Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
|
Nov
|
Dec
|
|
From: Krzysztof B. <kb...@un...> - 2017-04-21 20:25:12
|
Hi Shiraz, W dniu 21.04.2017 o 10:42, Shiraz Memon pisze: > Hi Krzysztof, > > I (and also other users) am unable to authenticate myself using my > facebook id. Can you check whether facebook has changed something lately > in their flow. Yeah - they changed the access token format. Workaround: instead of builit in type facebook use custom with the following settings (the additional ones after the empty line should be good without any change - maybe besides the 'fb' in key): unity.oauth2.client.providers.fb.type=custom unity.oauth2.client.providers.fb.clientId=YOURID unity.oauth2.client.providers.fb.clientSecret=YOUR SECRET unity.oauth2.client.providers.fb.translationProfile=YOURPROFILE unity.oauth2.client.providers.fb.name=Facebook unity.oauth2.client.providers.fb.authEndpoint=https://www.facebook.com/dialog/oauth unity.oauth2.client.providers.fb.accessTokenEndpoint=https://graph.facebook.com/oauth/access_token unity.oauth2.client.providers.fb.profileEndpoint=https://graph.facebook.com/me/ unity.oauth2.client.providers.fb.accessTokenFormat=standard unity.oauth2.client.providers.fb.scopes=email unity.oauth2.client.providers.fb.iconUrl=file:../common/img/external/FB-small.png unity.oauth2.client.providers.fb.clientAuthenticationMode=secretPost The standard config will be fixed in the next release. Thanks Krzysztof > > Inline image 1 > > logs: > > 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG > unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection > to OAuth provider > https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb > > 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG > unity.server.oauth.ResponseConsumerServlet - Received OAuth response > with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to > /admin/admin > 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response > 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2Verificator - Exchanging authorization code > for access token with request to: > https://graph.facebook.com/oauth/access_token > 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2Verificator - Received answer: 200 > 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG > unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code > verification or processing failed > pl.edu.icm.unity.server.authn.AuthenticationException: Problem during > user information retrieval > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) > > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) > > at > pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) > > at > pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) > > at > pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) > > at > pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) > > at > pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) > > at com.vaadin.ui.UI.doRefresh(UI.java:731) > at > com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) > > at > com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) > > at > com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) > > at > com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) > > at > com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) > at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) > > at > pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) > > at > pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) > > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) > > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) > > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) > > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) > > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) > > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) > > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) > > at org.eclipse.jetty.server.Server.handle(Server.java:534) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) > > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) > > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) > at > org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) > > at > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) > > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) > > at > org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) > > at java.lang.Thread.run(Thread.java:745) > Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access > token answer received doesn't contain 'access_token' parameter. > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) > > at > pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) > > ... 62 more > Cheers, > Shiraz > -- > Shiraz Memon > Federated Systems and Data > Jülich Supercomputing Centre (JSC) > > Phone: +49 2461 61 6899 > Fax: +49 2461 61 6656 > > > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------ > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Shiraz M. <a....@fz...> - 2017-04-21 09:47:33
|
