Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Sander A. <sa....@fz...> - 2018-07-04 07:35:01
|
And in 2.5.0. We checked it on another instance. Cheers, Sander Am Mittwoch, den 04.07.2018, 09:11 +0200 schrieb Krzysztof Benedyczak: > Sander, > > W dniu 04.07.2018 o 07:09, Sander Apweiler pisze: > > Hi Krzysztof, > > > > We tested our servers and see that FS/PFS is not supported by our > > instances at the moment. Does unity/jetty support the (Perfect) > > Forward > > Secrecy? I had a look in the manual but I didn't fount it, using > > the > > buzzword FPS/FS or Forward Secrecy. > > You mean for TLS ? Then it should be matter of restricting you > ciphersuites to what Ephemeral Diffie-Helman alg. > > Best > Krzysztof -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2018-07-04 07:33:46
|
2.4.2. Sorry I forgot to enter it. Cheers, Sander Am Mittwoch, den 04.07.2018, 09:07 +0200 schrieb Krzysztof Benedyczak: > Sander, > > W dniu 03.07.2018 o 14:57, Sander Apweiler pisze: > > Hi Krzysztof, > > > > We want to copy some attributes from root group to subgroups by > > unsing > > attribute statements. One of the attributes is an enumeration with > > "low", "medium" and "high" as values. This action causes a problem > > because "low" can not be deserialized to enumeration. > > > > The attribute statement is: > > Use attributes from extra group: check > > Extra group with attributes: / > > Condition: eattr contains 'loa' > > Create dynamic attribute: check > > Dynamic attribute name: loa > > Dynamic attribute values expression: eattr['loa'] > > Conflict resolution: skip > > > > The error is the same if I use eattrs instead of eattr. > > > > The log error is: > > 2018-07-03T14:45:19,420 [qtp605660635-32383] DEBUG > > unity.server.AttributeStatementProcessor: [[AttrStmnt 1 in > > /eudat:b2access:admin for entity 1059]]Can't convert attribute > > values > > returned by the statement's expression to the type of attribute > > loa, > > skipping it > > pl.edu.icm.unity.exceptions.IllegalAttributeValueException: High > > can > > not be deserialized to enumeration > > > > Which version? > > Best > KB -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2018-07-04 07:12:07
|
Sander, W dniu 04.07.2018 o 07:09, Sander Apweiler pisze: > Hi Krzysztof, > > We tested our servers and see that FS/PFS is not supported by our > instances at the moment. Does unity/jetty support the (Perfect) Forward > Secrecy? I had a look in the manual but I didn't fount it, using the > buzzword FPS/FS or Forward Secrecy. You mean for TLS ? Then it should be matter of restricting you ciphersuites to what Ephemeral Diffie-Helman alg. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2018-07-04 07:07:49
|
Sander, W dniu 03.07.2018 o 14:57, Sander Apweiler pisze: > Hi Krzysztof, > > We want to copy some attributes from root group to subgroups by unsing > attribute statements. One of the attributes is an enumeration with > "low", "medium" and "high" as values. This action causes a problem > because "low" can not be deserialized to enumeration. > > The attribute statement is: > Use attributes from extra group: check > Extra group with attributes: / > Condition: eattr contains 'loa' > Create dynamic attribute: check > Dynamic attribute name: loa > Dynamic attribute values expression: eattr['loa'] > Conflict resolution: skip > > The error is the same if I use eattrs instead of eattr. > > The log error is: > 2018-07-03T14:45:19,420 [qtp605660635-32383] DEBUG > unity.server.AttributeStatementProcessor: [[AttrStmnt 1 in > /eudat:b2access:admin for entity 1059]]Can't convert attribute values > returned by the statement's expression to the type of attribute loa, > skipping it > pl.edu.icm.unity.exceptions.IllegalAttributeValueException: High can > not be deserialized to enumeration > Which version? Best KB |
|
From: Krzysztof B. <kb...@un...> - 2018-07-04 07:06:49
|
W dniu 03.07.2018 o 16:22, Nikolaos Evangelou pisze:
> Hello Krzysztof,
>
> I’m testing your suggestion to create a separate oauth authorization
> endpoint, but I got some issues. When I make an authentication request
> to the new endpoint, I go directly to the login page of my preselected
> IdP (as expected) but after the login I got stack to
> ${new_endpoint}/oauth2-authz-web-entry portal, and I’m asked to login
> again. Do you have any suggestion to deal with this issue?
