Menu
▾
▴
unity-idm-discuss — Unity discussion and support
You can subscribe to this list here.
| 2014 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(3) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
(20) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(1) |
Aug
(7) |
Sep
(13) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(11) |
Oct
(7) |
Nov
(6) |
Dec
(11) |
| 2017 |
Jan
(10) |
Feb
(5) |
Mar
(27) |
Apr
(34) |
May
(25) |
Jun
(14) |
Jul
(7) |
Aug
(17) |
Sep
(11) |
Oct
(6) |
Nov
(14) |
Dec
(10) |
| 2018 |
Jan
(8) |
Feb
(19) |
Mar
(40) |
Apr
(9) |
May
(16) |
Jun
(23) |
Jul
(31) |
Aug
(7) |
Sep
(9) |
Oct
(6) |
Nov
(14) |
Dec
(19) |
| 2019 |
Jan
(4) |
Feb
(6) |
Mar
(1) |
Apr
(2) |
May
(6) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(19) |
Dec
(14) |
| 2020 |
Jan
(10) |
Feb
(24) |
Mar
(49) |
Apr
(26) |
May
(12) |
Jun
(4) |
Jul
(13) |
Aug
(32) |
Sep
(13) |
Oct
(10) |
Nov
(4) |
Dec
(16) |
| 2021 |
Jan
(2) |
Feb
(8) |
Mar
(15) |
Apr
(19) |
May
(5) |
Jun
(13) |
Jul
(6) |
Aug
(38) |
Sep
(11) |
Oct
(18) |
Nov
(11) |
Dec
(13) |
| 2022 |
Jan
(10) |
Feb
(21) |
Mar
(28) |
Apr
(3) |
May
(7) |
Jun
(9) |
Jul
(14) |
Aug
(13) |
Sep
(8) |
Oct
(29) |
Nov
(1) |
Dec
(21) |
| 2023 |
Jan
(19) |
Feb
(9) |
Mar
|
Apr
(10) |
May
(7) |
Jun
(10) |
Jul
(14) |
Aug
(17) |
Sep
(1) |
Oct
(9) |
Nov
(5) |
Dec
(14) |
| 2024 |
Jan
(12) |
Feb
(2) |
Mar
(8) |
Apr
(1) |
May
(6) |
Jun
(6) |
Jul
(24) |
Aug
(15) |
Sep
(1) |
Oct
(6) |
Nov
(20) |
Dec
(14) |
| 2025 |
Jan
(12) |
Feb
(2) |
Mar
(10) |
Apr
(11) |
May
(13) |
Jun
(1) |
Jul
(2) |
Aug
(2) |
Sep
(8) |
Oct
|
Nov
|
Dec
|
|
From: Roman K. <ro...@un...> - 2024-07-30 07:21:59
|
Hi Sander, Thank you for additional information, we are looking into this. Thank you, Roman wt., 23 lip 2024 o 11:18 Sander Apweiler <sa....@fz...> napisał(a): > Hi Roman, > since Laura has some days off, let me answer. > > On Tue, 2024-07-23 at 11:06 +0200, Roman Krysiński wrote: > > Hello Laura, > > > > Thank you for bringing this up. We are looking into it, and will > > provide an update in the foreseeable future. > > > > With regards to the first issue, we are going to verify if > > unityServer.core.defaultWebPath configuration option works as > > expected. Let us know if you believe there are other regressions. > We have set this, like in 3.x: unityServer.core.defaultWebPath=/home > But it does not work on two instances > > > > As for the second question, please note that home UI was redesiend, > > and the profile tab will now show the attributes configured on home > > ui endpoint under "Exposed attributes:" option. Would it be possible > > to share the Services -> Home UI instance -> General tab -> Content > > configuration options screenshot? > Screenshot is attached. The content is loaded from this file config; > > > unity.endpoint.web.enableRegistration=true > > unity.endpoint.web.authnScreenOptionsLabel.OR.text=OR > unity.endpoint.web.authnScreenShowAllOptions=false > unity.endpoint.web.authnScreenShowSearch=true > > unity.endpoint.web.authnGrid.G1.gridContents=samlWeb > unity.endpoint.web.authnGrid.G1.gridRows=10 > > unity.endpoint.web.authnScreenColumn.1.columnWidth=17 > unity.endpoint.web.authnScreenColumn.1.columnContents=pwd ldapWeb > > unity.endpoint.web.authnScreenColumn.3.columnWidth=34 > unity.endpoint.web.authnScreenColumn.3.columnContents=_GRID_G1 > > unity.userhome.attributes.1.attribute=cn > unity.userhome.attributes.1.group=/ > unity.userhome.attributes.1.showGroup=false > unity.userhome.attributes.1.editable=true > > unity.userhome.attributes.2.attribute=mail > unity.userhome.attributes.2.group=/ > unity.userhome.attributes.2.showGroup=false > unity.userhome.attributes.2.editable=true > > unity.userhome.attributes.3.attribute=o > unity.userhome.attributes.3.group=/ > unity.userhome.attributes.3.showGroup=false > unity.userhome.attributes.3.editable=true > > unity.userhome.attributes.4.attribute=picture > unity.userhome.attributes.4.group=/ > unity.userhome.attributes.4.showGroup=false > unity.userhome.attributes.4.editable=true > > unity.userhome.attributes.5.attribute=unity:persistent > unity.userhome.attributes.5.group=/ > unity.userhome.attributes.5.showGroup=false > unity.userhome.attributes.5.editable=false > > unity.userhome.attributes.6.attribute=loa > unity.userhome.attributes.6.group=/ > unity.userhome.attributes.6.showGroup=false > unity.userhome.attributes.6.editable=false > > unity.userhome.attributes.7.attribute=userName > unity.userhome.attributes.7.group=/ > unity.userhome.attributes.7.showGroup=false > unity.userhome.attributes.7.editable=false > > > unity.userhome.accountUpdateEnquiries.1=/theme_testUpdateEnquiry > > > > > Best regards, > Sander > > > > > > Thank you! > > Roman > > > > pon., 22 lip 2024 o 08:06 Laura Hofer <l....@fz...> > > napisał(a): > > > Hi Krzysztof, Hi Roman, > > > > > > we installed Unity 4 and and and once we had ensured that all the > > > technical requirements were met, we were able to launch Unity > > > successfully. We noticed two problems: firstly, the redirect to the > > > home > > > endpoint does not work, although this was previously configured. In > > > addition, everything looks empty on the home endpoint under the > > > profile tab. > > > Do you have any idea why this might be? We can't find any error > > > messages > > > in the logs. > > > > > > Kind regards, > > > Laura > > > > > > Juelich Supercomputing Centre > > > Institute for Advanced Simulation > > > Forschungszentrum Juelich GmbH > > > 52425 Juelich, Germany > > > E-Mail: l....@fz... > > > Phone: +49 2461 61-6576 > > > Fax: +49 2461 61-6656 > > > > > > ------------------------------------------------------------------- > > > ---- > > > ------------------------------------------------------------------- > > > ---- > > > Forschungszentrum Juelich GmbH > > > 52425 Juelich > > > Sitz der Gesellschaft: Juelich > > > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B > > > 3498 > > > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > > > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt > > > (Vorsitzender), > > > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > > > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > > > ------------------------------------------------------------------- > > > ---- > > > ------------------------------------------------------------------- > > > ---- > > > > > > _______________________________________________ > > > Unity-idm-discuss mailing list > > > Uni...@li... > > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > _______________________________________________ > > Unity-idm-discuss mailing list > > Uni...@li... > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2024-07-30 06:41:31