The problem occurs in unity v1.9.5. Best, Shiraz On Fri, Apr 21, 2017 at 10:42 AM, Shiraz Memon <a....@fz...<mailto:a....@fz...>> wrote: Hi Krzysztof, I (and also other users) am unable to authenticate myself using my facebook id. Can you check whether facebook has changed something lately in their flow. [Inline image 1] logs: 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection to OAuth provider https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG unity.server.oauth.ResponseConsumerServlet - Received OAuth response with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to /admin/admin 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Exchanging authorization code for access token with request to: https://graph.facebook.com/oauth/access_token 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Received answer: 200 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: Problem during user information retrieval at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) at com.vaadin.ui.UI.doRefresh(UI.java:731) at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.server.Server.handle(Server.java:534) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io<http://org.eclipse.jetty.io>.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) at java.lang.Thread.run(Thread.java:745) Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access token answer received doesn't contain 'access_token' parameter. at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) ... 62 more Cheers, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899<tel:02461%20616899> Fax: +49 2461 61 6656<tel:02461%20616656> -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Shiraz M. <a....@fz...> - 2017-04-21 08:43:31
|
Hi Krzysztof, I (and also other users) am unable to authenticate myself using my facebook id. Can you check whether facebook has changed something lately in their flow. [Inline image 1] logs: 2017-04-21 10:38:38,725 [qtp1655072591-1752] DEBUG unity.server.oauth.RedirectRequestHandler - Starting OAuth redirection to OAuth provider https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxx66787708245&redirect_uri=https%3A%2F%2Funity.eudat-aai.fz-juelich.de%3A8443%2Funitygw%2Foauth2ResponseConsumer&scope=email&state=5d2049a5-9aa1-4d43-b5e6-103b90c349cb 2017-04-21 10:38:38,973 [qtp1655072591-1757] DEBUG unity.server.oauth.ResponseConsumerServlet - Received OAuth response with valid state 5d2049a5-9aa1-4d43-b5e6-103b90c349cb, redirecting to /admin/admin 2017-04-21 10:38:39,138 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - RetrievalUI received OAuth response 2017-04-21 10:38:39,139 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Exchanging authorization code for access token with request to: https://graph.facebook.com/oauth/access_token 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2Verificator - Received answer: 200 2017-04-21 10:38:39,685 [qtp1655072591-1758] DEBUG unity.server.oauth.OAuth2RetrievalUI - OAuth2 authorization code verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: Problem during user information retrieval at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:244) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.verifyOAuthAuthzResponse(OAuth2Verificator.java:209) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.onAuthzAnswer(OAuth2RetrievalUI.java:268) at pl.edu.icm.unity.oauth.client.web.OAuth2RetrievalUI.refresh(OAuth2RetrievalUI.java:329) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel$PrimaryAuthenticationResultCallbackImpl.refresh(SelectedAuthNPanel.java:432) at pl.edu.icm.unity.webui.authn.SelectedAuthNPanel.refresh(SelectedAuthNPanel.java:500) at pl.edu.icm.unity.webui.authn.AuthenticationUI.refresh(AuthenticationUI.java:364) at com.vaadin.ui.UI.doRefresh(UI.java:731) at com.vaadin.server.communication.UIInitHandler.reinitUI(UIInitHandler.java:261) at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:168) at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74) at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41) at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409) at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.forwardtoAuthn(AuthenticationFilter.java:173) at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:426) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.server.Server.handle(Server.java:534) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:220) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) at java.lang.Thread.run(Thread.java:745) Caused by: pl.edu.icm.unity.server.authn.AuthenticationException: Access token answer received doesn't contain 'access_token' parameter. at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getAccessTokenAndProfilePlain(OAuth2Verificator.java:404) at pl.edu.icm.unity.oauth.client.OAuth2Verificator.getRemotelyAuthenticatedInput(OAuth2Verificator.java:241) ... 62 more Cheers, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Krzysztof B. <kb...@un...> - 2017-04-20 18:15:27
|
Hi, W dniu 20.04.2017 o 13:26, Willem Elbers pisze: > Hi Krzysztof, > > > On 13/04/17 00:00, Krzysztof Benedyczak wrote: >> Hi, >> >> W dniu 11.04.2017 o 17:17, Willem Elbers pisze: >>> Dear Krzysztof, >>> >>> we have received the following stacktrace when trying to authenticate >>> via one of our SPs: >> [CUT] >>> Any ideas what can be the cause of this issue and how we can improve the >>> error message? >> >> This is caused by a bug in Unity, unfortunately. Unity doesn't accept >> SAML authN request without the AssertionConsumerServiceURL attribute. >> This attribute is not mandatory in SAML so Unity should happily accept >> such case. >> >> Fixing the request validator (and directly this bug) will be trivial, >> but I will have to verify whether the rest of the stack behaves >> correctly when this attribute is not set (what means that either >> metadata default should be used or AssertionConsumerServiceIndex >> picking endpoint from metadata). >> >> I've opened a ticket to track this problem. > Thanks. Any estimation on the timeline to fix this issue? > > We've discussed this issue with the problematic SP and it apparently is > not easy for them to solve. Hard to say yet. In the next days I'll try to find some time to investigate it and will get back to you with some estimation. Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-20 11:26:33
|