Can you evaluate debug logs carefully, together with web browser logs?
What happens there, what is precise flow of redirections? Visually this
effect in web browser can be due many reasons - up to situation where
everything works but your client is redirecting to Unity again as it
doesn't accept your new endpoint.
Best,
Krzysztof
|
|
From: Bernd S. <b.s...@fz...> - 2018-07-04 07:04:39
|
hi Sander, you could exclude all the cipher suites that do not support (P)PS using the unityServer.core.httpServer.disabledCipherSuites property. This also supports regular expressions to specify the unwanted cipher suites. I also found this helpful (search for 'Forward Secrecy') https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html Best regards, Bernd On 04.07.2018 07:09, Sander Apweiler wrote: > Hi Krzysztof, > > We tested our servers and see that FS/PFS is not supported by our > instances at the moment. Does unity/jetty support the (Perfect) Forward > Secrecy? I had a look in the manual but I didn't fount it, using the > buzzword FPS/FS or Forward Secrecy. > > Best regards, > Sander > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > -- Dr. Bernd Schuller Federated Systems and Data, Juelich Supercomputing Centre http://www.fz-juelich.de/ias/jsc/EN/Home/home_node.html Phone: +49 246161-8736 (fax -8556) ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Sander A. <sa....@fz...> - 2018-07-04 05:10:15
|
Hi Krzysztof, We tested our servers and see that FS/PFS is not supported by our instances at the moment. Does unity/jetty support the (Perfect) Forward Secrecy? I had a look in the manual but I didn't fount it, using the buzzword FPS/FS or Forward Secrecy. Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Nikolaos E. <ni...@ad...> - 2018-07-03 14:22:53
|
Hello Krzysztof,
I’m testing your suggestion to create a separate oauth authorization endpoint, but I got some issues. When I make an authentication request to the new endpoint, I go directly to the login page of my preselected IdP (as expected) but after the login I got stack to ${new_endpoint}/oauth2-authz-web-entry portal, and I’m asked to login again. Do you have any suggestion to deal with this issue?
Regards,
Nick
On 28 Jun 2018, at 09:46, Nikolaos Evangelou <ni...@ad...<mailto:ni...@ad...>> wrote:
Hello Krzysztof,
I have a different approach for this subject. The users are using a web portal where they request tokens from a client of b2access.
The request is: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile>
After that the flow will throw the users here: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry to login
Is it possible, instead of the previous url, to redirect the users in this login screen https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry?uy_select_authn=samlWeb.marine&uy_auto_login=true for that specific client?
I have tried to pass these parameters to the authorisation request (like this https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile> ) but it doesn’t work.
Best Regards,
Nick
On 8 Jun 2018, at 11:59, Nikolaos Evangelou <ni...@ad...<mailto:ni...@ad...>> wrote:
Hi Krzysztof,
Let me explain the process with more details. The oauth authorisation flow is: the user sends a authorisation request to /oauth2-authz endpoint (using a web application client) he would redirect to b2access development instance and select an IdP. After login he will be redirected back to the client with a token. The change we want to make to this flow is to preselect a specific IdP for the user for this specific client. Can unity provide this option?
Regards,
Nick
On 8 Jun 2018, at 10:38, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote:
Hi Nikolaos,
W dniu 07.06.2018 o 13:30, Nikolaos Evangelou pisze:
Hello Krzysztof,
Based on this session of the unity idm documentation http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I managed to preselect an IdP and auto login using the parameters ?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true . It’s possible to make a OIDC authorization request with preselected IdP for a specific client?
I'm not sure if I understand the question. As you succeeded with auto-login with those options, which are provided by a client, you should be able to selectively use them only for your specific client.
If the problem is that you can use those special query params for that client, you can enable this server-side. Create a separate oauth authorization endpoint in Unity and configure it to auto-login all clients (unity.endpoint.web.autoLogin=true). Then point your specific client to that endpoint.
