Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
|
Nov
|
Dec
|
|
From: Roman K. <ro...@un...> - 2024-11-29 17:27:11
|
Hi Sander, We are looking into the IllegalStateExceptions problem, we will strive to squeeze it into the next patch release. Our assessment of the “IOException: Stream Closed” warning is that it can occur if the user closes the browser while the server is attempting to write to the corresponding socket. Best regards, Roman wt., 26 lis 2024 o 11:26 Sander Apweiler <sa....@fz...> napisał(a): > Good morning, > we found another Exception which occurs quite oftern after the update: > > 2024-11-26T10:19:57,415 [qtp189759004-9219] WARN > org.eclipse.jetty.ee10.servlet.ServletChannel: handleException > /oauth2-as/VAADIN/dynamic/resource/0/e4baf8d2-5624-4b9c-82ee-57698afa6ead/4097c0b0cf59f1e2a962a148ed2043ad1en.png > java.io.IOException: Stream Closed > 2024-11-26T10:19:57,416 [qtp189759004-10574] ERROR > unity.server.web.CustomErrorPageInitializer: Vaadin initialization error: > java.io.IOException: Stream Closed > at java.base/java.io.FileInputStream.readBytes(Native Method) > ~[?:?] > at java.base/java.io.FileInputStream.read(FileInputStream.java:263) > ~[?:?] > at > com.vaadin.flow.server.StreamResource$Pipe.read(StreamResource.java:119) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.StreamResource$Pipe.copy(StreamResource.java:109) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.StreamResource$Pipe.accept(StreamResource.java:84) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.communication.StreamResourceHandler.handleRequest(StreamResourceHandler.java:86) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.communication.StreamRequestHandler.handleRequest(StreamRequestHandler.java:110) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.VaadinService.handleRequest(VaadinService.java:1574) > ~[flow-server-24.3.7.jar:24.3.7] > at > com.vaadin.flow.server.VaadinServlet.service(VaadinServlet.java:398) > ~[flow-server-24.3.7.jar:24.3.7] > at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) > ~[jakarta.servlet-api-6.0.0.jar:6.0.0] > at > org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1614) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:317) > ~[jetty-ee10-servlets-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:270) > ~[jetty-ee10-servlets-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > io.imunity.vaadin.endpoint.common.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:67) > ~[unity-server-vaadin-endpoint-common-4.0.2.jar:?] > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > io.imunity.vaadin.auth.server.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:265) > ~[unity-server-vaadin-authentication-4.0.2.jar:?] > at > io.imunity.vaadin.auth.server.AuthenticationFilter.handleRememberMe(AuthenticationFilter.java:250) > ~[unity-server-vaadin-authentication-4.0.2.jar:?] > at > io.imunity.vaadin.auth.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:100) > ~[unity-server-vaadin-authentication-4.0.2.jar:?] > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > io.imunity.vaadin.endpoint.common.RemoteRedirectedAuthnResponseProcessingFilter.doFilter(RemoteRedirectedAuthnResponseProcessingFilter.java:48) > ~[unity-server-vaadin-endpoint-common-4.0.2.jar:?] > at > org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1547) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:814) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:431) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:464) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571) > ~[jetty-security-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.ee10.servlet.SessionHandler.handle(SessionHandler.java:703) > ~[jetty-ee10-servlet-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:765) > ~[jetty-server-12.0.7.jar:12.0.7] > at > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) > ~[unity-server-engine-4.0.2.jar:?] > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) > ~[jetty-server-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) > ~[jetty-rewrite-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:549) > ~[jetty-server-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.server.Handler$Wrapper.handle(Handler.java:716) > ~[jetty-server-12.0.7.jar:12.0.7] > at > pl.edu.icm.unity.engine.server.TraceBlockingHandler.handle(TraceBlockingHandler.java:34) > ~[unity-server-engine-4.0.2.jar:?] > at org.eclipse.jetty.server.Server.handle(Server.java:179) > ~[jetty-server-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:619) > ~[jetty-server-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:411) > ~[jetty-server-12.0.7.jar:12.0.7] > at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) > ~[jetty-io-12.0.7.jar:12.0.7] > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) > ~[jetty-io-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:574) > ~[jetty-io-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:390) > ~[jetty-io-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:150) > ~[jetty-io-12.0.7.jar:12.0.7] > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) > ~[jetty-io-12.0.7.jar:12.0.7] > at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) > ~[jetty-io-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:478) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:441) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:201) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:410) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201) > ~[jetty-util-12.0.7.jar:12.0.7] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156) > ~[jetty-util-12.0.7.jar:12.0.7] > at