|
Dear Piotr, I'm very sorry. Indeed the accounts had non of the attributes. We copied the configuration from the wrong server. But the UI does not look very good. The fiels with the attribute values are very short and the attributes values are even longer. See the attached screenshot. Is there an option to change this? Best would be a dynamic behaviour where the length of field uses x Percent of the page width. Best regards, Sander On Tue, 2024-07-30 at 08:18 +0200, Piotr Piernik wrote: > > Dear Sander > Could you please verify that logged on HomeUI user has at least one > attributes listed in Home endpoint configuration? > > Best regards, > Piotr > > > W dniu 23.07.2024 o 11:17, Sander Apweiler pisze: > > > > > > Hi Roman, > > since Laura has some days off, let me answer. > > > > On Tue, 2024-07-23 at 11:06 +0200, Roman Krysiński wrote: > > > > > > > > Hello Laura, > > > > > > Thank you for bringing this up. We are looking into it, and will > > > provide an update in the foreseeable future. > > > > > > With regards to the first issue, we are going to verify if > > > unityServer.core.defaultWebPath configuration option works as > > > expected. Let us know if you believe there are other regressions. > > > > > > > We have set this, like in 3.x: > > unityServer.core.defaultWebPath=/home > > But it does not work on two instances > > > > > > > > As for the second question, please note that home UI was > > > redesiend, > > > and the profile tab will now show the attributes configured on > > > home > > > ui endpoint under "Exposed attributes:" option. Would it be > > > possible > > > to share the Services -> Home UI instance -> General tab -> > > > Content > > > configuration options screenshot? > > > > > > > Screenshot is attached. The content is loaded from this file > > config; > > > > > > unity.endpoint.web.enableRegistration=true > > > > unity.endpoint.web.authnScreenOptionsLabel.OR.text=OR > > unity.endpoint.web.authnScreenShowAllOptions=false > > unity.endpoint.web.authnScreenShowSearch=true > > > > unity.endpoint.web.authnGrid.G1.gridContents=samlWeb > > unity.endpoint.web.authnGrid.G1.gridRows=10 > > > > unity.endpoint.web.authnScreenColumn.1.columnWidth=17 > > unity.endpoint.web.authnScreenColumn.1.columnContents=pwd ldapWeb > > > > unity.endpoint.web.authnScreenColumn.3.columnWidth=34 > > unity.endpoint.web.authnScreenColumn.3.columnContents=_GRID_G1 > > > > unity.userhome.attributes.1.attribute=cn > > unity.userhome.attributes.1.group=/ > > unity.userhome.attributes.1.showGroup=false > > unity.userhome.attributes.1.editable=true > > > > unity.userhome.attributes.2.attribute=mail > > unity.userhome.attributes.2.group=/ > > unity.userhome.attributes.2.showGroup=false > > unity.userhome.attributes.2.editable=true > > > > unity.userhome.attributes.3.attribute=o > > unity.userhome.attributes.3.group=/ > > unity.userhome.attributes.3.showGroup=false > > unity.userhome.attributes.3.editable=true > > > > unity.userhome.attributes.4.attribute=picture > > unity.userhome.attributes.4.group=/ > > unity.userhome.attributes.4.showGroup=false > > unity.userhome.attributes.4.editable=true > > > > unity.userhome.attributes.5.attribute=unity:persistent > > unity.userhome.attributes.5.group=/ > > unity.userhome.attributes.5.showGroup=false > > unity.userhome.attributes.5.editable=false > > > > unity.userhome.attributes.6.attribute=loa > > unity.userhome.attributes.6.group=/ > > unity.userhome.attributes.6.showGroup=false > > unity.userhome.attributes.6.editable=false > > > > unity.userhome.attributes.7.attribute=userName > > unity.userhome.attributes.7.group=/ > > unity.userhome.attributes.7.showGroup=false > > unity.userhome.attributes.7.editable=false > > > > > > unity.userhome.accountUpdateEnquiries.1=/theme_testUpdateEnquiry > > > > > > > > > > Best regards, > > Sander > > > > > > > > > > > > Thank you! > > > Roman > > > > > > pon., 22 lip 2024 o 08:06 Laura Hofer <l....@fz...> > > > napisał(a): > > > > > > > > > > > Hi Krzysztof, Hi Roman, > > > > > > > > we installed Unity 4 and and and once we had ensured that all > > > > the > > > > technical requirements were met, we were able to launch Unity > > > > successfully. We noticed two problems: firstly, the redirect to > > > > the > > > > home > > > > endpoint does not work, although this was previously > > > > configured. In > > > > addition, everything looks empty on the home endpoint under the > > > > profile tab. > > > > Do you have any idea why this might be? We can't find any error > > > > messages > > > > in the logs. > > > > > > > > Kind regards, > > > > Laura > > > > > > > > Juelich Supercomputing Centre > > > > Institute for Advanced Simulation > > > > Forschungszentrum Juelich GmbH > > > > 52425 Juelich, Germany > > > > E-Mail: l....@fz... > > > > Phone: +49 2461 61-6576 > > > > Fax: +49 2461 61-6656 > > > > > > > > --------------------------------------------------------------- > > > > ---- > > > > ---- > > > > --------------------------------------------------------------- > > > > ---- > > > > ---- > > > > Forschungszentrum Juelich GmbH > > > > 52425 Juelich > > > > Sitz der Gesellschaft: Juelich > > > > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B > > > > 3498 > > > > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > > > > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt > > > > (Vorsitzender), > > > > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > > > > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > > > > --------------------------------------------------------------- > > > > ---- > > > > ---- > > > > --------------------------------------------------------------- > > > > ---- > > > > ---- > > > > > > > > _______________________________________________ > > > > Unity-idm-discuss mailing list > > > > Uni...@li... > > > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > > > > > > > > > _______________________________________________ > > > Unity-idm-discuss mailing list > > > Uni...@li... > > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > > > > > > > > > > _______________________________________________ > > Unity-idm-discuss mailing list > > Uni...@li... > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Piotr P. <pio...@gm...> - 2024-07-30 06:18:16