Hi Krzysztof, On 13/04/17 00:00, Krzysztof Benedyczak wrote: > Hi, > > W dniu 11.04.2017 o 17:17, Willem Elbers pisze: >> Dear Krzysztof, >> >> we have received the following stacktrace when trying to authenticate >> via one of our SPs: > [CUT] >> Any ideas what can be the cause of this issue and how we can improve the >> error message? > > This is caused by a bug in Unity, unfortunately. Unity doesn't accept > SAML authN request without the AssertionConsumerServiceURL attribute. > This attribute is not mandatory in SAML so Unity should happily accept > such case. > > Fixing the request validator (and directly this bug) will be trivial, > but I will have to verify whether the rest of the stack behaves > correctly when this attribute is not set (what means that either > metadata default should be used or AssertionConsumerServiceIndex > picking endpoint from metadata). > > I've opened a ticket to track this problem. Thanks. Any estimation on the timeline to fix this issue? We've discussed this issue with the problematic SP and it apparently is not easy for them to solve. > > Best, > Krzysztof > Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Krzysztof B. <kb...@un...> - 2017-04-19 10:22:58
|
Hi Sander, W dniu 19.04.2017 o 11:34, Sander Apweiler pisze: > Hi Krzysztof, > > I got a problem report by an user about broken login with his home IdP. > The IdP changed his certificate and it was not trusted by unity. > > [2017-04-19 07:32:47,210 [qtp304966690-1742] > WARN unity.server.saml.SAMLRetrievalUI - SAML response verification or > processing failed > pl.edu.icm.unity.server.authn.AuthenticationException: The SAML response > is either invalid or is issued by an untrusted identity provider.] > > This IdP comes with eduGain metadata. The Metadata URL is updated once > per hour. Reloading SAML authenticator did not solve the problem. A > restart solved the problem. But restarts during the the working time are > not very welcome. Is there another solution to solve this problem? I'll look into it - likely some cache is not purged after metadata reload. Thanks for the info KB |
|
From: Sander A. <sa....@fz...> - 2017-04-19 09:34:31
|
Hi Krzysztof, I got a problem report by an user about broken login with his home IdP. The IdP changed his certificate and it was not trusted by unity. [2017-04-19 07:32:47,210 [qtp304966690-1742] WARN unity.server.saml.SAMLRetrievalUI - SAML response verification or processing failed pl.edu.icm.unity.server.authn.AuthenticationException: The SAML response is either invalid or is issued by an untrusted identity provider.] This IdP comes with eduGain metadata. The Metadata URL is updated once per hour. Reloading SAML authenticator did not solve the problem. A restart solved the problem. But restarts during the the working time are not very welcome. Is there another solution to solve this problem? Best regards, Sander --Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2017-04-13 21:51:40
|
Dear All, After a very long work Unity 2.0.0 release candidate 1, powered by a new storage platform is available for you to test. Hoping to get a lot of your feedback! You can find details and all relevant links in this post: http://www.unity-idm.eu/2017/04/13/unity-2-0-0-rc1/ Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-12 22:00:42
|
Hi, W dniu 11.04.2017 o 17:17, Willem Elbers pisze: > Dear Krzysztof, > > we have received the following stacktrace when trying to authenticate > via one of our SPs: [CUT] > Any ideas what can be the cause of this issue and how we can improve the > error message? This is caused by a bug in Unity, unfortunately. Unity doesn't accept SAML authN request without the AssertionConsumerServiceURL attribute. This attribute is not mandatory in SAML so Unity should happily accept such case. Fixing the request validator (and directly this bug) will be trivial, but I will have to verify whether the rest of the stack behaves correctly when this attribute is not set (what means that either metadata default should be used or AssertionConsumerServiceIndex picking endpoint from metadata). I've opened a ticket to track this problem. Best, Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-11 15:18:00
|
Dear Krzysztof,
we have received the following stacktrace when trying to authenticate
via one of our SPs:
HTTP Error: 500
Error reason:
Server Error
Caused by:
java.lang.NullPointerException
at java.net.URI$Parser.parse(URI.java:3042)
at java.net.URI.<init>(URI.java:588)
at eu.unicore.samly2.SAMLUtils.normalizeUri(SAMLUtils.java:228)
at
eu.unicore.samly2.trust.EnumeratedTrustChecker.checkTrust(EnumeratedTrustChecker.java:103)
at
eu.unicore.samly2.validators.AbstractRequestValidator.validate(AbstractRequestValidator.java:83)
at
pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:33)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:237)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:164)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:100)
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)
at
pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:73)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:190)
at
pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:78)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
pl.edu.icm.unity.server.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1174)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1106)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:459)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:524)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:186)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
No further information is available in the logs. The SP is using the
LASSO (http://lasso.entrouvert.org/) library.
Any ideas what can be the cause of this issue and how we can improve the
error message?
