Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Shiraz M. <a....@fz...> - 2017-05-02 07:29:56
|
Hi Krzysztof / Willem, Similar behavior has been observed when a user consent screen is shown, see second last row in the snapshot below. [Inline image 1] Cheers, Shiraz On Mon, May 1, 2017 at 1:03 PM, Willem Elbers <wi...@cl...<mailto:wi...@cl...>> wrote: Dear Krzysztof, we have noticed that for one of our attributes (unlimited free text), supplied via a registration form, the content is truncated "[...]" in the accept registration window. Is there any way to view the full content of the attribute, before accepting the request from the UI? Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu<http://www.clarin.eu> | tel: +31-(0)85-0091277<tel:%2B31-%280%2985-0091277> | skype: wjm.elbers ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Unity-idm-discuss mailing list Uni...@li...<mailto:Uni...@li...> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899<tel:02461%20616899> Fax: +49 2461 61 6656<tel:02461%20616656> ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Willem E. <wi...@cl...> - 2017-05-01 11:03:53
|
Dear Krzysztof, we have noticed that for one of our attributes (unlimited free text), supplied via a registration form, the content is truncated "[...]" in the accept registration window. Is there any way to view the full content of the attribute, before accepting the request from the UI? Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Roman K. <rkr...@gm...> - 2017-04-28 07:42:31
|
Hi Shiraz, I'm glad that the problem was solved. I'll open the ticket to investigate this, so this is not forgotten. Thank you, Roman On Thu, Apr 27, 2017 at 6:34 PM, Shiraz Memon <a....@fz...> wrote: > Hi Krzysztof, > > The problems have been resolved by deleting the unused translation > profiles. But still wonder why did that happen. > > Cheers, > Shiraz > > On Thu, Apr 27, 2017 at 6:09 PM, Shiraz Memon <a....@fz...> > wrote: > >> Hi Krzyzstof, >> >> I have seen a number of errors in log file, they are mostly related to >> (output(?)) translation profile. This happens when I had started the unity >> server after upgrading from v1.9.5. >> >> 2017-04-27 17:58:45,973 [qtp8633103-38] ERROR >> unity.server.TranslationActionInstance - Can not load action >> createAttribute with parameters: [urn:oid:2.5.4.49, >> '/C=DE/L=Juelich/O=FZJ/OU=JSC/CN=' + idsByType['persistent'][0] + >> '/CN='+attr['cn']]. This action will be ignor >> ed during profile's execution. Fix the action definition. This problem >> can occur after system reconfiguration when action definition becomes >> obsolete (e.g. using not existing attribute) >> java.lang.IllegalArgumentException: Action requires min 3 parameters >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory$CreateAttributeAction.setParameters(CreateAttribute >> ActionFactory.java:124) >> ... >> >> 2017-04-27 18:01:01,994 [qtp8633103-38] ERROR >> unity.server.TranslationActionInstance - Can not load action >> createAttribute with parameters: [urn:oid:1.3.6.1.4.1.5923.1.1.1.13, >> idsByType['persistent']]. This action will be ignored during profile's >> execution. Fix the acti >> on definition. This problem can occur after system reconfiguration when >> action definition becomes obsolete (e.g. using not existing attribute) >> java.lang.IllegalArgumentException: Action requires min 3 parameters >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124) >> >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83) >> >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory.getInstance(CreateAttributeActionFactory.java:68) >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory.getInstance(CreateAttributeActionFactory.java:35) >> at pl.edu.icm.unity.server.translation.TranslationProfileInstan >> ce.loadAction(TranslationProfileInstance.java:80) >> at pl.edu.icm.unity.server.translation.TranslationProfileInstan >> ce.initInstance(TranslationProfileInstance.java:66) >> at pl.edu.icm.unity.server.translation.TranslationProfileInstan >> ce.<init>(TranslationProfileInstance.java:39) >> at pl.edu.icm.unity.server.translation.out.OutputTranslationPro >> file.<init>(OutputTranslationProfile.java:53) >> at pl.edu.icm.unity.engine.TranslationProfileManagementImpl. >> makeInstance(TranslationProfileManagementImpl.java:135) >> at pl.edu.icm.unity.engine.TranslationProfileManagementImpl. >> listProfiles(TranslationProfileManagementImpl.java:121) >> at pl.edu.icm.unity.engine.TranslationProfileManagementImpl. >> listOutputProfiles(TranslationProfileManagementImpl.java:107) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> .... >> >> 2017-04-27 18:01:01,994 [qtp8633103-38] ERROR >> unity.server.TranslationActionInstance - Can not load action >> createAttribute with parameters: [memberOf, groups]. This action will be >> ignored during profile's execution. Fix the action definition. This problem >> can occur afte >> r system reconfiguration when action definition becomes obsolete (e.g. >> using not existing attribute) >> java.lang.IllegalArgumentException: Action requires min 3 parameters >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124) >> >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83) >> >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory.getInstance(CreateAttributeActionFactory.java:68) >> at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActio >> nFactory.getInstance(CreateAttributeActionFactory.java:35) >> ... >> many more >> >> May