|
Dear Sander Could you please verify that logged on HomeUI user has at least one attributes listed in Home endpoint configuration? Best regards, Piotr W dniu 23.07.2024 o 11:17, Sander Apweiler pisze: > Hi Roman, > since Laura has some days off, let me answer. > > On Tue, 2024-07-23 at 11:06 +0200, Roman Krysiński wrote: >> Hello Laura, >> >> Thank you for bringing this up. We are looking into it, and will >> provide an update in the foreseeable future. >> >> With regards to the first issue, we are going to verify if >> unityServer.core.defaultWebPath configuration option works as >> expected. Let us know if you believe there are other regressions. > We have set this, like in 3.x: unityServer.core.defaultWebPath=/home > But it does not work on two instances >> As for the second question, please note that home UI was redesiend, >> and the profile tab will now show the attributes configured on home >> ui endpoint under "Exposed attributes:" option. Would it be possible >> to share the Services -> Home UI instance -> General tab -> Content >> configuration options screenshot? > Screenshot is attached. The content is loaded from this file config; > > > unity.endpoint.web.enableRegistration=true > > unity.endpoint.web.authnScreenOptionsLabel.OR.text=OR > unity.endpoint.web.authnScreenShowAllOptions=false > unity.endpoint.web.authnScreenShowSearch=true > > unity.endpoint.web.authnGrid.G1.gridContents=samlWeb > unity.endpoint.web.authnGrid.G1.gridRows=10 > > unity.endpoint.web.authnScreenColumn.1.columnWidth=17 > unity.endpoint.web.authnScreenColumn.1.columnContents=pwd ldapWeb > > unity.endpoint.web.authnScreenColumn.3.columnWidth=34 > unity.endpoint.web.authnScreenColumn.3.columnContents=_GRID_G1 > > unity.userhome.attributes.1.attribute=cn > unity.userhome.attributes.1.group=/ > unity.userhome.attributes.1.showGroup=false > unity.userhome.attributes.1.editable=true > > unity.userhome.attributes.2.attribute=mail > unity.userhome.attributes.2.group=/ > unity.userhome.attributes.2.showGroup=false > unity.userhome.attributes.2.editable=true > > unity.userhome.attributes.3.attribute=o > unity.userhome.attributes.3.group=/ > unity.userhome.attributes.3.showGroup=false > unity.userhome.attributes.3.editable=true > > unity.userhome.attributes.4.attribute=picture > unity.userhome.attributes.4.group=/ > unity.userhome.attributes.4.showGroup=false > unity.userhome.attributes.4.editable=true > > unity.userhome.attributes.5.attribute=unity:persistent > unity.userhome.attributes.5.group=/ > unity.userhome.attributes.5.showGroup=false > unity.userhome.attributes.5.editable=false > > unity.userhome.attributes.6.attribute=loa > unity.userhome.attributes.6.group=/ > unity.userhome.attributes.6.showGroup=false > unity.userhome.attributes.6.editable=false > > unity.userhome.attributes.7.attribute=userName > unity.userhome.attributes.7.group=/ > unity.userhome.attributes.7.showGroup=false > unity.userhome.attributes.7.editable=false > > > unity.userhome.accountUpdateEnquiries.1=/theme_testUpdateEnquiry > > > > > Best regards, > Sander > > >> Thank you! >> Roman >> >> pon., 22 lip 2024 o 08:06 Laura Hofer <l....@fz...> >> napisał(a): >>> Hi Krzysztof, Hi Roman, >>> >>> we installed Unity 4 and and and once we had ensured that all the >>> technical requirements were met, we were able to launch Unity >>> successfully. We noticed two problems: firstly, the redirect to the >>> home >>> endpoint does not work, although this was previously configured. In >>> addition, everything looks empty on the home endpoint under the >>> profile tab. >>> Do you have any idea why this might be? We can't find any error >>> messages >>> in the logs. >>> >>> Kind regards, >>> Laura >>> >>> Juelich Supercomputing Centre >>> Institute for Advanced Simulation >>> Forschungszentrum Juelich GmbH >>> 52425 Juelich, Germany >>> E-Mail: l....@fz... >>> Phone: +49 2461 61-6576 >>> Fax: +49 2461 61-6656 >>> >>> ------------------------------------------------------------------- >>> ---- >>> ------------------------------------------------------------------- >>> ---- >>> Forschungszentrum Juelich GmbH >>> 52425 Juelich >>> Sitz der Gesellschaft: Juelich >>> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B >>> 3498 >>> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller >>> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt >>> (Vorsitzender), >>> Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, >>> Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior >>> ------------------------------------------------------------------- >>> ---- >>> ------------------------------------------------------------------- >>> ---- >>> >>> _______________________________________________ >>> Unity-idm-discuss mailing list >>> Uni...@li... >>> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss |
|
From: Sander A. <sa....@fz...> - 2024-07-30 06:10:39
|
Good morning Roman,
I guess you mean this one:
2024-07-30T06:08:37,314 [qtp1550177731-224594] ERROR unity.server.web.CustomErrorPageInitializer: Vaadin initialization error:
java.lang.NullPointerException: null
at java.base/java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011) ~[?:?]