Best
Krzysztof
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! http://sdm.link/slashdot_______________________________________________
Unity-idm-discuss mailing list
Uni...@li...<mailto:Uni...@li...>
https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________
Unity-idm-discuss mailing list
Uni...@li...<mailto:Uni...@li...>
https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
|
|
From: Sander A. <sa....@fz...> - 2018-07-03 12:58:06
|
Hi Krzysztof, We want to copy some attributes from root group to subgroups by unsing attribute statements. One of the attributes is an enumeration with "low", "medium" and "high" as values. This action causes a problem because "low" can not be deserialized to enumeration. The attribute statement is: Use attributes from extra group: check Extra group with attributes: / Condition: eattr contains 'loa' Create dynamic attribute: check Dynamic attribute name: loa Dynamic attribute values expression: eattr['loa'] Conflict resolution: skip The error is the same if I use eattrs instead of eattr. The log error is: 2018-07-03T14:45:19,420 [qtp605660635-32383] DEBUG unity.server.AttributeStatementProcessor: [[AttrStmnt 1 in /eudat:b2access:admin for entity 1059]]Can't convert attribute values returned by the statement's expression to the type of attribute loa, skipping it pl.edu.icm.unity.exceptions.IllegalAttributeValueException: High can not be deserialized to enumeration Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2018-06-29 12:17:40
|
Hi W dniu 29.06.2018 o 13:48, Shiraz Memon pisze: > Hi, > > Sometimes it happens that a user can be found in a subgroup but not in > its parent (in my case root) group. I found the following error in the > logs, I am not exactly sure if the error is related to the unexpected > behavior. This was already submitted few times by other users. Bug, rather not critical (something related to UI loading - I guess after logout you should have this cleared). Fix was released in 2.5.0 Cheers KB |
|
From: Shiraz M. <a....@fz...> - 2018-06-29 11:51:07
|
Sorry, I forgot to provide the unity version, which is 2.4.2.
On Fri, Jun 29, 2018 at 1:48 PM Shiraz Memon <a....@fz...<mailto:a....@fz...>> wrote:
Hi,
Sometimes it happens that a user can be found in a subgroup but not in its parent (in my case root) group. I found the following error in the logs, I am not exactly sure if the error is related to the unexpected behavior.
2018-06-29T13:19:41,613 [qtp2099033503-11041] ERROR unity.server.web.IdentitiesComponent: Problem retrieving group contents of /
java.lang.NullPointerException: null
at pl.edu.icm.unity.webadmin.identities.EntitiesLoader.reload(EntitiesLoader.java:83) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesGrid.showGroup(IdentitiesGrid.java:223) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesComponent.setGroup(IdentitiesComponent.java:359) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesComponent.lambda$new$8(IdentitiesComponent.java:301) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webui.bus.EventsBus.fireEvent(EventsBus.java:56) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.attributetype.AttributeTypesComponent.refresh(AttributeTypesComponent.java:144) [unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.attributetype.AttributeTypesComponent.<init>(AttributeTypesComponent.java:133) [unity-server-web-admin-2.4.2.jar:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [?:1.8.0_72-internal]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_72-internal]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_72-internal]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_72-internal]
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:170) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:271) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:815) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolvePreparedArguments(ConstructorResolver.java:764) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:131) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:815) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolvePreparedArguments(ConstructorResolver.java:764) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:131) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1085) [spring-context-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at pl.edu.icm.unity.webui.VaadinUIProvider.createInstance(VaadinUIProvider.java:90) [unity-server-web-common-2.4.2.jar:?]
at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:199) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:76) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1601) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:445) [vaadin-server-8.2.1.jar:8.2.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoProtectedResource(AuthenticationFilter.java:182) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:104) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.VaadinEndpoint$ForwadSerlvet.service(VaadinEndpoint.java:329) [unity-server-web-common-2.4.2.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:77) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) [unity-server-engine-api-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
...
Cheers,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Shiraz M. <a....@fz...> - 2018-06-29 11:49:18
|
Hi,
Sometimes it happens that a user can be found in a subgroup but not in its parent (in my case root) group. I found the following error in the logs, I am not exactly sure if the error is related to the unexpected behavior.