be I have forgotten something while upgrading the release? Do you >> have any hints how to resolve them? >> >> Best, >> Shiraz >> -- >> Shiraz Memon >> Federated Systems and Data >> Jülich Supercomputing Centre (JSC) >> >> Phone: +49 2461 61 6899 <02461%20616899> >> Fax: +49 2461 61 6656 <02461%20616656> >> > > > > -- > Shiraz Memon > Federated Systems and Data > Jülich Supercomputing Centre (JSC) > > Phone: +49 2461 61 6899 <+49%202461%20616899> > Fax: +49 2461 61 6656 <+49%202461%20616656> > > > ------------------------------------------------------------ > ------------------------------------ > ------------------------------------------------------------ > ------------------------------------ > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------ > ------------------------------------ > ------------------------------------------------------------ > ------------------------------------ > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > -- Roman Nothing is impossible; impossible itself says "I m possible"... |
|
From: Shiraz M. <a....@fz...> - 2017-04-27 16:36:40
|
Hi Krzysztof,
The problems have been resolved by deleting the unused translation profiles. But still wonder why did that happen.
Cheers,
Shiraz
On Thu, Apr 27, 2017 at 6:09 PM, Shiraz Memon <a....@fz...<mailto:a....@fz...>> wrote:
Hi Krzyzstof,
I have seen a number of errors in log file, they are mostly related to (output(?)) translation profile. This happens when I had started the unity server after upgrading from v1.9.5.
2017-04-27 17:58:45,973 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [urn:oid:2.5.4.49, '/C=DE/L=Juelich/O=FZJ/OU=JSC/CN=' + idsByType['persistent'][0] + '/CN='+attr['cn']]. This action will be ignor
ed during profile's execution. Fix the action definition. This problem can occur after system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
...
2017-04-27 18:01:01,994 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [urn:oid:1.3.6.1.4.1.5923.1.1.1.13, idsByType['persistent']]. This action will be ignored during profile's execution. Fix the acti
on definition. This problem can occur after system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:68)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:35)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.loadAction(TranslationProfileInstance.java:80)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.initInstance(TranslationProfileInstance.java:66)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.<init>(TranslationProfileInstance.java:39)
at pl.edu.icm.unity.server.translation.out.OutputTranslationProfile.<init>(OutputTranslationProfile.java:53)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.makeInstance(TranslationProfileManagementImpl.java:135)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.listProfiles(TranslationProfileManagementImpl.java:121)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.listOutputProfiles(TranslationProfileManagementImpl.java:107)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
....
2017-04-27 18:01:01,994 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [memberOf, groups]. This action will be ignored during profile's execution. Fix the action definition. This problem can occur afte
r system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:68)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:35)
...
many more
May be I have forgotten something while upgrading the release? Do you have any hints how to resolve them?
Best,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899<tel:02461%20616899>
Fax: +49 2461 61 6656<tel:02461%20616656>
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Shiraz M. <a....@fz...> - 2017-04-27 16:10:41
|
Hi Krzyzstof,
I have seen a number of errors in log file, they are mostly related to (output(?)) translation profile. This happens when I had started the unity server after upgrading from v1.9.5.
2017-04-27 17:58:45,973 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [urn:oid:2.5.4.49, '/C=DE/L=Juelich/O=FZJ/OU=JSC/CN=' + idsByType['persistent'][0] + '/CN='+attr['cn']]. This action will be ignor
ed during profile's execution. Fix the action definition. This problem can occur after system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
...
2017-04-27 18:01:01,994 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [urn:oid:1.3.6.1.4.1.5923.1.1.1.13, idsByType['persistent']]. This action will be ignored during profile's execution. Fix the acti
on definition. This problem can occur after system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:68)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:35)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.loadAction(TranslationProfileInstance.java:80)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.initInstance(TranslationProfileInstance.java:66)
at pl.edu.icm.unity.server.translation.TranslationProfileInstance.<init>(TranslationProfileInstance.java:39)
at pl.edu.icm.unity.server.translation.out.OutputTranslationProfile.<init>(OutputTranslationProfile.java:53)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.makeInstance(TranslationProfileManagementImpl.java:135)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.listProfiles(TranslationProfileManagementImpl.java:121)
at pl.edu.icm.unity.engine.TranslationProfileManagementImpl.listOutputProfiles(TranslationProfileManagementImpl.java:107)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
....