java.base/java.lang.Thread.run(Thread.java:1583) [?:?] > 2024-11-26T10:19:57,416 [qtp189759004-10574] WARN > org.eclipse.jetty.ee10.servlet.ServletChannel: handleException > /oauth2-as/VAADIN/dynamic/resource/0/73e07c7d-ef52-4dac-a6e8-2333ac1f9844/4405244f9f75bd6012e40616bb767b461en.png > java.io.IOException: Stream Closed > > > Best regards, > Sander > > > On Mon, 2024-11-25 at 16:33 +0100, Sander Apweiler wrote: > > Hi Krzysztof, > > after updating our large unity instance this morning form 3.16.1 to > > 4.0.2 we got a lot of IllegalStateExceptions (see attachment) and a > > increase memory usage. Do you have any idea which could be the reason > > for this Exceptions? > > > > Best regards, > > Sander > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Krzysztof B. <kb...@un...> - 2024-11-29 11:30:29
|
W dniu 28.11.2024 o 10:14, Sander Apweiler pisze: > Good morning Krzysztof, > good morning Roman, > > we recognize another small UI bug. When you login in the upman endpoint > and going to remove a user from a (sub-)group by clicking on "Remove > from group" the following pop-up shows the text of Remove from project. > The user is only removed from the group, so it is only a wrong message > in the pop-up confirmation. Thanks for the information. Will be addressed in the next patch. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2024-11-29 11:29:52
|
W dniu 28.11.2024 o 09:58, Sander Apweiler pisze: > Good morning Krzysztof, > good morning Roman, > > We recognized that users are not redirected to the service or the > "consent screen" is not shown after the second factor was entered. We > are not sure if this belongs to the IlligalStateExceptions I reported > earlier this week. Starting a second login from the end service, the > consent screen is shown and redirect to the service works. Which is a > bit of annoying for the users. > Got it, we will investigate the root cause. Best, Krzysztof Benedyczak |
|
From: Krzysztof B. <kb...@un...> - 2024-11-29 11:29:08
|
Hi Laura,
W dniu 26.11.2024 o 17:11, Laura Hofer pisze:
> Hi Krzysztof, Hi Roman,
> we may have found a bug, but we are not quite sure. We have two oAuth
> clients, one of which has been changed to client_credentials
> (sys:oauth:allowedGrantFlows = client).
> However, the iss field is now missing from the tokens. Is this the
> expected behaviour?
> Here is the token that comes back with the normal client:
> {
> ‘sub": “3cac4792-0611-4f82-85b3-e1a61c8afea4”,
> ‘aud": “rucio-punch-frontend”,
> ‘scope": “eduperson_entitlement profile openid”,
> ‘iss": “https://login.helmholtz.de/oauth2”,
> ‘exp": 1732637686,
> ‘iat": 1732633686,
> ‘jti": “4e42bf02-b4f7-4da3-a062-92eda5bcc7f9”,
> ‘client_id": ’rucio-punch-frontend’
> }
> And here is the token with client_credentials:
> {
> ‘sub": “rucio-punch”,
> ‘exp": 1732637649,
> ‘iat": 1732633649,
> ‘jti": “c0cb7984-e6f4-485f-8e29-ba319a270cf2”,
> ‘client_id": “rucio-punch”,
> ‘scope": ’openid offline_access profile eduperson_entitlement’
> }
Thanks for heads up. Verified there are two problems with client
credentials grant when it is used with JWT access token: also aud claim
is missing.
Will be address in the next patch.
Best,
Krzysztof
|
|
From: Sander A. <sa....@fz...> - 2024-11-28 09:14:45
|
Good morning Krzysztof, good morning Roman, we recognize another small UI bug. When you login in the upman endpoint and going to remove a user from a (sub-)group by clicking on "Remove from group" the following pop-up shows the text of Remove from project. The user is only removed from the group, so it is only a wrong message in the pop-up confirmation. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2024-11-28 08:58:56
|
Good morning Krzysztof, good morning Roman, We recognized that users are not redirected to the service or the "consent screen" is not shown after the second factor was entered. We are not sure if this belongs to the IlligalStateExceptions I reported earlier this week. Starting a second login from the end service, the consent screen is shown and redirect to the service works. Which is a bit of annoying for the users. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Laura H. <l....@fz...> - 2024-11-26 16:11:45
|
Hi Krzysztof, Hi Roman,
we may have found a bug, but we are not quite sure. We have two oAuth clients, one of which has been changed to client_credentials (sys:oauth:allowedGrantFlows = client).
However, the iss field is now missing from the tokens. Is this the expected behaviour?