at java.base/java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006) ~[?:?]
at java.base/java.util.Properties.put(Properties.java:1346) ~[?:?]
at io.imunity.home.console.HomeServiceConfiguration.toProperties(HomeServiceConfiguration.java:74) ~[unity-server-user-home-4.0.0.jar:?]
at io.imunity.home.console.HomeServiceEditorComponent.getServiceDefiniton(HomeServiceEditorComponent.java:98) ~[unity-server-user-home-4.0.0.jar:?]
at io.imunity.home.console.HomeServiceEditor.getEndpointDefiniton(HomeServiceEditor.java:97) ~[unity-server-user-home-4.0.0.jar:?]
at io.imunity.console.views.services.base.MainServiceEditor.getService(MainServiceEditor.java:154) ~[unity-server-console-4.0.0.jar:?]
at io.imunity.console.views.services.base.NewServiceViewBase.onConfirm(NewServiceViewBase.java:89) ~[unity-server-console-4.0.0.jar:?]
at io.imunity.console.views.EditViewActionLayoutFactory.lambda$createActionLayout$8a6d8b6f$1(EditViewActionLayoutFactory.java:25) ~[unity-server-console-4.0.0.jar:?]
at com.vaadin.flow.component.ComponentEventBus.fireEventForListener(ComponentEventBus.java:239) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.component.ComponentEventBus.handleDomEvent(ComponentEventBus.java:488) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.component.ComponentEventBus.lambda$addDomTrigger$dd1b7957$1(ComponentEventBus.java:298) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.internal.nodefeature.ElementListenerMap.lambda$fireEvent$2(ElementListenerMap.java:447) ~[flow-server-24.3.7.jar:24.3.7]
at java.base/java.util.ArrayList.forEach(ArrayList.java:1596) ~[?:?]
at com.vaadin.flow.internal.nodefeature.ElementListenerMap.fireEvent(ElementListenerMap.java:447) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.rpc.EventRpcHandler.handleNode(EventRpcHandler.java:62) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.rpc.AbstractRpcInvocationHandler.handle(AbstractRpcInvocationHandler.java:74) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.ServerRpcHandler.handleInvocationData(ServerRpcHandler.java:466) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.ServerRpcHandler.lambda$handleInvocations$4(ServerRpcHandler.java:447) ~[flow-server-24.3.7.jar:24.3.7]
at java.base/java.util.ArrayList.forEach(ArrayList.java:1596) ~[?:?]
at com.vaadin.flow.server.communication.ServerRpcHandler.handleInvocations(ServerRpcHandler.java:447) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:324) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:114) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.VaadinService.handleRequest(VaadinService.java:1574) ~[flow-server-24.3.7.jar:24.3.7]
at com.vaadin.flow.server.VaadinServlet.service(VaadinServlet.java:398) ~[flow-server-24.3.7.jar:24.3.7]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) ~[jakarta.servlet-api-6.0.0.jar:6.0.0]
at org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1614) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.endpoint.common.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:67) ~[unity-server-vaadin-endpoint-common-4.0.0.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.auth.server.ProxyAuthenticationFilter.doFilter(ProxyAuthenticationFilter.java:113) ~[unity-server-vaadin-authentication-4.0.0.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.auth.server.AuthenticationFilter.gotoProtectedResource(AuthenticationFilter.java:300) ~[unity-server-vaadin-authentication-4.0.0.jar:?]
at io.imunity.vaadin.auth.server.AuthenticationFilter.handleBoundSession(AuthenticationFilter.java:171) ~[unity-server-vaadin-authentication-4.0.0.jar:?]
at io.imunity.vaadin.auth.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:97) ~[unity-server-vaadin-authentication-4.0.0.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at io.imunity.vaadin.endpoint.common.RemoteRedirectedAuthnResponseProcessingFilter.doFilter(RemoteRedirectedAuthnResponseProcessingFilter.java:48) ~[unity-server-vaadin-endpoint-common-4.0.0.jar:?]
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1586) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1547) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:814) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:431) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:464) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:571) ~[jetty-security-12.0.7.jar:12.0.7]
at org.eclipse.jetty.ee10.servlet.SessionHandler.handle(SessionHandler.java:703) ~[jetty-ee10-servlet-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:765) ~[jetty-server-12.0.7.jar:12.0.7]
at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) ~[unity-server-engine-4.0.0.jar:?]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler$LastRuleHandler.handle(RewriteHandler.java:159) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.HeaderPatternRule$1.handle(HeaderPatternRule.java:89) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.Rule$Handler.handle(Rule.java:108) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:143) ~[jetty-rewrite-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:597) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.Handler$Wrapper.handle(Handler.java:716) ~[jetty-server-12.0.7.jar:12.0.7]
at pl.edu.icm.unity.engine.server.TraceBlockingHandler.handle(TraceBlockingHandler.java:34) ~[unity-server-engine-4.0.0.jar:?]
at org.eclipse.jetty.server.Server.handle(Server.java:179) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:619) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:411) ~[jetty-server-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:574) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:390) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:150) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[jetty-io-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:478) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:441) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:201) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:410) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:971) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1201) ~[jetty-util-12.0.7.jar:12.0.7]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1156) ~[jetty-util-12.0.7.jar:12.0.7]
at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
2024-07-30T06:08:37,315 [qtp1550177731-224594] DEBUG com.vaadin.flow.server.communication.UidlWriter: * Creating response to client
Best regards,
Sander
On Tue, 2024-07-30 at 08:00 +0200, Roman Krysiński wrote:
> Good morning Sander,
>
> Would it be possible to provide a null pointer exception in
> question?
>
> We are working on the "HTML elements in the tooltips are not
> rendered" problem, and will be released in the 4.0.1 patch, along
> with other reported issues.
>
> Best regards,
> Roman
>
> wt., 23 lip 2024 o 11:09 Roman Krysiński <ro...@un...>
> napisał(a):
> > Good morning Sander,
> >
> > Thank you for reporting issues, we will look into it soon.
> >
> > Stay tuned, and thank you for your support!
> >
> > Best regards,
> > Roman
> >
> > wt., 23 lip 2024 o 09:57 Sander Apweiler
> > <sa....@fz...> napisał(a):
> > > Good morning Krzysztof,
> > > beside the issues Laura reported, we found two further issues.