2017-04-27 18:01:01,994 [qtp8633103-38] ERROR unity.server.TranslationActionInstance - Can not load action createAttribute with parameters: [memberOf, groups]. This action will be ignored during profile's execution. Fix the action definition. This problem can occur afte
r system reconfiguration when action definition becomes obsolete (e.g. using not existing attribute)
java.lang.IllegalArgumentException: Action requires min 3 parameters
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.setParameters(CreateAttributeActionFactory.java:124)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory$CreateAttributeAction.<init>(CreateAttributeActionFactory.java:83)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:68)
at pl.edu.icm.unity.stdext.translation.out.CreateAttributeActionFactory.getInstance(CreateAttributeActionFactory.java:35)
...
many more
May be I have forgotten something while upgrading the release? Do you have any hints how to resolve them?
Best,
Shiraz
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
|
From: Sander A. <sa....@fz...> - 2017-04-26 05:15:49
|
Hi Krzysztof, thank you for your efforts. The IdP was from CSC. If it appears again, I will contact you again. Best regards, Sander Am Dienstag, den 25.04.2017, 21:45 +0200 schrieb Krzysztof Benedyczak: > Hi Sander, > > W dniu 19.04.2017 o 12:22, Krzysztof Benedyczak pisze: > > Hi Sander, > > > > W dniu 19.04.2017 o 11:34, Sander Apweiler pisze: > > > Hi Krzysztof, > > > > > > I got a problem report by an user about broken login with his > > > home IdP. > > > The IdP changed his certificate and it was not trusted by unity. > > > > > > [2017-04-19 07:32:47,210 [qtp304966690-1742] > > > WARN unity.server.saml.SAMLRetrievalUI - SAML response > > > verification or > > > processing failed > > > pl.edu.icm.unity.server.authn.AuthenticationException: The SAML > > > response > > > is either invalid or is issued by an untrusted identity > > > provider.] > > > > > > This IdP comes with eduGain metadata. The Metadata URL is updated > > > once > > > per hour. Reloading SAML authenticator did not solve the problem. > > > A > > > restart solved the problem. But restarts during the the working > > > time are > > > not very welcome. Is there another solution to solve this > > > problem? > > > > I'll look into it - likely some cache is not purged after metadata > > reload. > > I've run quite a few tests and unfortunately I can not reproduce > this > issue. All cases that I tried (e.g. with changed certificate DN in > update or without DN change) worked fine - immediately after > metadata > reload a new certificate was used. > > I've found however another nasty problem related to SAML metadata > reloading (#601 in tracker). While this other problem alone is > rather > not related with your case, its fix could also solve your issue: a > small > refactoring was applied to the overal process of metadata reloading > - > which should be now simplified and more stable. > > All in all if you notice such issue again please let us know, > providing > as much of context as possible. Especially what was the IdP. I have > some > saved eduGAIN metadata dumps so chances are that I'll be able to > reproduce the setup before and after update. > > Best > Krzysztof -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2017-04-25 21:31:22
|
Dear Subscribers, Subsequent Unity revision - 1.9.6 - is available for download. Release includes six bugfixes, including the the fix for the default Facebook external authentication. Among new features there is a possibility to trigger resend of confirmation emails directly from the Admin UI (for both e-mail identities and attributes). Web endpoints got their default paths, so you can access AdminUI or HomeUI directly under the endpoint's path (in default setup this would be /admin instead of /admin/admin). It is also possible to setup default address of the whole server. Finally there were numerous improvements related to consent screen - admin can now control which attributes are mandatory and their presentation is improved. Download links and detailed list of changes is available at: http://www.unity-idm.eu/site/downloads Best regards, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-25 19:46:33
|
Hi Sander, W dniu 19.04.2017 o 12:22, Krzysztof Benedyczak pisze: > Hi Sander, > > W dniu 19.04.2017 o 11:34, Sander Apweiler pisze: >> Hi Krzysztof, >> >> I got a problem report by an user about broken login with his home IdP. >> The IdP changed his certificate and it was not trusted by unity. >> >> [2017-04-19 07:32:47,210 [qtp304966690-1742] >> WARN unity.server.saml.SAMLRetrievalUI - SAML response verification or >> processing failed >> pl.edu.icm.unity.server.authn.AuthenticationException: The SAML response >> is either invalid or is issued by an untrusted identity provider.] >> >> This IdP comes with eduGain metadata. The Metadata URL is updated once >> per hour. Reloading SAML authenticator did not solve the problem. A >> restart solved the problem. But restarts during the the working time are >> not very welcome. Is there another solution to solve this problem? > > I'll look into it - likely some cache is not purged after metadata reload. I've run quite a few tests and unfortunately I can not reproduce this issue. All cases that I tried (e.g. with changed certificate DN in update or without DN change) worked fine - immediately after metadata reload a new certificate was used. I've found however another nasty problem related to SAML metadata reloading (#601 in tracker). While this other problem alone is rather not related with your case, its fix could also solve your issue: a small refactoring was applied to the overal process of metadata reloading - which should be now simplified and more stable. All in all if you notice such issue again please let us know, providing as much of context as possible. Especially what was the IdP. I have some saved eduGAIN metadata dumps so chances are that I'll be able to reproduce the setup before and after update. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-25 17:28:25