Here is the token that comes back with the normal client:
{
‘sub": “3cac4792-0611-4f82-85b3-e1a61c8afea4”,
‘aud": “rucio-punch-frontend”,
‘scope": “eduperson_entitlement profile openid”,
‘iss": “https://login.helmholtz.de/oauth2”,
‘exp": 1732637686,
‘iat": 1732633686,
‘jti": “4e42bf02-b4f7-4da3-a062-92eda5bcc7f9”,
‘client_id": ’rucio-punch-frontend’
}
And here is the token with client_credentials:
{
‘sub": “rucio-punch”,
‘exp": 1732637649,
‘iat": 1732633649,
‘jti": “c0cb7984-e6f4-485f-8e29-ba319a270cf2”,
‘client_id": “rucio-punch”,
‘scope": ’openid offline_access profile eduperson_entitlement’
}
Kind regards,
Laura
--
Juelich Supercomputing Centre
Institute for Advanced Simulation
Forschungszentrum Juelich GmbH
52425 Juelich, Germany
E-Mail: l....@fz...
Phone: +49 2461 61-6576
Fax: +49 2461 61-6656
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens,
Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Krzysztof B. <kb...@un...> - 2024-11-26 11:31:35
|
Hi Sander, W dniu 26.11.2024 o 11:57, Sander Apweiler pisze: > Hi Krzysztof, > hi Roman, > > we fouind an issue in the console UI. If you have a long list of groups > in the root group and a scroll bar is added. The scroll bar is put over > the menu icons and you can not klick the button anymore. Most probably > this might appear on other locations as well. > > The attached screen shot show the situation withou beeing with the > mouse over the icon/scoll bar. Hovering over it, will increase the size > of the scroll bar. Increasing the width of the group list does not > solve the problem, since the icons are sticked to the right border. > Thanks for the report, opening a ticket to track it. Best, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2024-11-26 10:58:04
|
Hi Krzysztof, hi Roman, we fouind an issue in the console UI. If you have a long list of groups in the root group and a scroll bar is added. The scroll bar is put over the menu icons and you can not klick the button anymore. Most probably this might appear on other locations as well. The attached screen shot show the situation withou beeing with the mouse over the icon/scoll bar. Hovering over it, will increase the size of the scroll bar. Increasing the width of the group list does not solve the problem, since the icons are sticked to the right border. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2024-11-26 10:26:37
|
Good morning,
we found another Exception which occurs quite oftern after the update:
2024-11-26T10:19:57,415 [qtp189759004-9219] WARN org.eclipse.jetty.ee10.servlet.ServletChannel: handleException /oauth2-as/VAADIN/dynamic/resource/0/e4baf8d2-5624-4b9c-82ee-57698afa6ead/4097c0b0cf59f1e2a962a148ed2043ad1en.png java.io.IOException: Stream Closed
2024-11-26T10:19:57,416 [qtp189759004-10574] ERROR unity.server.web.CustomErrorPageInitializer: Vaadin initialization error:
java.io.IOException: Stream Closed
at java.base/java.io.FileInputStream.readBytes(Native Method) ~[?:?]
at java.base/java.io.FileInputStream.read(FileInputStream.java:263) ~[?:?]
at com.vaadin.flow.server.StreamResource$Pipe.read(StreamResource.java:119) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.StreamResource$Pipe.copy(StreamResource.java:109) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.StreamResource$Pipe.accept(StreamResource.java:84) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.StreamResourceHandler.handleRequest(StreamResourceHandler.java:86) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.StreamRequestHandler.handleRequest(StreamRequestHandler.java:110) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.VaadinService.handleRequest(VaadinService.java:1574) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.VaadinServlet.service(VaadinServlet.java:398) ~[flow-server-24.3.7.jar:24.3.7]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) ~[jakarta.servlet-api-6.0.0.jar:6.0.0]
at org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1614) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:317) ~[jetty-ee10-servlets-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:270) ~[jetty-ee10-servlets-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.endpoint.common.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:67) ~[unity-server-vaadin-endpoint-common-4.0.2.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.auth.server.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:265) ~[unity-server-vaadin-authentication-4.0.2.jar:?]
at io.imunity.vaadin.auth.server.AuthenticationFilter.handleRememberMe(AuthenticationFilter.java:250) ~[unity-server-vaadin-authentication-4.0.2.jar:?]
at io.imunity.vaadin.auth.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:100) ~[unity-server-vaadin-authentication-4.0.2.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.endpoint.common.RemoteRedirectedAuthnResponseProcessingFilter.doFilter(RemoteRedirectedAuthnResponseProcessingFilter.java:48) ~[unity-server-vaadin-endpoint-common-4.0.2.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1547) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:814) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:431) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:464) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571) ~[jetty-security-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.SessionHandler.handle(SessionHandler.java:703) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:765) ~[jetty-server-12.0.7.jar:12.0.7]
at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) ~[unity-server-engine-4.0.2.jar:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:549) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.Handler$Wrapper.handle(Handler.java:716) ~[jetty-server-12.0.7.jar:12.0.7]
at pl.edu.icm.unity.engine.server.TraceBlockingHandler.handle(TraceBlockingHandler.java:34) ~[unity-server-engine-4.0.2.jar:?]