2018-06-29T13:19:41,613 [qtp2099033503-11041] ERROR unity.server.web.IdentitiesComponent: Problem retrieving group contents of /
java.lang.NullPointerException: null
at pl.edu.icm.unity.webadmin.identities.EntitiesLoader.reload(EntitiesLoader.java:83) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesGrid.showGroup(IdentitiesGrid.java:223) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesComponent.setGroup(IdentitiesComponent.java:359) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.identities.IdentitiesComponent.lambda$new$8(IdentitiesComponent.java:301) ~[unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webui.bus.EventsBus.fireEvent(EventsBus.java:56) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.attributetype.AttributeTypesComponent.refresh(AttributeTypesComponent.java:144) [unity-server-web-admin-2.4.2.jar:?]
at pl.edu.icm.unity.webadmin.attributetype.AttributeTypesComponent.<init>(AttributeTypesComponent.java:133) [unity-server-web-admin-2.4.2.jar:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [?:1.8.0_72-internal]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_72-internal]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_72-internal]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_72-internal]
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:170) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:271) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:815) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolvePreparedArguments(ConstructorResolver.java:764) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:131) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:815) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.resolvePreparedArguments(ConstructorResolver.java:764) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:131) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1270) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1115) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:502) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:330) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) [spring-beans-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1085) [spring-context-5.0.3.RELEASE.jar:5.0.3.RELEASE]
at pl.edu.icm.unity.webui.VaadinUIProvider.createInstance(VaadinUIProvider.java:90) [unity-server-web-common-2.4.2.jar:?]
at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:199) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:76) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1601) [vaadin-server-8.2.1.jar:8.2.1]
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:445) [vaadin-server-8.2.1.jar:8.2.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoProtectedResource(AuthenticationFilter.java:182) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:104) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.VaadinEndpoint$ForwadSerlvet.service(VaadinEndpoint.java:329) [unity-server-web-common-2.4.2.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) [unity-server-web-common-2.4.2.jar:?]
at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:77) [unity-server-web-common-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) [unity-server-engine-api-2.4.2.jar:?]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) [jetty-server-9.4.8.v20171121.jar:9.4.8.v20171121]
...
Cheers,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Nikolaos E. <ni...@ad...> - 2018-06-28 06:46:23
|
Hello Krzysztof, I have a different approach for this subject. The users are using a web portal where they request tokens from a client of b2access. The request is: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile> After that the flow will throw the users here: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry to login Is it possible, instead of the previous url, to redirect the users in this login screen https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry?uy_select_authn=samlWeb.marine&uy_auto_login=true for that specific client? I have tried to pass these parameters to the authorisation request (like this https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile> ) but it doesn’t work. Best Regards, Nick On 8 Jun 2018, at 11:59, Nikolaos Evangelou <ni...@ad...<mailto:ni...@ad...>> wrote: Hi Krzysztof, Let me explain the process with more details. The oauth authorisation flow is: the user sends a authorisation request to /oauth2-authz endpoint (using a web application client) he would redirect to b2access development instance and select an IdP. After login he will be redirected back to the client with a token. The change we want to make to this flow is to preselect a specific IdP for the user for this specific client. Can unity provide this option? Regards, Nick On 8 Jun 2018, at 10:38, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote: Hi Nikolaos, W dniu 07.06.2018 o 13:30, Nikolaos Evangelou pisze: Hello Krzysztof, Based on this session of the unity idm documentation http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I managed to preselect an IdP and auto login using the parameters ?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true . It’s possible to make a OIDC authorization request with preselected IdP for a specific client? I'm not sure if I understand the question. As you succeeded with auto-login with those options, which are provided by a client, you should be able to selectively use them only for your specific client. If the problem is that you can use those special query params for that client, you can enable this server-side. Create a separate oauth authorization endpoint in Unity and configure it to auto-login all clients (unity.endpoint.web.autoLogin=true). Then point your specific client to that endpoint. Best Krzysztof ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________ Unity-idm-discuss mailing list Uni...@li...<mailto:Uni...@li...> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss |
|
From: Sander A. <sa....@fz...> - 2018-06-27 05:13:16
|
Hi Krzysztof, thank you very much for the information. I searched for delegation in the document and found only the outdated statement. Best regards, Sander Am Dienstag, den 26.06.2018, 21:28 +0200 schrieb Krzysztof Benedyczak: > Hi Sander, > > Oauth token delegation is already possible in Unity. See section > > 14.11.6. Token exchange > > in the manual. > > Best > Krzysztof -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2018-06-26 19:28:17
|
Hi Sander, Oauth token delegation is already possible in Unity. See section 14.11.6. Token exchange in the manual. Best Krzysztof |
|
From: Sander A. <sa....@fz...> - 2018-06-26 07:15:05
|
Hi Krzysztof, One of our SPs has asked for oauth token delegation. In manual I found: "Therefore the current implementation of the OAuth RP authenticator will be modified in future to fully support a delegation approach, instead of impersonation." So I guess it is not there yet. Do you have a plan when it will be implemented? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2018-06-24 12:30:31
|
Hi Sander,
W dniu 22.06.2018 o 11:46, Sander Apweiler pisze:
> Hi Krzysztof,
>
> I had an issue with the password/secret of an oauth client. The
> password was working in web UI but not for OAuth request.