> > >
> > > - HTML elements in the tool tips are not rendered.
> > > - Creating a HomeUI endpoint in the webconsole by filling only
> > > the
> > > mandatory parts + displayed attributes + adding single
> > > authenticator
> > > leads to a null pointer exception
> > >
> > >
> > > Best regards,
> > > Sander
> > >
--
Large-Scale Data Science
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
|
From: Roman K. <ro...@un...> - 2024-07-30 06:02:16
|
Good morning Sander, Would it be possible to provide a null pointer exception in question? We are working on the "HTML elements in the tooltips are not rendered" problem, and will be released in the 4.0.1 patch, along with other reported issues. Best regards, Roman wt., 23 lip 2024 o 11:09 Roman Krysiński <ro...@un...> napisał(a): > Good morning Sander, > > Thank you for reporting issues, we will look into it soon. > > Stay tuned, and thank you for your support! > > Best regards, > Roman > > wt., 23 lip 2024 o 09:57 Sander Apweiler <sa....@fz...> > napisał(a): > >> Good morning Krzysztof, >> beside the issues Laura reported, we found two further issues. >> >> - HTML elements in the tool tips are not rendered. >> - Creating a HomeUI endpoint in the webconsole by filling only the >> mandatory parts + displayed attributes + adding single authenticator >> leads to a null pointer exception >> >> >> Best regards, >> Sander >> >> -- >> Large-Scale Data Science >> Juelich Supercomputing Centre >> >> phone: +49 2461 61 8847 >> fax: +49 2461 61 6656 >> email: sa....@fz... >> >> ----------------------------------------------------------------------- >> ----------------------------------------------------------------------- >> Forschungszentrum Jülich GmbH >> 52425 Jülich >> Sitz der Gesellschaft: Jülich >> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 >> Vorsitzender des Aufsichtsrats: MinDir Stefan Müller >> Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), >> Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens >> ----------------------------------------------------------------------- >> ----------------------------------------------------------------------- >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss >> > |
|
From: Sander A. <sa....@fz...> - 2024-07-30 05:14:08
|
Good morning Krzysztof, good morning Roman, we found another bug in unity 4. We created a mandatory policy (see 1st screenshot) and added it to the registration form (see 2nd screenshot). This policy should be mandatory but I can register without confirmation of the policy. Another question regarding policies because I do not remember and the manual is not that clear in this point. When I create a new version of a policy, is the confirmation of the new version shown to all users or do I need to create enquieries manually? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2024-07-23 09:18:00
|
Hi Roman, since Laura has some days off, let me answer. On Tue, 2024-07-23 at 11:06 +0200, Roman Krysiński wrote: > Hello Laura, > > Thank you for bringing this up. We are looking into it, and will > provide an update in the foreseeable future. > > With regards to the first issue, we are going to verify if > unityServer.core.defaultWebPath configuration option works as > expected. Let us know if you believe there are other regressions. We have set this, like in 3.x: unityServer.core.defaultWebPath=/home But it does not work on two instances > > As for the second question, please note that home UI was redesiend, > and the profile tab will now show the attributes configured on home > ui endpoint under "Exposed attributes:" option. Would it be possible > to share the Services -> Home UI instance -> General tab -> Content > configuration options screenshot? Screenshot is attached. The content is loaded from this file config; unity.endpoint.web.enableRegistration=true unity.endpoint.web.authnScreenOptionsLabel.OR.text=OR unity.endpoint.web.authnScreenShowAllOptions=false unity.endpoint.web.authnScreenShowSearch=true unity.endpoint.web.authnGrid.G1.gridContents=samlWeb unity.endpoint.web.authnGrid.G1.gridRows=10 unity.endpoint.web.authnScreenColumn.1.columnWidth=17 unity.endpoint.web.authnScreenColumn.1.columnContents=pwd ldapWeb unity.endpoint.web.authnScreenColumn.3.columnWidth=34 unity.endpoint.web.authnScreenColumn.3.columnContents=_GRID_G1 unity.userhome.attributes.1.attribute=cn unity.userhome.attributes.1.group=/ unity.userhome.attributes.1.showGroup=false unity.userhome.attributes.1.editable=true unity.userhome.attributes.2.attribute=mail unity.userhome.attributes.2.group=/ unity.userhome.attributes.2.showGroup=false unity.userhome.attributes.2.editable=true unity.userhome.attributes.3.attribute=o unity.userhome.attributes.3.group=/ unity.userhome.attributes.3.showGroup=false unity.userhome.attributes.3.editable=true unity.userhome.attributes.4.attribute=picture unity.userhome.attributes.4.group=/ unity.userhome.attributes.4.showGroup=false unity.userhome.attributes.4.editable=true unity.userhome.attributes.5.attribute=unity:persistent unity.userhome.attributes.5.group=/ unity.userhome.attributes.5.showGroup=false unity.userhome.attributes.5.editable=false unity.userhome.attributes.6.attribute=loa unity.userhome.attributes.6.group=/ unity.userhome.attributes.6.showGroup=false unity.userhome.attributes.6.editable=false unity.userhome.attributes.7.attribute=userName unity.userhome.attributes.7.group=/ unity.userhome.attributes.7.showGroup=false unity.userhome.attributes.7.editable=false unity.userhome.accountUpdateEnquiries.1=/theme_testUpdateEnquiry Best regards, Sander > > Thank you! > Roman > > pon., 22 lip 2024 o 08:06 Laura Hofer <l....@fz...> > napisał(a): > > Hi Krzysztof, Hi Roman, > > > > we installed Unity 4 and and and once we had ensured that all the > > technical requirements were met, we were able to launch Unity > > successfully. We noticed two problems: firstly, the redirect to the > > home > > endpoint does not work, although this was previously configured. In > > addition, everything looks empty on the home endpoint under the > > profile tab. > > Do you have any idea why this might be? We can't find any error > > messages > > in the logs. > > > > Kind regards, > > Laura > > > > Juelich Supercomputing Centre > > Institute for Advanced Simulation > > Forschungszentrum Juelich GmbH > > 52425 Juelich, Germany > > E-Mail: l....@fz... > > Phone: +49 2461 61-6576 > > Fax: +49 2461 61-6656 > > > > ------------------------------------------------------------------- > > ---- > > ------------------------------------------------------------------- > > ---- > > Forschungszentrum Juelich GmbH > > 52425 Juelich > > Sitz der Gesellschaft: Juelich > > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B > > 3498 > > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt > > (Vorsitzender), > > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > > ------------------------------------------------------------------- > > ---- > > ------------------------------------------------------------------- > > ---- > > > > _______________________________________________ > > Unity-idm-discuss mailing list > > Uni...@li... > > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2024-07-23 09:10:07