at org.eclipse.jetty.server.Server.handle(Server.java:179) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:619) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:411) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:574) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:390) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:150) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:478) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:441) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:201) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:410) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156) ~[jetty-util-12.0.7.jar:12.0.7]
at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
2024-11-26T10:19:57,416 [qtp189759004-10574] WARN org.eclipse.jetty.ee10.servlet.ServletChannel: handleException /oauth2-as/VAADIN/dynamic/resource/0/73e07c7d-ef52-4dac-a6e8-2333ac1f9844/4405244f9f75bd6012e40616bb767b461en.png java.io.IOException: Stream Closed
Best regards,
Sander
On Mon, 2024-11-25 at 16:33 +0100, Sander Apweiler wrote:
> Hi Krzysztof,
> after updating our large unity instance this morning form 3.16.1 to
> 4.0.2 we got a lot of IllegalStateExceptions (see attachment) and a
> increase memory usage. Do you have any idea which could be the reason
> for this Exceptions?
>
> Best regards,
> Sander
>
--
Large-Scale Data Science
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Sander A. <sa....@fz...> - 2024-11-25 15:33:57
|
Hi Krzysztof, after updating our large unity instance this morning form 3.16.1 to 4.0.2 we got a lot of IllegalStateExceptions (see attachment) and a increase memory usage. Do you have any idea which could be the reason for this Exceptions? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2024-11-19 08:06:10
|
W dniu 13.11.2024 o 11:48, Sander Apweiler pisze: > Hello Roman, > the logo in userhome endpoint is also not scaled correctly, while it is > in the console endpoint. > Thanks, we have both issues ticketized, will be addressed in the next revision. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2024-11-15 10:00:31
|
Hi Sander, W dniu 7.11.2024 o 11:20, Sander Apweiler pisze: > Hi Krzysztof, > hi Roman, > > is there another reason why it is not possible to store the consent to > the released attributes beside of using a public client? We have some > confidential clients, where user can not store their consent and we do > not understand the reason for it. There are many possible reasons: * prompt = CONSENT requested by the OAuth client * added scope (consent was stored with some scopes, during new sign-in additional scopes are requested) * added audience also Unity UI will be shown when there is active value selection configured, enquiry pending or updated policies to be accepted. DEBUG logging on the oauth logger should provide some basic information. HTH, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2024-11-13 10:48:53
|
Hello Roman, the logo in userhome endpoint is also not scaled correctly, while it is in the console endpoint. On Wed, 2024-11-13 at 11:14 +0100, Roman Krysiński wrote: > Good Morning Marvin, > > Thank you for pointing this out. We will look into this soon and let > you know. > > Best regards, > Roman > > pon., 11 lis 2024 o 09:59 Winkens, Marvin <m.w...@fz...> > napisał(a): > > > > > > > > > > > > > > > > > > > > Dear unity-mailing-list, > > > > > > when using chromium the icons of organisations on the login page > > are scaled differently to firefox. See attached images. > > > > unity-idm-version: 4.0.2 > > > > My guess is, that this is a bug with the new unity version and not > > a configuration issue. I can reproduce this on every endpoint with > > login. > > > > With best regards, > > Marvin Winkens > > > > > > > > ------------------------------------------------------------------- > > ------------------ > > ------------------------------------------------------------------- > > ------------------ > > Forschungszentrum Jülich GmbH > > 52425 Jülich > > Sitz der Gesellschaft: Jülich > > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens > > ------------------------------------------------------------------- > > ------------------ > > ------------------------------------------------------------------- > > ----------------- > > > > > > > > ------------------------------------------------------------------- > > ----------------------------- > > ------------------------------------------------------------------- > > ----------------------------- > > Forschungszentrum Jülich GmbH > > 52425 Jülich > > Sitz der Gesellschaft: Jülich > > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > > ------------------------------------------------------------------- > > ----------------------------- > > ------------------------------------------------------------------- > > ----------------------------- > > > > _______________________________________________ > > Unity-idm-discuss mailing list > > Uni...@li... > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2024-11-13 10:14:30
|
