and got an error "It seems you are already registered, please sign in" Of course email addresses are not case sensitive, but it seems that the check if a user having this email address is registered is missing a transformation to lower case in the comparison. Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-05-17 10:22:16
|
Dear Subscribers,
A new revision of the 3.5 branch was published, including:
* multiple UpMan improvements
* fix of the group name presentation in Admin Console
* fix of tooltips on credentials in forms
* important bugfix in authorization of the recently introduced REST
operation to add multiple groups
Complete list of changes is available at
https://www.unity-idm.eu/downloads/
Best regards,
Krzysztof
|
|
From: Krzysztof B. <kb...@un...> - 2021-05-13 07:58:40
|
Good morning Sander, W dniu 12.05.2021 o 08:45, Sander Apweiler pisze: > Good morning Krzysztof, > another project wants to use out unity but have their own logo on login > pages. I know I can configure muiltiple SAML or OAUth endpoints, but > can I do it as well with userhome and upman endpoints? > > I guess I had to use something like this in the endpoint definition: > unityServer.core.endpoints.userHome-X.endpointType=UserHomeUI > unityServer.core.endpoints.upman-X.endpointType=UpManUI Yes, absolutely you can. If using config files: copy config of existing endpoint, change the config-file id (the part after endpoints.) to something unique and then just select a desired deployment path and your new endpoint config file location. In case you deploy multiple home + upman endpoints and you use the link feature (from home to upman) make sure to configure the endpoint for the link correctly in homeUI config. (Soon to come - there will be also an option to have a link from upman to home, same note for that). Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-05-12 06:45:47
|
Good morning Krzysztof, another project wants to use out unity but have their own logo on login pages. I know I can configure muiltiple SAML or OAUth endpoints, but can I do it as well with userhome and upman endpoints? I guess I had to use something like this in the endpoint definition: unityServer.core.endpoints.userHome-X.endpointType=UserHomeUI unityServer.core.endpoints.upman-X.endpointType=UpManUI Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-05-04 06:47:14
|
Good morning Sander, W dniu 04.05.2021 o 07:19, Sander Apweiler pisze: > -) what is the default locale setting for your server? > english >> -) what is the locale used by the user who logged to console? > english. >> -) whether the English displayed name is the only one for that group >> or >> there are any other versions defined? > only the english one. >> -) Also: the group was created using UI or REST API? > created via UI. >> Many questions, but should help to fix the issue easily. > Many but easy to answer ;) OK, thank you, that's one of those embarrassing ones. Certainly will be fixed in 3.5.1. Thanks, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-05-04 05:19:29
|
Good morning Krzysztof, sorry dor the delay. On Thu, 2021-04-29 at 13:21 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 29.04.2021 o 09:02, Sander Apweiler pisze: > > Good morning Krzysztof, > > in the background, above the pop-up, you see that the directory > > browser > > shows only the internal names. In previous versions there was both, > > display name followed by internal names. I just added the pop-up in > > the > > screenshot to show that the displayname is set. > > Ah, ok, missed that completely. > > The intention is that there should be the displayed name. We will > check > this up, however can you please provide me three more details: > > -) what is the default locale setting for your server? english > > -) what is the locale used by the user who logged to console? english. > > -) whether the English displayed name is the only one for that group > or > there are any other versions defined? only the english one. > > -) Also: the group was created using UI or REST API? created via UI. > > Many questions, but should help to fix the issue easily. Many but easy to answer ;) Best regards, Sander > > Thank you, > Krzysztof > > > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-04-29 11:21:51
|
Hi Sander, W dniu 29.04.2021 o 09:02, Sander Apweiler pisze: > Good morning Krzysztof, > in the background, above the pop-up, you see that the directory browser > shows only the internal names. In previous versions there was both, > display name followed by internal names. I just added the pop-up in the > screenshot to show that the displayname is set. Ah, ok, missed that completely. The intention is that there should be the displayed name. We will check this up, however can you please provide me three more details: -) what is the default locale setting for your server? -) what is the locale used by the user who logged to console? -) whether the English displayed name is the only one for that group or there are any other versions defined? -) Also: the group was created using UI or REST API? Many questions, but should help to fix the issue easily. Thank you, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-04-29 07:02:42
|
Good morning Krzysztof, in the background, above the pop-up, you see that the directory browser shows only the internal names. In previous versions there was both, display name followed by internal names. I just added the pop-up in the screenshot to show that the displayname is set. Cheers, Sander On Thu, 2021-04-29 at 08:52 +0200, Krzysztof Benedyczak wrote: > Good morning Sander, > > W dniu 29.04.2021 o 08:10, Sander Apweiler pisze: > > Good morning Krzysztof, > > we finished our test of latest unity version. We find only one > > small > > issue. > > > > In console endpoint only the IDs of the groups are shown and not > > the > > displayname. See attached image. In previous versions it was > > Displayname (ID). Was this change planned? > > > I'm confused:-) In the screenshot you have attached there is both a > group path (built from group 'internal' names) and the group's > displayed > name. So where is the problem? > > We made a bigger change in this area, ensuring we show the *display > name* when appropriate (mostly in the groups tree of the directory > browser and in the headers of tables with users and attributes). > Showing > of the internal names and paths build from them is naturaly preserved > as > the path may be still very important (for the use on REST API for > instance). > > Can you clarify your problem bit more? > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2021-04-29 06:52:34
|
Good morning Sander, W dniu 29.04.2021 o 08:10, Sander Apweiler pisze: > Good morning Krzysztof, > we finished our test of latest unity version. We find only one small > issue. > > In console endpoint only the IDs of the groups are shown and not the > displayname. See attached image. In previous versions it was > Displayname (ID). Was this change planned? > I'm confused:-) In the screenshot you have attached there is both a group path (built from group 'internal' names) and the group's displayed name. So where is the problem? We made a bigger change in this area, ensuring we show the *display name* when appropriate (mostly in the groups tree of the directory browser and in the headers of tables with users and attributes). Showing of the internal names and paths build from them is naturaly preserved as the path may be still very important (for the use on REST API for instance). Can you clarify your problem bit more? Krzysztof |
|
From: Sander A. <sa....@fz...> - 2021-04-29 06:10:49
|
Good morning Krzysztof, we finished our test of latest unity version. We find only one small issue. In console endpoint only the IDs of the groups are shown and not the displayname. See attached image. In previous versions it was Displayname (ID). Was this change planned? Cheers, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