|
Shiraz, W dniu 24.04.2017 o 14:17, Shiraz Memon pisze: > On Mon, Apr 24, 2017 at 1:44 PM, Krzysztof Benedyczak <kb...@un... > <mailto:kb...@un...>> wrote: > > Hi Shiraz, > > W dniu 24.04.2017 o 13:24, Shiraz Memon pisze: > > Hi Krzysztof, > > Is it possible for the non-privileged users to request > membership in an > existing group they are "not" members of (e.g. through their > unity home > page)? and subsequently notify and let the admins of the requested > group(s) to approve/disapprove the membership. > > I think we have discussed about this in the past and not really sure > whether the feature has already been included in the latest stable > release and how to enable it, if provided. > > > Yes, you can create a non-mandatory enquiry form allowing to request > any group membership. So far there is no support for activating this > on the HomeUI (we can work on it of course), but enquiry gets its > own URL, so you can give it to your users. > > > I think enquiry form is a good fit for the purpose (atleast for the time > being), but can a link to the form be shown to our users under home UI > (like other attribute value pairs) in a neat way? I know this can be > achieved by creating a special attribute for every user having the link > as a value and then display it under the home UI (not very elegant though). As I wrote this is not possible currently. If you want to have such feature implemented please fill a request (or write) with details, how do you envision this. Maybe an additional "big" button on the left side of the profile UI (below credentials)? Or rather more lightweight solution and additional section on the main info screen below or under attributes? Thanks, Krzysztof |
|
From: Shiraz M. <a....@fz...> - 2017-04-24 12:17:43
|
On Mon, Apr 24, 2017 at 1:44 PM, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote: Hi Shiraz, W dniu 24.04.2017 o 13:24, Shiraz Memon pisze: Hi Krzysztof, Is it possible for the non-privileged users to request membership in an existing group they are "not" members of (e.g. through their unity home page)? and subsequently notify and let the admins of the requested group(s) to approve/disapprove the membership. I think we have discussed about this in the past and not really sure whether the feature has already been included in the latest stable release and how to enable it, if provided. Yes, you can create a non-mandatory enquiry form allowing to request any group membership. So far there is no support for activating this on the HomeUI (we can work on it of course), but enquiry gets its own URL, so you can give it to your users. I think enquiry form is a good fit for the purpose (atleast for the time being), but can a link to the form be shown to our users under home UI (like other attribute value pairs) in a neat way? I know this can be achieved by creating a special attribute for every user having the link as a value and then display it under the home UI (not very elegant though). Thanks, Shiraz HTH, Krzysztof -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2017-04-24 11:44:19
|
Hi Shiraz, W dniu 24.04.2017 o 13:24, Shiraz Memon pisze: > Hi Krzysztof, > > Is it possible for the non-privileged users to request membership in an > existing group they are "not" members of (e.g. through their unity home > page)? and subsequently notify and let the admins of the requested > group(s) to approve/disapprove the membership. > > I think we have discussed about this in the past and not really sure > whether the feature has already been included in the latest stable > release and how to enable it, if provided. Yes, you can create a non-mandatory enquiry form allowing to request any group membership. So far there is no support for activating this on the HomeUI (we can work on it of course), but enquiry gets its own URL, so you can give it to your users. HTH, Krzysztof |
|
From: Shiraz M. <a....@fz...> - 2017-04-24 11:25:32
|
Hi Krzysztof, Is it possible for the non-privileged users to request membership in an existing group they are "not" members of (e.g. through their unity home page)? and subsequently notify and let the admins of the requested group(s) to approve/disapprove the membership. I think we have discussed about this in the past and not really sure whether the feature has already been included in the latest stable release and how to enable it, if provided. Best, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Shiraz M. <a....@fz...> - 2017-04-24 10:22:36
|
Hi Krzysztof, the custom configuration worked - thanks! Best, Shiraz On Fri, Apr 21, 2017 at 10:24 PM, Krzysztof Benedyczak <kb...@un...> wrote: > Hi Shiraz, > > > W dniu 21.04.2017 o 10:42, Shiraz Memon pisze: > >> Hi Krzysztof, >> >> I (and also other users) am unable to authenticate myself using my >> facebook id. Can you check whether facebook has changed something lately >> in their flow. >> > > > Yeah - they changed the access token format. > > Workaround: instead of builit in type facebook use custom with the > following settings (the additional ones after the empty line should be good > without any change - maybe besides the 'fb' in key): > > unity.oauth2.client.providers.fb.type=custom > unity.oauth2.client.providers.fb.clientId=YOURID > unity.oauth2.client.providers.fb.clientSecret=YOUR SECRET > unity.oauth2.client.providers.fb.translationProfile=YOURPROFILE > > unity.oauth2.client.providers.fb.name=Facebook > unity.oauth2.client.providers.fb.authEndpoint=https://www.fa > cebook.com/dialog/oauth > unity.oauth2.client.providers.fb.accessTokenEndpoint=https:/ > /graph.facebook.com/oauth/access_token > unity.oauth2.client.providers.fb.profileEndpoint=https://gra > ph.facebook.com/me/ > unity.oauth2.client.providers.fb.accessTokenFormat=standard > unity.oauth2.client.providers.fb.scopes=email > unity.oauth2.client.providers.fb.iconUrl=file:../common/img/ > external/FB-small.png > unity.oauth2.client.providers.fb.clientAuthenticationMode=secretPost > > > > The standard config will be fixed in the next release. > > Thanks > Krzysztof > > > >> Inline image 1 >> >> logs: >> >> 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG >> unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection >> to OAuth provider >> https://www.facebook.com/dialog/oauth?response_type=code& >> client_id=xxxx66787708245&redirect_uri=https%3A%2F% >> 2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2Re >> sponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb >> >> 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG >> unity.server.oauth.ResponseConsumerServlet - Received OAuth response >> with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to >> /admin/admin >> 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG >> unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth >> response >> 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG >> unity.server.oauth.OAuth2Verificator - Exchanging authorization code >> for access token with request to: >> https://graph.facebook.com/oauth/access_token >> 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG >> unity.server.oauth.OAuth2Verificator - Received answer: 200 >> 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG >> unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code >> verification or processing failed >> pl.edu.icm.unity.server.authn.AuthenticationException: Problem during >> user information retrieval >> at >> pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyA >> uthenticatedInput(OAuth2Verificator.java:244) >> >> at >> pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthA >> uthzResponse(OAuth2Verificator.java:209) >> >> at >> pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzA >> nswer(OAuth2RetrievalUI.java:268) >> >> at >> pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh( >> OAuth2RetrievalUI.java:329) >> >> at >> pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthe >> nticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) >> >> at >> pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(Sele >> ctedAuthNPanel.java:500) >> >> at >> pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(Authen >> ticationUI.java:364) >> >> at com.vaadin.ui.UI.doRefresh(UI.java:731) >> at >> com.vaadin.server.communication.UIInitHandler.reinitUI( >> UIInitHandler.java:261) >> >> at >> com.vaadin.server.communication.UIInitHandler.getBrowserDeta >> ilsUI(UIInitHandler.java:168) >> >> at >> com.vaadin.server.communication.UIInitHandler.synchronizedHa >> ndleRequest(UIInitHandler.java:74) >> >> at >> com.vaadin.server.SynchronizedRequestHandler.handleRequest(S >> ynchronizedRequestHandler.java:41) >> >> at >> com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) >> at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) >> at >> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >> r(ServletHandler.java:1772) >> >> at >> pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.do >> Filter(InvocationContextSetupFilter.java:73) >> >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >> r(ServletHandler.java:1759) >> >> at >> pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotPro >> tectedResource(AuthenticationFilter.java:190) >> >> at >> pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(A >> uthenticationFilter.java:78) >> >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >> r(ServletHandler.java:1759) >> >> at >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan >> dler.java:582) >> at >> org.eclipse.jetty.server.session.SessionHandler.doHandle( >> SessionHandler.java:224) >> >> at >> org.eclipse.jetty.server.handler.ContextHandler.doHandle( >> ContextHandler.java:1180) >> >> at >> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) >> at >> org.eclipse.jetty.server.session.SessionHandler.doScope( >> SessionHandler.java:185) >> >> at >> org.eclipse.jetty.server.handler.ContextHandler.doScope( >> ContextHandler.java:1112) >> >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped >> Handler.java:141) >> >> at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java: >> 199) >> at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) >> at >> pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoA >> uthn(AuthenticationFilter.java:173) >> >> at >> pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(A >> uthenticationFilter.java:124) >> >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >> r(ServletHandler.java:1759) >> >> at >> pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter >> (HiddenResourcesFilter.java:49) >> >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilte >> r(ServletHandler.java:1759) >> >> at >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHan >> dler.java:582) >> at >> org.eclipse.jetty.server.session.SessionHandler.doHandle( >> SessionHandler.java:224) >> >> at >> org.eclipse.jetty.server.handler.ContextHandler.doHandle( >> ContextHandler.java:1180) >> >> at >> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) >> at >> org.eclipse.jetty.server.session.SessionHandler.doScope( >> SessionHandler.java:185) >> >> at >> org.eclipse.jetty.server.handler.ContextHandler.doScope( >> ContextHandler.java:1112) >> >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(Scoped >> Handler.java:141) >> >> at >> org.eclipse.jetty.server.handler.ContextHandlerCollection.ha >> ndle(ContextHandlerCollection.java:213) >> >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl >> erWrapper.java:134) >> >> at >> org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(Rewr >> iteHandler.java:335) >> >> at >> org.eclipse.jetty.server.handler.gzip.GzipHandler.handle( >> GzipHandler.java:426) >> >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handl >> erWrapper.java:134) >> >> at org.eclipse.jetty.server.Server.handle(Server.java:534) >> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel. >> java:320) >> at >> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConne >> ction.java:251) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback. >> succeeded(AbstractConnection.java:283) >> >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest. >> java:110) >> at >> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback. >> succeeded(AbstractConnection.java:283) >> >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest. >> java:110) >> at >> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChann >> elEndPoint.java:93) >> >> at >> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >> .executeProduceConsume(ExecuteProduceConsume.java:303) >> >> at >> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >> .produceConsume(ExecuteProduceConsume.java:148) >> >> at >> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume >> .run(ExecuteProduceConsume.java:136) >> >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(Queued >> ThreadPool.java:671) >> >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedT >> hreadPool.java:589) >> >> at java.lang.Thread.run(Thread.java:745) >> Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access >> token answer received doesn't contain 'access_token' parameter. >> at >> pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTok >> enAndProfilePlain(OAuth2Verificator.java:404) >> >> at >> pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyA >> uthenticatedInput(OAuth2Verificator.java:241) >> >> ... 62 more >> Cheers, >> Shiraz >> -- >> Shiraz Memon >> Federated Systems and Data >> Jülich Supercomputing Centre (JSC) >> >> Phone: +49 2461 61 6899 >> Fax: +49 2461 61 6656 >> >> >> ------------------------------------------------------------ >> ------------------------------------ >> ------------------------------------------------------------ >> ------------------------------------ >> Forschungszentrum Juelich GmbH >> 52425 Juelich >> Sitz der Gesellschaft: Juelich >> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 >> Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher >> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), >> Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, >> Prof. Dr. Sebastian M. Schmidt >> ------------------------------------------------------------ >> ------------------------------------ >> ------------------------------------------------------------ >> ------------------------------------ >> >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> >> > -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 |
|
From: Krzysztof B. <kb...@un...> - 2017-04-21 20:25:12
|
Hi Shiraz, W dniu 21.04.2017 o 10:42, Shiraz Memon pisze: > Hi Krzysztof, > > I (and also other users) am unable to authenticate myself using my > facebook id. Can you check whether facebook has changed something lately > in their flow. Yeah - they changed the access token format. Workaround: instead of builit in type facebook use custom with the following settings (the additional ones after the empty line should be good without any change - maybe besides the 'fb' in key): unity.oauth2.client.providers.fb.type=custom unity.oauth2.client.providers.fb.clientId=YOURID unity.oauth2.client.providers.fb.clientSecret=YOUR SECRET unity.oauth2.client.providers.fb.translationProfile=YOURPROFILE unity.oauth2.client.providers.fb.name=Facebook unity.oauth2.client.providers.fb.authEndpoint=https://www.facebook.com/dialog/oauth unity.oauth2.client.providers.fb.accessTokenEndpoint=https://graph.facebook.com/oauth/access_token unity.oauth2.client.providers.fb.profileEndpoint=https://graph.facebook.com/me/ unity.oauth2.client.providers.fb.accessTokenFormat=standard unity.oauth2.client.providers.fb.scopes=email unity.oauth2.client.providers.fb.iconUrl=file:../common/img/external/FB-small.png unity.oauth2.client.providers.fb.clientAuthenticationMode=secretPost The standard config will be fixed in the next release. Thanks Krzysztof > > Inline image 1 > > logs: > > 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG > unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection > to OAuth provider > https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb > > 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG > unity.server.oauth.ResponseConsumerServlet - Received OAuth response > with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to > /admin/admin > 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response > 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2Verificator - Exchanging authorization code > for access token with request to: > https://graph.facebook.com/oauth/access_token > 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2Verificator - Received answer: 200 > 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code > verification or processing failed > pl.edu.icm.unity.server.authn.AuthenticationException: Problem during > user information retrieval > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) > > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) > > at > pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) > > at > pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) > > at > pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) > > at > pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) > > at > pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) > > at com.vaadin.ui.UI.doRefresh(UI.java:731) > at > com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) > > at > com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) > > at > com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) > > at > com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) > > at > com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) > at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) > > at > pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) > > at org.eclipse.jetty.server.Server.handle(Server.java:534) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) > > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) > > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) > at > org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) > > at java.lang.Thread.run(Thread.java:745) > Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access > token answer received doesn't contain 'access_token' parameter. > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) > > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) > > ... 62 more > Cheers, > Shiraz > -- > Shiraz Memon > Federated Systems and Data > Jülich Supercomputing Centre (JSC) > > Phone: +49 2461 61 6899 > Fax: +49 2461 61 6656 > > > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------ > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Shiraz M. <a....@fz...> - 2017-04-21 09:47:33