Good Morning Marvin, Thank you for pointing this out. We will look into this soon and let you know. Best regards, Roman pon., 11 lis 2024 o 09:59 Winkens, Marvin <m.w...@fz...> napisał(a): > > Dear unity-mailing-list, > > when using chromium the icons of organisations on the login page are > scaled differently to firefox. See attached images. > > > unity-idm-version: 4.0.2 > > > My guess is, that this is a bug with the new unity version and not a > configuration issue. I can reproduce this on every endpoint with login. > > > With best regards, > > Marvin Winkens > > ------------------------------------------------------------------------------------- > > ------------------------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens > > ------------------------------------------------------------------------------------- > > ------------------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------------------------ > > ------------------------------------------------------------------------------------------------ > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > > ------------------------------------------------------------------------------------------------ > > ------------------------------------------------------------------------------------------------ > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Winkens, M. <m.w...@fz...> - 2024-11-11 08:59:00
|
Dear unity-mailing-list, when using chromium the icons of organisations on the login page are scaled differently to firefox. See attached images. unity-idm-version: 4.0.2 My guess is, that this is a bug with the new unity version and not a configuration issue. I can reproduce this on every endpoint with login. With best regards, Marvin Winkens ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens ------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Roman K. <ro...@un...> - 2024-11-08 10:54:55
|
Dear Subscribers, A new patch release 4.0.3 is now available. The following has been released: - *Support for key ID in JWT:* in the OpenID Connect (OIDC) flow, after exchanging an authorization code for an ID token, your OIDC clients can now validate the ID token and confirm that Unity-IdM is the signing authority. The OAuth /jwk public endpoint has been updated to expose the key IDs, and the key ID used to sign the JWT token is now included in the JWT token header. - *Fix for Console OAuth IdP editor:* When a user updates the OAuth IdP configuration and sets the “Token signing algorithm” to an ECC-based option with an invalid signing credential, submitting the configuration fails, causing the updated IdP configuration to be discarded. This patch addresses this issue. All relevant links are available here: https://unity-idm.eu/releases/release-4-0-3/ Best regards, Roman |
|
From: Sander A. <sa....@fz...> - 2024-11-07 10:20:20
|
Hi Krzysztof, hi Roman, is there another reason why it is not possible to store the consent to the released attributes beside of using a public client? We have some confidential clients, where user can not store their consent and we do not understand the reason for it. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2024-11-07 09:40:59
|
Hi Sander, Yes, the implementation is done, and currently this needs to go through the QA cycle. If nothing unexpected happens, then we can expect patch release tomorrow or early next week. Best regards, Roman czw., 7 lis 2024 o 10:08 Sander Apweiler <sa....@fz...> napisał(a): > Dear Roman, > do you have an estimation for the release of the patch? > > Best regards, > Sander > > On Tue, 2024-10-29 at 12:43 +0100, Roman Krysiński wrote: > > Good morning Sander, > > > > OK, we will work on it soon and release it in the 4.0.3 patch. > > > > Best regards, > > Roman > > > > > > wt., 29 paź 2024 o 10:53 Sander Apweiler <sa....@fz...> > > napisał(a): > > > Good morning Krzysztof, > > > this would be greate. They want to start offering the service in > > > the > > > beginning of next year. So it is a bit urgend. > > > > > > Best regards, > > > Sander > > > > > > On Mon, 2024-10-28 at 15:38 +0100, Krzysztof Benedyczak wrote: > > > > Hi Sander, > > > > > > > > W dniu 22.10.2024 o 11:27, Sander Apweiler pisze: > > > > > Hello Krzysztof, > > > > > sadly we have another software which requires an optional OAuth > > > > > element. Our storage team wants to use our unity for > > > > > authN&authZ > > > > > against minIO. At the moment it fails because minIO expects the > > > > > kid > > > > > claim in the token, which is optional in standard. Is there a > > > > > possibility to release this in unity as well? > > > > > > > > Yes, absolutely. I even think it is not so much optional... > > > > > > > > Should be easy, we can put it somewhere relatively soon on our > > > > roadmap. > > > > If this is urgent please let us know. > > > > > > > > Best, > > > > Krzysztof > > > > > > > > > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2024-11-07 09:08:32
|