Best,
Willem
--
Willem Elbers
CLARIN ERIC
www.clarin.eu | skype: wjm.elbers
|
|
From: Krzysztof B. <kb...@un...> - 2017-04-10 07:09:22
|
Hi Willem, W dniu 07.04.2017 o 09:39, Willem Elbers pisze: > Hi Krzysztof, > > is it possible to change attribute values in a registration request > before accepting it? > > I guess it is possible after accepting the registration by updating the > attributes, but for our administrators it would be nice to do so during > the review of the account request. For us this is especially important > for the value of the email identity. No, full editing of submitted request is not possible. It is only possible to mask/ignore some of the requested data (group membership and attributes). Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-07 07:39:48
|
Hi Krzysztof, is it possible to change attribute values in a registration request before accepting it? I guess it is possible after accepting the registration by updating the attributes, but for our administrators it would be nice to do so during the review of the account request. For us this is especially important for the value of the email identity. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-04-04 07:10:44
|
Thanks, confirmed this solved our issue. On 03/04/17 19:33, Krzysztof Benedyczak wrote: > Willem, > > W dniu 03.04.2017 o 17:25, Willem Elbers pisze: >> Dear Krzysztof, >> >> is it possible to prevent browser from showing the client certificate >> popup when we are not using X.509 certificates for authentication? >> >> As you might know this results in issues for Safari users. > > If you don't use client-cert authN at all then set: > > unityServer.core.httpServer.wantClientAuthn=false > > Note that this is per-server setting. > > Best > Krzysztof -- Willem Elbers CLARIN ERIC www.clarin.eu | tel: +31-(0)85-0091277 | skype: wjm.elbers |
|
From: Sander A. <sa....@fz...> - 2017-04-04 05:48:35
|
Hi Krzysztof,
thanks a lot. I was able to remove internal groups from output.
Best regards,
Sander
Am Montag, den 03.04.2017, 20:32 +0200 schrieb Krzysztof Benedyczak:
> Hi,
>
> W dniu 03.04.2017 o 10:59, Sander Apweiler pisze:
> > Hi Krzysztof,
> >
> > We have some unity subgroups fro internal usage like enquiry forms.
> > Those groups should not provided to SPs. Is is possible to filter
> > elements from groups attribute?
> >
>
> Easy & typical way would be to use subGroups property of the output
> profile to fill the produced groups attribute. If this is not enough
> and
> you need to perform more fancy filtering, then you can do basically
> anything with MVEL.
>
> For instance something like this (not much tested) should produce a
> list
> of groups starting with '/foo/':
>
> ($ in groups if $.startsWith('/foo/'))
>
> and use this as your membership attribute value.
>
> See MVEL docs for more examples. There is also MVEL shell available
> (java -jar mvel-....jar) for easy testing.
>
> Best
> Krzysztof
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 18:32:33
|
Hi,
W dniu 03.04.2017 o 10:59, Sander Apweiler pisze:
> Hi Krzysztof,
>
> We have some unity subgroups fro internal usage like enquiry forms.
> Those groups should not provided to SPs. Is is possible to filter
> elements from groups attribute?
>
Easy & typical way would be to use subGroups property of the output
profile to fill the produced groups attribute. If this is not enough and
you need to perform more fancy filtering, then you can do basically
anything with MVEL.
For instance something like this (not much tested) should produce a list
of groups starting with '/foo/':
($ in groups if $.startsWith('/foo/'))
and use this as your membership attribute value.
See MVEL docs for more examples. There is also MVEL shell available
(java -jar mvel-....jar) for easy testing.