|
The problem occurs in unity v1.9.5. Best, Shiraz On Fri, Apr 21, 2017 at 10:42 AM, Shiraz Memon <a....@fz...<mailto:a....@fz...>> wrote: Hi Krzysztof, I (and also other users) am unable to authenticate myself using my facebook id. Can you check whether facebook has changed something lately in their flow. [Inline image 1] logs: 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection to OAuth provider https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG unity.server.oauth.ResponseConsumerServlet - Received OAuth response with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to /admin/admin 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Exchanging authorization code for access token with request to: https://graph.facebook.com/oauth/access_token 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Received answer: 200 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: Problem during user information retrieval at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) at com.vaadin.ui.UI.doRefresh(UI.java:731) at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.server.Server.handle(Server.java:534) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) at java.lang.Thread.run(Thread.java:745) Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access token answer received doesn't contain 'access_token' parameter. at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) ... 62 more Cheers, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899<tel:02461%20616899> Fax: +49 2461 61 6656<tel:02461%20616656> -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Shiraz M. <a....@fz...> - 2017-04-21 08:43:31
|
Hi Krzysztof, I (and also other users) am unable to authenticate myself using my facebook id. Can you check whether facebook has changed something lately in their flow. [Inline image 1] logs: 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection to OAuth provider https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG unity.server.oauth.ResponseConsumerServlet - Received OAuth response with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to /admin/admin 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Exchanging authorization code for access token with request to: https://graph.facebook.com/oauth/access_token 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Received answer: 200 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: Problem during user information retrieval at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) at com.vaadin.ui.UI.doRefresh(UI.java:731) at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.server.Server.handle(Server.java:534) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) at java.lang.Thread.run(Thread.java:745) Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access token answer received doesn't contain 'access_token' parameter. at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) ... 62 more Cheers, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2017-04-20 18:15:27
|
Hi, W dniu 20.04.2017 o 13:26, Willem Elbers pisze: > Hi Krzysztof, > > > On 13/04/17 00:00, Krzysztof Benedyczak wrote: >> Hi, >> >> W dniu 11.04.2017 o 17:17, Willem Elbers pisze: >>> Dear Krzysztof, >>> >>> we have received the following stacktrace when trying to authenticate >>> via one of our SPs: >> [CUT] >>> Any ideas what can be the cause of this issue and how we can improve the >>> error message? >> >> This is caused by a bug in Unity, unfortunately. Unity doesn't accept >> SAML authN request without the AssertionConsumerServiceURL attribute. >> This attribute is not mandatory in SAML so Unity should happily accept >> such case. >> >> Fixing the request validator (and directly this bug) will be trivial, >> but I will have to verify whether the rest of the stack behaves >> correctly when this attribute is not set (what means that either >> metadata default should be used or AssertionConsumerServiceIndex >> picking endpoint from metadata). >> >> I've opened a ticket to track this problem. > Thanks. Any estimation on the timeline to fix this issue? > > We've discussed this issue with the problematic SP and it apparently is > not easy for them to solve. Hard to say yet. In the next days I'll try to find some time to investigate it and will get back to you with some estimation. Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-20 11:26:33
|
Hi Krzysztof, On 13/04/17 00:00, Krzysztof Benedyczak wrote: > Hi, > > W dniu 11.04.2017 o 17:17, Willem Elbers pisze: >> Dear Krzysztof, >> >> we have received the following stacktrace when trying to authenticate >> via one of our SPs: > [CUT] >> Any ideas what can be the cause of this issue and how we can improve the >> error message? > > This is caused by a bug in Unity, unfortunately. Unity doesn't accept > SAML authN request without the AssertionConsumerServiceURL attribute. > This attribute is not mandatory in SAML so Unity should happily accept > such case. > > Fixing the request validator (and directly this bug) will be trivial, > but I will have to verify whether the rest of the stack behaves > correctly when this attribute is not set (what means that either > metadata default should be used or AssertionConsumerServiceIndex > picking endpoint from metadata). > > I've opened a ticket to track this problem. Thanks. Any estimation on the timeline to fix this issue? We've discussed this issue with the problematic SP and it apparently is not easy for them to solve. > > Best, > Krzysztof > Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Krzysztof B. <kb...@un...> - 2017-04-19 10:22:58