Dear Roman, do you have an estimation for the release of the patch? Best regards, Sander On Tue, 2024-10-29 at 12:43 +0100, Roman Krysiński wrote: > Good morning Sander, > > OK, we will work on it soon and release it in the 4.0.3 patch. > > Best regards, > Roman > > > wt., 29 paź 2024 o 10:53 Sander Apweiler <sa....@fz...> > napisał(a): > > Good morning Krzysztof, > > this would be greate. They want to start offering the service in > > the > > beginning of next year. So it is a bit urgend. > > > > Best regards, > > Sander > > > > On Mon, 2024-10-28 at 15:38 +0100, Krzysztof Benedyczak wrote: > > > Hi Sander, > > > > > > W dniu 22.10.2024 o 11:27, Sander Apweiler pisze: > > > > Hello Krzysztof, > > > > sadly we have another software which requires an optional OAuth > > > > element. Our storage team wants to use our unity for > > > > authN&authZ > > > > against minIO. At the moment it fails because minIO expects the > > > > kid > > > > claim in the token, which is optional in standard. Is there a > > > > possibility to release this in unity as well? > > > > > > Yes, absolutely. I even think it is not so much optional... > > > > > > Should be easy, we can put it somewhere relatively soon on our > > > roadmap. > > > If this is urgent please let us know. > > > > > > Best, > > > Krzysztof > > > > > > > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2024-10-29 11:43:33
|
Good morning Sander, OK, we will work on it soon and release it in the 4.0.3 patch. Best regards, Roman wt., 29 paź 2024 o 10:53 Sander Apweiler <sa....@fz...> napisał(a): > Good morning Krzysztof, > this would be greate. They want to start offering the service in the > beginning of next year. So it is a bit urgend. > > Best regards, > Sander > > On Mon, 2024-10-28 at 15:38 +0100, Krzysztof Benedyczak wrote: > > Hi Sander, > > > > W dniu 22.10.2024 o 11:27, Sander Apweiler pisze: > > > Hello Krzysztof, > > > sadly we have another software which requires an optional OAuth > > > element. Our storage team wants to use our unity for authN&authZ > > > against minIO. At the moment it fails because minIO expects the kid > > > claim in the token, which is optional in standard. Is there a > > > possibility to release this in unity as well? > > > > Yes, absolutely. I even think it is not so much optional... > > > > Should be easy, we can put it somewhere relatively soon on our > > roadmap. > > If this is urgent please let us know. > > > > Best, > > Krzysztof > > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2024-10-29 09:53:04
|
Good morning Krzysztof, this would be greate. They want to start offering the service in the beginning of next year. So it is a bit urgend. Best regards, Sander On Mon, 2024-10-28 at 15:38 +0100, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 22.10.2024 o 11:27, Sander Apweiler pisze: > > Hello Krzysztof, > > sadly we have another software which requires an optional OAuth > > element. Our storage team wants to use our unity for authN&authZ > > against minIO. At the moment it fails because minIO expects the kid > > claim in the token, which is optional in standard. Is there a > > possibility to release this in unity as well? > > Yes, absolutely. I even think it is not so much optional... > > Should be easy, we can put it somewhere relatively soon on our > roadmap. > If this is urgent please let us know. > > Best, > Krzysztof > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2024-10-28 14:39:12
|
Hi Sander, W dniu 22.10.2024 o 11:27, Sander Apweiler pisze: > Hello Krzysztof, > sadly we have another software which requires an optional OAuth > element. Our storage team wants to use our unity for authN&authZ > against minIO. At the moment it fails because minIO expects the kid > claim in the token, which is optional in standard. Is there a > possibility to release this in unity as well? Yes, absolutely. I even think it is not so much optional... Should be easy, we can put it somewhere relatively soon on our roadmap. If this is urgent please let us know. Best, Krzysztof |
|
From: Roman K. <ro...@un...> - 2024-10-28 09:00:22
|
Hello Sander, Thank you for clarifying this, I see your point. I believe that if Unity were more flexible with policy enforcement at the IdP level—such as allowing the configuration of specific policy enforcement for particular groups—the automation you envision might not be necessary. Is this an accurate assessment? This is something we recognize as a potential enhancement, though we currently have no plans for it in our roadmap. Thank you, Roman śr., 25 wrz 2024 o 11:57 Sander Apweiler <sa....@fz...> napisał(a): > Hello Roman, > I'm very sorry for the very long delay. > > If unity does automated management of the policy, I would expect that a > new version, creates an enquiry, which is attached to all users, who > filled up the policy so far, e.g. by adding them to a group. I would > expect this for all versions and not only for the first update. I would > also expect that the "sys:policy-agreement-state" attribute is updated. > > If there is also no automated way for this, which would be also fine, > this needs to be written clearly in the manual and administrators must > create the enquiry after policy updates by themselves. > > Please et me know if something is unclear. > > Best regards, > Sander > > > On Tue, 2024-08-20 at 11:51 +0200, Roman Krysiński wrote: > > Hello Sander, > > > > After discussion w/ the team, we believe there might be still > > misunderstanding of how Policy Documents works. > > Before going into explanations I would like to understand first your > > thinking in this regard. > > > > [Roman] > > As mentioned, if a user had an enquiry already completed, > > revision > > [Roman] > > update will not force the user to re-do the enquiry. > > [Sander] > Ok but the behaviour is not that what I would expect when > > I have policy > > [Sander] > management. Could you please add this to the manual. It > > sounds a bit > > [Sander] > strange to me that you have an automated update rotine for > > the first > > [Sander] > policy revision but not for the later ones. > > > > Can you elaborate on what is the expected behavior? > > And to what automation routine you are referring to? > > > > Thank you, > > Roman > > > > wt., 6 sie 2024 o 11:47 Sander Apweiler <sa....