|
Good morning Sander, Thank you for reporting issues, we will look into it soon. Stay tuned, and thank you for your support! Best regards, Roman wt., 23 lip 2024 o 09:57 Sander Apweiler <sa....@fz...> napisał(a): > Good morning Krzysztof, > beside the issues Laura reported, we found two further issues. > > - HTML elements in the tool tips are not rendered. > - Creating a HomeUI endpoint in the webconsole by filling only the > mandatory parts + displayed attributes + adding single authenticator > leads to a null pointer exception > > > Best regards, > Sander > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Roman K. <ro...@un...> - 2024-07-23 09:06:25
|
Hello Laura, Thank you for bringing this up. We are looking into it, and will provide an update in the foreseeable future. With regards to the first issue, we are going to verify if unityServer.core.defaultWebPath configuration option works as expected. Let us know if you believe there are other regressions. As for the second question, please note that home UI was redesiend, and the profile tab will now show the attributes configured on home ui endpoint under "Exposed attributes:" option. Would it be possible to share the Services -> Home UI instance -> General tab -> Content configuration options screenshot? Thank you! Roman pon., 22 lip 2024 o 08:06 Laura Hofer <l....@fz...> napisał(a): > Hi Krzysztof, Hi Roman, > > we installed Unity 4 and and and once we had ensured that all the > technical requirements were met, we were able to launch Unity > successfully. We noticed two problems: firstly, the redirect to the home > endpoint does not work, although this was previously configured. In > addition, everything looks empty on the home endpoint under the profile > tab. > Do you have any idea why this might be? We can't find any error messages > in the logs. > > Kind regards, > Laura > > Juelich Supercomputing Centre > Institute for Advanced Simulation > Forschungszentrum Juelich GmbH > 52425 Juelich, Germany > E-Mail: l....@fz... > Phone: +49 2461 61-6576 > Fax: +49 2461 61-6656 > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Roman K. <ro...@un...> - 2024-07-23 07:58:16
|
Hello Sander, Sorry to be long in my email reply. > It seems that this only removes the attribute value but not the attribute itself. Looking at the implementation, when a user has an attribute in a group which was created as the result of translation from given IdP, and the consecutive translation profile processing from this given IdP is not returning an attribute anymore, then it should be removed from a group as the result of removeStaleData action. > After setting the attribute to an empty string in the external OP, I got an error about Attribute must have at least 1 value. Depending on a setup this may happen. If you have an error (exception) please share it, as well as the given Attributes type definition? > The condition for the mapAttribute rule is attrs['attr_name'] != null && attr['attr_name'] != '', which woirks fine without the removeStaleData rule. Would it be possible to perform a test using Console Authentication -> Remote data profiles -> Wizard tool to see the outcome of the profile? To see how attributes are mapped, and whether the attribute in question appears in the translation result? Best regards, Roman wt., 9 lip 2024 o 08:55 Sander Apweiler <sa....@fz...> napisał(a): > Good morning Krzysztof, > we are testing the removeStaleData action in input translation profile. > It seems that this only removes the attribute value but not the > attribute itself. After setting the attribute to an empty string in the > external OP, I got an error about Attribute must have at least 1 > values. > > The condition for the mapAttribute rule is attrs['attr_name'] != null > && attr['attr_name'] != '', which woirks fine without the > removeStaleData rule. > > Is the behaviour intended that uniy deletes only the attriobute value > but not the attribute, if it is empty? > > Best regards, > Sander > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Jülich GmbH > 52425 Jülich > Sitz der Gesellschaft: Jülich > Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2024-07-23 07:57:31
|
Good morning Krzysztof, beside the issues Laura reported, we found two further issues. - HTML elements in the tool tips are not rendered. - Creating a HomeUI endpoint in the webconsole by filling only the mandatory parts + displayed attributes + adding single authenticator leads to a null pointer exception Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Laura H. <l....@fz...> - 2024-07-22 06:06:26
|
Hi Krzysztof, Hi Roman, we installed Unity 4 and and and once we had ensured that all the technical requirements were met, we were able to launch Unity successfully. We noticed two problems: firstly, the redirect to the home endpoint does not work, although this was previously configured. In addition, everything looks empty on the home endpoint under the profile tab. Do you have any idea why this might be? We can't find any error messages in the logs. Kind regards, Laura Juelich Supercomputing Centre Institute for Advanced Simulation Forschungszentrum Juelich GmbH 52425 Juelich, Germany E-Mail: l....@fz... Phone: +49 2461 61-6576 Fax: +49 2461 61-6656 ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2024-07-19 10:50:14
|
Dear Subscribers,
It took significantly more than we hoped, but finally it's arrived: the
4th major version of Unity was released yesterday.
Unity 4 introduces a completely new, fully rewritten web User Interface
using modern technologies.
This is a significant technical step forward for the application,
allowing us to enhance the user experience with lightweight widgets and
improve compatibility with various browser plugins and tools.
The change in web technology also requires adaptation of branding and UI
customizations. See the update instructions in the Unity Manual for
details.
Besides technology and look and feel updates, Unity 4 also brings many
other changes:
* HomeUI has been generally refreshed. User credentials management is
now more user-friendly. HomeUI also has a more lightweight design,
making it easier to customize, brand, and embed.
* The minimum Java version is now 17.
* The UNICORE endpoint was removed since it is no longer needed by
newer UNICORE versions.
* The demo CA and server certificate have been updated.