Best
Krzysztof
|
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 18:01:19
|
Hi Sander, W dniu 03.04.2017 o 09:16, Sander Apweiler pisze: > Hi Krzysztof, > > We got some user feedback and want to solve some points. One point was > that user did not understand the object identifier notation for > attributes used by some of our SP. The user wishes some > information/explanation when they select their attributes to release in > SAML web authentication. Some IdPs/federations require such explanation > and other are planning to require it. > > Is it possible to display some explanation about attributes on the page > where users select their release attributes? Not currently. In general this would require some development and more precise usage requirements from you, as recently I've got other request to make this somehow read only or hidden - details to be clarified still. Any UI requirements? Additional problem is that the attributes being exposed can come from output profile. We would need to implement support for setting descriptions there too. Best, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:54:28
|
Hi, W dniu 31.03.2017 o 12:20, Sander Apweiler pisze: > Hi Krzysztof, > > We need to provide some additional files like FAQ or DPS together with > unity. In manual I found the config for WebContents directory, but I > was not able to browse to a file which is stored in this directory. > > Is it possible to store files there and provide them with the webserver > used by unity? Yes, but not in an elegant way. Using Unity as a generic web server was not yet considered. So first of all everything in Unity is accessed in a context of some endpoint. There is one special endpoint, always available, which is accessible under /unitygw path. It won't expose arbitrary files to the world from webContents. However it exposes everything that is in VAADIN directory of webContents. So if you add 'test.txt' to webcontents/VAADIN, you can access it from: https://<unity.host.com>/unitgw/VAADIN/test.txt We can add some other directory mapping easily but currently only such trick will work. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:38:27
|
Hi, W dniu 03.04.2017 o 15:52, Willem Elbers pisze: > Hi Krzysztof, > > from what I've understood from Shiraz unity doesn't support refreshing > of OAuth2 tokens. > > I would like to make this a feature request on behalf of EUDAT. > Shiraz is right in this sense that OAuth refresh is not yet supported. We have it somewhere in the plans and I can open a ticket for EUDAT. However before opening can you please confirm that auto extension feature won't work for you? See documentation for this property: extendAccessTokenValidityUpTo Basically if you turn it on you get automatic enhancement of actively used token validity up to certain time. Best Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2017-04-03 17:33:37
|
Willem, W dniu 03.04.2017 o 17:25, Willem Elbers pisze: > Dear Krzysztof, > > is it possible to prevent browser from showing the client certificate > popup when we are not using X.509 certificates for authentication? > > As you might know this results in issues for Safari users. If you don't use client-cert authN at all then set: unityServer.core.httpServer.wantClientAuthn=false Note that this is per-server setting. Best Krzysztof |
|
From: Willem E. <wi...@cl...> - 2017-04-03 15:25:22
|
Dear Krzysztof, is it possible to prevent browser from showing the client certificate popup when we are not using X.509 certificates for authentication? As you might know this results in issues for Safari users. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Willem E. <wi...@cl...> - 2017-04-03 13:52:11
|
Hi Krzysztof, from what I've understood from Shiraz unity doesn't support refreshing of OAuth2 tokens. I would like to make this a feature request on behalf of EUDAT. Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
|
From: Sander A. <sa....@fz...> - 2017-04-03 09:00:13
|
Hi Krzysztof, We have some unity subgroups fro internal usage like enquiry forms. Those groups should not provided to SPs. Is is possible to filter elements from groups attribute? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2017-04-03 07:16:22
|
Hi Krzysztof, We got some user feedback and want to solve some points. One point was that user did not understand the object identifier notation for attributes used by some of our SP. The user wishes some information/explanation when they select their attributes to release in SAML web authentication. Some IdPs/federations require such explanation and other are planning to require it. Is it possible to display some explanation about attributes on the page where users select their release attributes? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2017-03-31 10:21:17
|
Hi Krzysztof, We need to provide some additional files like FAQ or DPS together with unity. In manual I found the config for WebContents directory, but I was not able to browse to a file which is stored in this directory. Is it possible to store files there and provide them with the webserver used by unity? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Willem E. <wi...@cl...> - 2017-03-30 09:08:00
|
Dear Krzysztof, On 28/03/17 23:59, Krzysztof Benedyczak wrote: > W dniu 28.03.2017 o 14:49, Willem Elbers pisze: >> Dear Krzystof, >> >> in addition to this issue, is it possible to change the component user >> to render an attribute in the registration form? >> >> Instead of the combo box it could be nice to use a list component (as >> used in the "attribute types management" attribute type editor). >> >> Or even better a search option which dynamically filters the results. > > I think that the list component is not a good approach - would occupy > a lot of space always, would be quite ugly for couple of say 3-4 > elements enums on reg screen. I agree but what I meant is to make it configurable per enumeration type attribute. For attributes with enumerations with a limit set of value the combo box is perfectly fine. In our case we want to collect country as one of the attributes. This results in a combo box of ~250 values. In this case I would probably prefer the list component, especially because the paging mechanism in the list component is better than in the combo box in my opinion. Again, this makes only sense if it is configurable on a per attribute case. > > I've turned on search/filtering - indeed it was not enabled. So now > you will be able to type to filter the selection in the usual way. > Thanks. > Best, > Krzysztof > > Best, Willem -- Willem Elbers CLARIN ERIC www.clarin.eu | skype: wjm.elbers |