@fz...> > > napisał(a): > > > Good morning Roman, > > > so far we use the policies only in registration forms, not on the > > > IdP > > > level. Since we startet to use groups which have their own policies > > > and > > > updated the top level, we are using them in enquiries too. > > > > > > So far I do not see any reason for not using the IdP level. Are the > > > information (date/time and Policy version) stored in attributes > > > too? > > > And in ehich file I need to configure the policies? > > > > > > Some other comments to your previous mail are inline. > > > > > > > > > On Tue, 2024-08-06 at 11:18 +0200, Roman Krysiński wrote: > > > > Good morning Sander, > > > > > > > > Last but not least for "the third side effect" you've pointed out > > > > - > > > > would it work for you to configure this policy on IdP level? In > > > > such > > > > a case it wouldn't be even needed to create enquiries each time > > > > policy revision changes to force users to accept it. > > > > > > > > Best regards, > > > > Roman > > > > > > > > wt., 6 sie 2024 o 11:09 Roman Krysiński <ro...@un...> > > > > napisał(a): > > > > > Good morning Sander, > > > > > > > > > > Let me summarize features around "Policy documents" and I hope > > > > > that > > > > > will clarify cases you've pointed out in previous email. > > > > > > > > > > Policy documents, that can be defined in "Settings > Policy > > > > > documents" console view, itself do not bring > > > > > enforcement capabilities. > > > > > They can be used in conjunction with registration and enquiry > > > > > forms > > > > > as well as on IdP level. > > > > > * Used on registration form is useful to enforce a specific > > > > > policy > > > > > during user creation, and then record this fact in the system > > > > > (as > > > > > you pointed out in sys:policy-agreement-state attribute) > > > > > * When a policy is used at the IdP level (Vaadin-based IdPs > > > > > contain > > > > > a “Policy Agreements” tab where this can be configured), the > > > > > user > > > > > will be required to see and accept the policy after logging > > > > > into > > > > > such an IdP if the current system policy revision does not > > > > > match > > > > > the one recorded in the user’s sys:policy-agreement-state > > > > > attribute. > > > > > * Policy document can also be used in enquiry, it will be shown > > > > > there only when current system policy revision does not match > > > > > the > > > > > one recorded in the user’s sys:policy-agreement-state > > > > > attribute. In > > > > > other words if the user has already accepted the current > > > > > policy, > > > > > enquiry will not show it. The fact that the user has completed > > > > > specific enquiry is recorded in sys:FilledEnquires attribute. > > > > > > > > > > Note that changing the policy document revision does not > > > > > influence > > > > > on the sys:FilledEnquires, so if e.g. user has completed an > > > > > enquiry > > > > > of "User is requested, mandatory" type, which is configured > > > > > with a > > > > > policy, that revision has changed, then this enquiry will not > > > > > be > > > > > enforced once more. This can be done with new enquiry OR by > > > > > configuring this in IdP level. > > > > > > > > > > > We encountered on Monday the situation where we changed the > > > > > > revision of a policy from > > > > > > version 2 to version 3 (no content changes) and the user did > > > > > > not > > > > > > get > > > > > > the update enquiry because they had it already at the update > > > > > > to > > > > > > version 2. > > > > > As mentioned, if a user had an enquiry already completed, > > > > > revision > > > > > update will not force the user to re-do the enquiry. > > > Ok but the behaviour is not that what I would expect when I have > > > policy > > > management. Could you please add this to the manual. It sounds a > > > bit > > > strange to me that you have an automated update rotine for the > > > first > > > policy revision but not for the later ones. > > > > > > > > > > > We also saw that the update enquiry did not set or update the > > > > > > value > > > > > > of the sys:policy-agreement-state attribute > > > > > Can you confirm that the enquiry request in question was > > > > > accepted? > > > > > If so, could you please provide more details on how to > > > > > reproduce > > > > > the problem? > > > Yes. I added a screen shot. I also have some accounts, which has > > > only > > > the sys:FilledEnquieries attribute from the Update enquire but not > > > the > > > sys:policy-agreeement-state. > > > > > > Best regards, > > > Sander > > > > > > > > > > > > > > (...) a new user account, who agreed the latest version > > > > > > during > > > > > > the > > > > > > registration, got an empty enquiry (no checkbox and policy, > > > > > > but > > > > > > on > > > > > > cancel and submit buttons) at the first login > > > > > As noted, the policy is not shown on enquiry form, when the > > > > > user > > > > > has already accepted it. > > > > > I see your point however that this is not the best user > > > > > experience, > > > > > and there is room for improvement here. > > > > > We will think about this use case and a better handling. > > > > > > > > > > In addition to the problem reported by Piotr with enquiry we've > > > > > found three more items to address and targeted for the 4.0.1 > > > > > patch: > > > > > * Enquiry logout does not work > > > > > * Enquiries are not enforced when logging to hope ui > > > > > * Improve the layout of enquiry buttons > > > > > > > > > > Please let me know in case of any further questions. > > > > > > > > > > Best regards, > > > > > Roman > > > > > > > > > > > > > > > śr., 31 lip 2024 o 07:36 Sander Apweiler > > > > > <sa....