All relevant links are available here:
https://unity-idm.eu/releases/release-4-0-0/
Best,
Krzysztof
|
|
From: Krzysztof B. <kb...@un...> - 2024-07-09 07:01:14
|
Hi Sander, W dniu 27.06.2024 o 13:19, Sander Apweiler pisze: > Hi Krzysztof, > hi Roman, > > due to some issue we recognized that Ghostery adblocker breaks unity. > In one case the user was in a loop at the WAYF-service and upstream > login. After the successful login at the organisation, unity showed the > WAYF-service without preselected IdP. > In the second case unity did not show the checkbox and Text of policy > update enquiry. > It seems that this issues came up with the last update of Ghostery. > I think this will be fine in Unity 4. Best, Krzysztof Benedyczak |
|
From: Sander A. <sa....@fz...> - 2024-07-09 06:55:34
|
Good morning Krzysztof, we are testing the removeStaleData action in input translation profile. It seems that this only removes the attribute value but not the attribute itself. After setting the attribute to an empty string in the external OP, I got an error about Attribute must have at least 1 values. The condition for the mapAttribute rule is attrs['attr_name'] != null && attr['attr_name'] != '', which woirks fine without the removeStaleData rule. Is the behaviour intended that uniy deletes only the attriobute value but not the attribute, if it is empty? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2024-07-03 08:29:16
|
Hi Sander, W dniu 25.06.2024 o 12:48, Sander Apweiler pisze: > Hi Krzysztof, > I spend some further time to set up the SCIM API using tokens. I > created an authenticator for verifying local tokens (config in > screenshot). But when I try to qquery the API using this command > > curlhttps://login-dev.helmholtz.de/scim/Me -H "Authorization: Bearer > $TOKEN" -H "Authorization: Basic $CLIENT" > > I got: > {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":403 > ,"detail":"Forbidden"} as response and the log shows > > DEBUG unity.server.scim.EngineExceptionMapper: Access denied for SCIM > API client > pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user > name, credential or external authentication failed. > > The client which requested the token is the same like the one who calls > the SCIM API. It also requested the scope sys:scim:read_profile to be > able to query the SCIM API. > > Did I miss something? Can you try: curl https://login-dev.helmholtz.de/scim/Me <https://login-dev.helmholtz.de/scim/Me>-H "Authorization: Basic $CLIENT,Bearer $TOKEN" ? If it still doesn't work, please provide server logs from authentication, at least on debug and perfectly on TRACE level. HTH, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2024-06-27 11:19:43
|
Hi Krzysztof, hi Roman, due to some issue we recognized that Ghostery adblocker breaks unity. In one case the user was in a loop at the WAYF-service and upstream login. After the successful login at the organisation, unity showed the WAYF-service without preselected IdP. In the second case unity did not show the checkbox and Text of policy update enquiry. It seems that this issues came up with the last update of Ghostery. Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2024-06-25 10:48:26
|
Hi Krzysztof, I spend some further time to set up the SCIM API using tokens. I created an authenticator for verifying local tokens (config in screenshot). But when I try to qquery the API using this command curl https://login-dev.helmholtz.de/scim/Me -H "Authorization: Bearer $TOKEN" -H "Authorization: Basic $CLIENT" I got: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":403 ,"detail":"Forbidden"} as response and the log shows DEBUG unity.server.scim.EngineExceptionMapper: Access denied for SCIM API client pl.edu.icm.unity.engine.api.authn.AuthenticationException: Invalid user name, credential or external authentication failed. The client which requested the token is the same like the one who calls the SCIM API. It also requested the scope sys:scim:read_profile to be able to query the SCIM API. Did I miss something? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Sander A. <sa....@fz...> - 2024-06-25 10:33:20
|
Hi Krzysztof, thanks. It's working now. Best regards, Sander On Sat, 2024-06-22 at 11:49 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 20.06.2024 o 08:31, Sander Apweiler pisze: > > Hi Krzysztof, hi Roman, > > > > is there a way to display an IdP in unity which sets hide from > > discovery in its metadata? > > It is not possible to turn off (and in particular selectively) hiding > from discovery. > > But naturally you can configure this IdP as an individually trusted > IdP, > next to the federation (by pasting the values from the metadata > record). > It will look seamless from user PoV. > > HTH, > Krzysztof > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2024-06-22 09:50:06
|
Hi Sander, W dniu 20.06.2024 o 08:31, Sander Apweiler pisze: > Hi Krzysztof, hi Roman, > > is there a way to display an IdP in unity which sets hide from > discovery in its metadata? It is not possible to turn off (and in particular selectively) hiding from discovery. But naturally you can configure this IdP as an individually trusted IdP, next to the federation (by pasting the values from the metadata record). It will look seamless from user PoV. HTH, Krzysztof |
|
From: Krzysztof B. <kb...@un...> - 2024-06-22 09:37:05
|
Dear Subscribers
Unity 3.15.1 was published today.
This release includes the following improvements:
* proper error code is returned when prompt=none and consent is required
* OIDC metadata includes x5c attribute with certificate chain used to
sign tokens
See https://unity-idm.eu/releases/release-3-16-1/ for all relevant links.