>
> For Ouath requests the log says:
> 2018-06-22T10:55:19,538 [qtp1457383927-4307] DEBUG
> unity.server.PasswordVerificator: Password provided by MY-OAUTH-CLIENT-
> NAME is invalid
> 2018-06-22T10:55:19,539 [qtp1457383927-4307] DEBUG
> unity.server.rest.AuthenticationInterceptor: Authentication set failed
> to authenticate the client, will try another:
> pl.edu.icm.unity.engine.api.authn.AuthenticationException:
> AuthenticationProcessorUtil.authnFailed
> 2018-06-22T10:55:19,539 [qtp1457383927-4307]
> INFO unity.server.rest.AuthenticationInterceptor: Authentication
> failed for client
> 2018-06-22T10:55:19,539 [qtp1457383927-4307]
> WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http
> ://token.as.oauth.unity.icm.edu.pl/}UserInfoResource has thrown
> exception, unwinding now
> org.apache.cxf.interceptor.Fault: Invalid user name, credential or
> external authentication failed.
Wooo hoo - yes, that's a bug. A funny story after all: OAuth is using
HTTP Basic authn... almost. It additionally requires to URL encode
username and password, before applying to it the HTTP basic syntax[*].
Unity (by means of 3rd party lib) is doing this when making OAuth
requests. But the verification of them is always using the vanilla HTTP
Basic spec so do not URL decode.
Turned out to be pretty complex to get it right, but from 2.6.0 the HTTP
basic authenticator, when deployed on OAuth token endpoint, will perform
additional step of URL decode.
Thanks for noticing this
KB
[*] - my guess is that the reason for this is to allow to have usernames
with colon inside - what is not possible with plain HTTP basic.
|
|
From: Sander A. <sa....@fz...> - 2018-06-22 09:48:36
|
Hi Krzysztof,
I had an issue with the password/secret of an oauth client. The
password was working in web UI but not for OAuth request.
For Ouath requests the log says:
2018-06-22T10:55:19,538 [qtp1457383927-4307] DEBUG
unity.server.PasswordVerificator: Password provided by MY-OAUTH-CLIENT-
NAME is invalid
2018-06-22T10:55:19,539 [qtp1457383927-4307] DEBUG
unity.server.rest.AuthenticationInterceptor: Authentication set failed
to authenticate the client, will try another:
pl.edu.icm.unity.engine.api.authn.AuthenticationException:
AuthenticationProcessorUtil.authnFailed
2018-06-22T10:55:19,539 [qtp1457383927-4307]
INFO unity.server.rest.AuthenticationInterceptor: Authentication
failed for client
2018-06-22T10:55:19,539 [qtp1457383927-4307]
WARN org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http
://token.as.oauth.unity.icm.edu.pl/}UserInfoResource has thrown
exception, unwinding now
org.apache.cxf.interceptor.Fault: Invalid user name, credential or
external authentication failed.