@fz...> napisał(a): > > > > > > Good morning, > > > > > > > > > > > > the problems we found were based on unity 3.16.1. We > > > > > > encountered > > > > > > on > > > > > > Monday the situation where we changed the revision of a > > > > > > policy > > > > > > from > > > > > > version 2 to version 3 (no content changes) and the user did > > > > > > not > > > > > > get > > > > > > the update enquiry because they had it already at the update > > > > > > to > > > > > > version > > > > > > 2. We also saw that the update enquiry did not set or update > > > > > > the > > > > > > value > > > > > > of the sys:policy-agreement-state attribute. And the third > > > > > > side > > > > > > effect > > > > > > was that a new user account, who agreed the latest version > > > > > > during > > > > > > the > > > > > > registration, got an empty enquiry (no checkbox and policy, > > > > > > but > > > > > > on > > > > > > cancel and submit buttons) at the first login. Our plan was > > > > > > to > > > > > > verify > > > > > > this on unity 4, before we report those issues. > > > > > > > > > > > > Best regards, > > > > > > Sander > > > > > > > > > > > > > > > > > > On Tue, 2024-07-30 at 15:05 +0200, Piotr Piernik wrote: > > > > > > > Dear Sander > > > > > > > Generally If the policy has changed with the revision > > > > > > > number > > > > > > > increase, > > > > > > > it should appear to users automatically. > > > > > > > Could you please provide more details in which scenario it > > > > > > > won't > > > > > > > work? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards > > > > > > > Piotr > > > > > > > > > > > > > > W dniu 30.07.2024 o 12:36, Sander Apweiler pisze: > > > > > > > > Dear Piotr, > > > > > > > > nice to hear you found the reason. Can you answer my > > > > > > > > second > > > > > > > > question as > > > > > > > > well? We found some issues regarding policies in our > > > > > > > > 3.16.1 > > > > > > > > instances > > > > > > > > and we are not sure if the problems based on our > > > > > > > > misconfiguration > > > > > > > > or > > > > > > > > unity. > > > > > > > > > > > > > > > > Best regards, > > > > > > > > Sander > > > > > > > > > > > > > > > > > > > > > > > > On Tue, 2024-07-30 at 12:20 +0200, Piotr Piernik wrote: > > > > > > > > > > > > > > > > > > Dear Sander > > > > > > > > > We have problem in policy document editor - saves > > > > > > > > > optional > > > > > > > > > policy > > > > > > > > > documents as mandatory and vice versa. > > > > > > > > > We will fix it in 4.0.1 patch. > > > > > > > > > > > > > > > > > > Best regards > > > > > > > > > Piotr > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > W dniu 30.07.2024 o 07:13, Sander Apweiler pisze: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Good morning Krzysztof, > > > > > > > > > > good morning Roman, > > > > > > > > > > > > > > > > > > > > we found another bug in unity 4. We created a > > > > > > > > > > mandatory > > > > > > > > > > policy > > > > > > > > > > (see > > > > > > > > > > 1st > > > > > > > > > > screenshot) and added it to the registration form > > > > > > > > > > (see > > > > > > > > > > 2nd > > > > > > > > > > screenshot). > > > > > > > > > > This policy should be mandatory but I can register > > > > > > > > > > without > > > > > > > > > > confirmation > > > > > > > > > > of the policy. > > > > > > > > > > > > > > > > > > > > Another question regarding policies because I do not > > > > > > > > > > remember > > > > > > > > > > and > > > > > > > > > > the > > > > > > > > > > manual is not that clear in this point. When I create > > > > > > > > > > a > > > > > > > > > > new > > > > > > > > > > version > > > > > > > > > > of > > > > > > > > > > a policy, is the confirmation of the new version > > > > > > > > > > shown to > > > > > > > > > > all > > > > > > > > > > users > > > > > > > > > > or > > > > > > > > > > do I need to create enquieries manually? > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > Sander > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > Unity-idm-discuss mailing list > > > > > > > > > > Uni...@li... > > > > > > > > > > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > |
|
From: Sander A. <sa....@fz...> - 2024-10-22 09:27:32
|
Hello Krzysztof, sadly we have another software which requires an optional OAuth element. Our storage team wants to use our unity for authN&authZ against minIO. At the moment it fails because minIO expects the kid claim in the token, which is optional in standard. Is there a possibility to release this in unity as well? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