|
Hi Sander, W dniu 19.04.2017 o 11:34, Sander Apweiler pisze: > Hi Krzysztof, > > I got a problem report by an user about broken login with his home IdP. > The IdP changed his certificate and it was not trusted by unity. > > [2017-04-19 07:32:47,210 [qtp304966690-1742] > WARN unity.server.saml.SAMLRetrievalUI - SAML response verification or > processing failed > pl.edu.icm.unity.server.authn.AuthenticationException: The SAML response > is either invalid or is issued by an untrusted identity provider.] > > This IdP comes with eduGain metadata. The Metadata URL is updated once > per hour. Reloading SAML authenticator did not solve the problem. A > restart solved the problem. But restarts during the the working time are > not very welcome. Is there another solution to solve this problem? I'll look into it - likely some cache is not purged after metadata reload. Thanks for the info KB |
|
From: Sander A. <sa....@fz...> - 2017-04-19 09:34:31
|
Hi Krzysztof, I got a problem report by an user about broken login with his home IdP. The IdP changed his certificate and it was not trusted by unity. [2017-04-19 07:32:47,210 [qtp304966690-1742] WARN unity.server.saml.SAMLRetrievalUI - SAML response verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: The SAML response is either invalid or is issued by an untrusted identity provider.] This IdP comes with eduGain metadata. The Metadata URL is updated once per hour. Reloading SAML authenticator did not solve the problem. A restart solved the problem. But restarts during the the working time are not very welcome. Is there another solution to solve this problem? Best regards, Sander --Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2017-04-13 21:51:40
|
Dear All, After a very long work Unity 2.0.0 release candidate 1, powered by a new storage platform is available for you to test. Hoping to get a lot of your feedback! You can find details and all relevant links in this post: http://www.unity-idm.eu/2017/04/13/unity-2-0-0-rc1/ Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-12 22:00:42
|
Hi, W dniu 11.04.2017 o 17:17, Willem Elbers pisze: > Dear Krzysztof, > > we have received the following stacktrace when trying to authenticate > via one of our SPs: [CUT] > Any ideas what can be the cause of this issue and how we can improve the > error message? This is caused by a bug in Unity, unfortunately. Unity doesn't accept SAML authN request without the AssertionConsumerServiceURL attribute. This attribute is not mandatory in SAML so Unity should happily accept such case. Fixing the request validator (and directly this bug) will be trivial, but I will have to verify whether the rest of the stack behaves correctly when this attribute is not set (what means that either metadata default should be used or AssertionConsumerServiceIndex picking endpoint from metadata). I've opened a ticket to track this problem. Best, Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-11 15:18:00
|
Dear Krzysztof,
we have received the following stacktrace when trying to authenticate
via one of our SPs:
HTTP Error: 500
Error reason:
Server Error
Caused by:
java.lang.NullPointerException
at java.net.URI$Parser.parse(URI.java:3042)
at java.net.URI.<init>(URI.java:588)
at eu.unicore.samly2.SAMLUtils.normalizeUri(SAMLUtils.java:228)
at
eu.unicore.samly2.trust.EnumeratedTrustChecker.checkTrust(EnumeratedTrustChecker.java:103)
at
eu.unicore.samly2.validators.AbstractRequestValidator.validate(AbstractRequestValidator.java:83)
at
pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:33)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:237)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:164)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:100)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)
at
pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190)
at
pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:459)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:524)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:186)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
No further information is available in the logs. The SP is using the
LASSO (http://lasso.entrouvert.org/) library.
Any ideas what can be the cause of this issue and how we can improve the
error message?
Best,
Willem
--
Willem Elbers
CLARIN ERIC
www.clarin.eu | skype: wjm.elbers
|
|
From: Krzysztof B. <kb...@un...> - 2017-04-10 07:09:22
|
Hi Willem, W dniu 07.04.2017 o 09:39, Willem Elbers pisze: > Hi Krzysztof, > > is it possible to change attribute values in a registration request > before accepting it? > > I guess it is possible after accepting the registration by updating the > attributes, but for our administrators it would be nice to do so during > the review of the account request. For us this is especially important > for the value of the email identity. No, full editing of submitted request is not possible. It is only possible to mask/ignore some of the requested data (group membership and attributes). Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-07 07:39:48
|
Hi Krzysztof, is it possible to change attribute values in a registration request before accepting it? I guess it is possible after accepting the registration by updating the attributes, but for our administrators it would be nice to do so during the review of the account request. For us this is especially important for the value of the email identity. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