Best regards,
Krzysztof
|
|
From: Sander A. <sa....@fz...> - 2024-06-20 06:31:17
|
Hi Krzysztof, hi Roman, is there a way to display an IdP in unity which sets hide from discovery in its metadata? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Roman K. <ro...@un...> - 2024-05-21 12:22:42
|
Hi Sander, Sorry to be long in my replay I see your point, I have opened a ticket to correct the error coming from oauth IdP as suggested. Best regards, Roman czw., 16 maj 2024 o 12:20 Sander Apweiler <sa....@fz...> napisał(a): > Dear Roman, > I think not. They want to test if the user has a running session at > unity. The token might not been revoked, if the session was closed. Or > does unity invalidate all tokens, created in the session, if the user > logs out? > > Best regards, > Sander > > > On Thu, 2024-05-16 at 12:12 +0200, Roman Krysiński wrote: > > Good morning Sander, > > > > One way of solving this problem, which Unity already supports, is to > > use tokeninfo endpoint. > > It does not extend the token validity, and provides information about > > its expiration. > > > > Would that work? > > > > Best regards, > > Roman > > > > > > > > czw., 16 maj 2024 o 09:57 Sander Apweiler <sa....@fz...> > > napisał(a): > > > Good morning Krzystzof, > > > good morning Roman, > > > > > > we have a client which want to check if the user has still a > > > running > > > session in unity and end the session in the service, if there is no > > > session in unity anymore. They are using a normal oidc flow with > > > prompt=none and it works fine if the user stored the consent, but > > > if > > > not unity sends Unexpected server error. Since OIDC already > > > defined > > > the error "consent_required", it would be much more comfortable for > > > the > > > service and in the end for the user, if unity would send this error > > > message. What do you think? > > > > > > I added you some details from the service operator below. > > > > > > > > > We do a regular OIDC flow and after a while we trigger another flow > > > with > > > prompt=none to validate the user is still active and authenticated: > > > > > > https://login-dev.helmholtz.de/oauth2-as/oauth2-authz > > > ?response_type=code > > > &client_id=OUR_CLIENT > > > &redirect_uri=OUR_URI > > > &prompt=none > > > &nonce=NONCE > > > &code_challenge=CODE_CHALLENGE > > > &code_challenge_method=S256 > > > > > > > > > If the user did not tick the 'remember my decision' box, then they > > > get > > > redirected with: > > > > > > https://OUR_HOSTNAME/oidc/callback/ > > > ?error=server_error > > > &error_description=Unexpected+server+error&state=STATE > > > > > > > > > Unity log: > > > > > > ERROR unity.server.oauth.ASConsentDeciderServlet: Consent is > > > required > > > but 'none' prompt was given > > > > > > > > > Returning an error seems to be the correct behaviour here > > > (https://openid.net/specs/openid-connect-core-1_0.html). > > > Returning e.g. consent_required > > > (https://openid.net/specs/openid-connect-core-1_0.html#AuthError) > > > instead of the generic server_error as suggested in the > > > specification, > > > could help us display a useful error message to the user. Since > > > Unity's > > > log already displays this as a specific error this is hopefully not > > > too > > > difficult to implement. > > > > > > > > > We're using mozilla-django OIDC: > > > > > > > https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#validate-id-tokens-by-renewing-them > > > > > > > https://github.com/mozilla/mozilla-django-oidc/blob/2c2334fdc9b2fc72a492b5f0e990b4c30de68363/mozilla_django_oidc/middleware.py#L147 > > > > > > > > > Best regards, > > > Sander > > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Roman K. <ro...@un...> - 2024-05-17 16:20:36
|
Hi Sander, This work has been ticketed but there is no timeline for it yet. Best regards, Roman śr., 15 maj 2024 o 08:46 Sander Apweiler <sa....@fz...> napisał(a): > Hi Krzysztof, > was this added in meantime or is it planned to be added? > > Best regards, > Sander > > On Fri, 2023-10-27 at 09:16 +0200, Krzysztof Benedyczak wrote: > > Hi Sander, > > > > W dniu 27.10.2023 o 07:14, Sander Apweiler pisze: > > > Hello Krzysztof, > > > hello Roman, > > > > > > one of our connected clients is using Ceph as storage backend and > > > it > > > requires the certificate which was used to sign the token. > > > According to > > > > https://openid.net/specs/openid-connect-discovery-1_0-21.html#ProviderMetadata > > > and https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.6 > > > certificates can be added as optional x5c attribute. > > > Since I didn't find anything in the manual and nothing endpoint > > > configuration, I assume it is not (yet) possible. Can you correct > > > me if > > > I'm wrong or give your thought about possible extension? > > > > > Yes, Unity only puts bare keys in oidc metadata. > > > > Yes, enhancement to also add a full certificate looks fine. > > > > Best, > > Krzysztof > > > > -- > Large-Scale Data Science > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
|
From: Sander A. <sa....@fz...> - 2024-05-16 10:20:08
|
Dear Roman, I think not. They want to test if the user has a running session at unity. The token might not been revoked, if the session was closed. Or does unity invalidate all tokens, created in the session, if the user logs out? Best regards, Sander On Thu, 2024-05-16 at 12:12 +0200, Roman Krysiński wrote: > Good morning Sander, > > One way of solving this problem, which Unity already supports, is to > use tokeninfo endpoint. > It does not extend the token validity, and provides information about > its expiration. > > Would that work? > > Best regards, > Roman > > > > czw., 16 maj 2024 o 09:57 Sander Apweiler <sa....@fz...> > napisał(a): > > Good morning Krzystzof, > > good morning Roman, > > > > we have a client which want to check if the user has still a > > running > > session in unity and end the session in the service, if there is no > > session in unity anymore. They are using a normal oidc flow with > > prompt=none and it works fine if the user stored the consent, but > > if > > not unity sends Unexpected server error. Since OIDC already > > defined > > the error "consent_required", it would be much more comfortable for > > the > > service and in the end for the user, if unity would send this error > > message. What do you think? > > > > I added you some details from the service operator below. > > > > > > We do a regular OIDC flow and after a while we trigger another flow > > with > > prompt=none to validate the user is still active and authenticated: > > > > https://login-dev.helmholtz.de/oauth2-as/oauth2-authz > > ?response_type=code > > &client_id=OUR_CLIENT > > &redirect_uri=OUR_URI > > &prompt=none > > &nonce=NONCE > > &code_challenge=CODE_CHALLENGE > > &code_challenge_method=S256 > > > > > > If the user did not tick the 'remember my decision' box, then they > > get > > redirected with: > > > > https://OUR_HOSTNAME/oidc/callback/ > > ?error=server_error > > &error_description=Unexpected+server+error&state=STATE > > > > > > Unity log: > > > > ERROR unity.server.oauth.ASConsentDeciderServlet: Consent is > > required > > but 'none' prompt was given > > > > > > Returning an error seems to be the correct behaviour here > > (https://openid.net/specs/openid-connect-core-1_0.html). > > Returning e.g. consent_required > > (https://openid.net/specs/openid-connect-core-1_0.html#AuthError) > > instead of the generic server_error as suggested in the > > specification, > > could help us display a useful error message to the user. Since > > Unity's > > log already displays this as a specific error this is hopefully not > > too > > difficult to implement. > > > > > > We're using mozilla-django OIDC: > > > > https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#validate-id-tokens-by-renewing-them > > > > https://github.com/mozilla/mozilla-django-oidc/blob/2c2334fdc9b2fc72a492b5f0e990b4c30de68363/mozilla_django_oidc/middleware.py#L147 > > > > > > Best regards, > > Sander > > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