The password I got the issue is: M)k{6nxLW#p*3V,d2'yk
If I change to a password without any additional chars, it works
Best regards,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
|
From: Nikolaos E. <ni...@ad...> - 2018-06-08 08:59:45
|
Hi Krzysztof, Let me explain the process with more details. The oauth authorisation flow is: the user sends a authorisation request to /oauth2-authz endpoint (using a web application client) he would redirect to b2access development instance and select an IdP. After login he will be redirected back to the client with a token. The change we want to make to this flow is to preselect a specific IdP for the user for this specific client. Can unity provide this option? Regards, Nick On 8 Jun 2018, at 10:38, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote: Hi Nikolaos, W dniu 07.06.2018 o 13:30, Nikolaos Evangelou pisze: Hello Krzysztof, Based on this session of the unity idm documentation http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I managed to preselect an IdP and auto login using the parameters ?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true . It’s possible to make a OIDC authorization request with preselected IdP for a specific client? I'm not sure if I understand the question. As you succeeded with auto-login with those options, which are provided by a client, you should be able to selectively use them only for your specific client. If the problem is that you can use those special query params for that client, you can enable this server-side. Create a separate oauth authorization endpoint in Unity and configure it to auto-login all clients (unity.endpoint.web.autoLogin=true). Then point your specific client to that endpoint. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2018-06-08 07:38:51
|
Hi Nikolaos, W dniu 07.06.2018 o 13:30, Nikolaos Evangelou pisze: > Hello Krzysztof, > > Based on this session of the unity idm documentation > http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I > managed to preselect an IdP and auto login using the parameters > ?uy_select_authn=samlWeb.${|authenticationOptionId}|&uy_auto_login=true . > It’s possible to make a OIDC authorization request with preselected > IdP for a specific client? > I'm not sure if I understand the question. As you succeeded with auto-login with those options, which are provided by a client, you should be able to selectively use them only for your specific client. If the problem is that you can use those special query params for that client, you can enable this server-side. Create a separate oauth authorization endpoint in Unity and configure it to auto-login all clients (|unity.endpoint.web.autoLogin=true|). Then point your specific client to that endpoint. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2018-06-08 07:30:16
|
Hi Sander, W dniu 06.06.2018 o 15:08, Sander Apweiler pisze: > Hi Krzysztof, > > One of our SPs contacted me with a problem about OpenID Connect > specification. > > He said, that email_verified (attrObj > ['email'][0].getConfirmationInfo().isConfirmed()) is a string and not a > boolean as required by the specification (see Section 5.1 Standard > Claims, [1]). > > Is there an easy way to transform the string into a boolean? I'll need to verify this statement, but I'm afraid that in case of OAuth we are currently limited to strings... Output data type translation was never implemented properly as brings minimal benefits (2 or 3 OIDC attrs). But certainly we have to fix this, I will think how we can approach this topic without introducing another level of complexity. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2018-06-08 07:23:28
|
Hi Sadner, W dniu 06.06.2018 o 11:08, Sander Apweiler pisze: > Hi Krzysztof, > > I found a security issue for contents manages. If a users has > sys:AuthorizationRole Contents Manager, the user is able to "update" > his privileges and set the sys:AuthorizationRole to System Manager. > After a new login the user controls the whole system. > > IMHO the update of this attribute beyond the own role must be prohibit. > Yeah, you are right, opening a ticket for this. Thanks, Krzysztof |
|
From: Nikolaos E. <ni...@ad...> - 2018-06-07 11:47:43
|
Hello Krzysztof, Based on this session of the unity idm documentation http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I managed to preselect an IdP and auto login using the parameters ?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true . It’s possible to make a OIDC authorization request with preselected IdP for a specific client? Regards, Nick |
|
From: Sander A. <sa....@fz...> - 2018-06-07 05:22:48
|
Hi Krzysztof,
this issue is solved.
Best regards,
Sander
Am Mittwoch, den 06.06.2018, 09:53 +0200 schrieb Sander Apweiler:
> Hi Krzysztof,
>
> I have an issue with userhome in unity 2.4.2.
>
> I added some additional attributes like o and loa but they are not
> shown in userhome although they are set for the user. Also the
> account
> linking, which is disabled in config is still shown.
>
> Do you have any idea for this issue? See userhome config in
> attachment.
>
> The config from core.module is:
> unityServer.core.endpoints.userHome.endpointType=UserHomeUI
> unityServer.core.endpoints.userHome.endpointConfigurationFile=${CONF}
> /m
> odules/core/userhome.properties
> unityServer.core.endpoints.userHome.contextPath=/home
> unityServer.core.endpoints.userHome.endpointRealm=defaultRealm
> unityServer.core.endpoints.userHome.endpointName=B2ACCESS user's
> account
> unityServer.core.endpoints.userHome.endpointAuthenticators=pwdWeb;cer
> tW
> eb;samlWeb;oauthWeb;
>
> Best regards,
> Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
