Menu
▾
▴
unity-idm-discuss
|
From: mahind <atu...@ma...> - 2014-08-21 10:08:40
|
Hello,
I am using Unity version 1.3.1.
The test user is registered in OpenLDAP.
I am trying to get authentication from UNICORE commandline client (ucc)
via Unity.
From ucc I am able to get authentication for users registered in Unity.
With the help of documentation, I configured unityServer.log for
authenticator and endpoint settings.
unityServer.core.authenticators.4.authenticatorName=ldapWeb
unityServer.core.authenticators.4.authenticatorType=ldap with
web-password
unityServer.core.authenticators.4.verificatorConfigurationFile=conf/authenticators/ldap.properties
unityServer.core.authenticators.4.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json
unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties
unityServer.core.endpoints.4.contextPath=/unicore-soapidp
unityServer.core.endpoints.4.endpointRealm=defaultRealm
unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML
service
unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;ldapWeb
Also updated conf/authenticators/ldap.properties
ldap.servers.1=xxx
ldap.ports.1=xxx
ldap.userDNTemplate=uid={USERNAME},ou=users,dc=tu-dresden,dc=de
ldap.attributes.1=uid
ldap.groupsBaseName=dc=tu-dresden,dc=de
ldap.groups.1.objectClass=groups
ldap.groups.1.memberAttribute=memberUid
ldap.groups.1.matchByMemberAttribute=cn
ldap.groups.1.nameAttribute=cn
ldap.translationProfile=ldapProfile
When I try to connect, I get -
**************************
Starting UNITY Web Server
**************************
2014-08-21 09:29:30,340 [main] INFO unity.server.config.JettyServerBase
- Creating Jetty HTTP server, will listen on: https://xxx
2014-08-21 09:29:34,058 [main] INFO unity.server.db.InitDB - Database
initialized, skipping creation
2014-08-21 09:29:39,679 [main] INFO unity.server.EngineInitialization -
Checking if all identity types are defined
2014-08-21 09:29:39,783 [main] INFO unity.server.EngineInitialization -
Checking if all system attribute types are defined
2014-08-21 09:29:40,268 [main] INFO unity.server.EngineInitialization -
Loading all configured credentials
2014-08-21 09:29:40,297 [main] INFO unity.server.EngineInitialization -
Loading all configured credential requirements
2014-08-21 09:29:40,388 [main] INFO unity.server.EngineInitialization -
Loading configured translation profiles
2014-08-21 09:29:40,389 [main] INFO unity.server.EngineInitialization -
Loading all configured authenticators
2014-08-21 09:29:40,418 [main] INFO unity.server.EngineInitialization -
Removing all persisted endpoints
2014-08-21 09:29:40,431 [main] INFO unity.server.EngineInitialization -
Removing all persisted realms
2014-08-21 09:29:40,464 [main] INFO unity.server.EngineInitialization -
Loading configured realms
2014-08-21 09:29:40,487 [main] INFO unity.server.EngineInitialization
- - defaultRealm: [blockAfter 4, blockFor 30, rememberMe -1,
maxInactive 3600
2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization
- - adminRealm: [blockAfter 4, blockFor 30, rememberMe -1, maxInactive
1800
2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization -
Loading all configured endpoints
2014-08-21 09:29:40,729 [main] INFO unity.server.EngineInitialization
- - UNITY administration interface: WebAdminUI
2014-08-21 09:29:41,776 [main] INFO unity.server.EngineInitialization
- - UNITY SAML web authentication: SAMLWebIdP
2014-08-21 09:29:41,844 [main] INFO unity.server.EngineInitialization
- - UNITY UNICORE web authentication: SAMLUnicoreWebIdP
2014-08-21 09:29:41,891 [main] FATAL unity.server.EngineInitialization
- Can't load endpoints which are configured
pl.edu.icm.unity.exceptions.EngineException: Unable to deploy an
endpoint: The authenticator of type web-vaadin7 is not supported by the
binding. Supported are: [webservice-cxf2]
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:132)
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deploy(EndpointManagementImpl.java:101)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.loadEndpointsFromConfiguration(EngineInitialization.java:631)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:579)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:282)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.start(EngineInitialization.java:181)
at
org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
at
org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
at
org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:346)
at
org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:149)
at
org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:112)
at
org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:773)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:485)
at
pl.edu.icm.unity.server.UnityApplication.run(UnityApplication.java:50)
at
pl.edu.icm.unity.server.UnityApplication.main(UnityApplication.java:58)
Caused by: pl.edu.icm.unity.exceptions.WrongArgumentException: The
authenticator of type web-vaadin7 is not supported by the binding.
Supported are: [webservice-cxf2]
at
pl.edu.icm.unity.engine.EndpointManagementImpl.verifyAuthenticators(EndpointManagementImpl.java:147)
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:120)
... 14 more
Is there any mistake in configuration?
Thanks in advance!
Best regards,
Atul
|
|
From: Krzysztof B. <go...@ic...> - 2014-08-21 15:52:17
|
Hi,
W dniu 21.08.2014 12:08, mahind pisze:
> Hello,
>
> I am using Unity version 1.3.1.
>
> The test user is registered in OpenLDAP.
>
> I am trying to get authentication from UNICORE commandline client (ucc)
> via Unity.
>
> From ucc I am able to get authentication for users registered in Unity.
>
> With the help of documentation, I configured unityServer.log for
> authenticator and endpoint settings.
>
> unityServer.core.authenticators.4.authenticatorName=ldapWeb
> unityServer.core.authenticators.4.authenticatorType=ldap with
> web-password
> unityServer.core.authenticators.4.verificatorConfigurationFile=conf/authenticators/ldap.properties
> unityServer.core.authenticators.4.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json
>
> unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
> unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties
> unityServer.core.endpoints.4.contextPath=/unicore-soapidp
> unityServer.core.endpoints.4.endpointRealm=defaultRealm
> unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML
> service
> unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;ldapWeb
>
>
> Also updated conf/authenticators/ldap.properties
>
> ldap.servers.1=xxx
> ldap.ports.1=xxx
>
> ldap.userDNTemplate=uid={USERNAME},ou=users,dc=tu-dresden,dc=de
> ldap.attributes.1=uid
> ldap.groupsBaseName=dc=tu-dresden,dc=de
> ldap.groups.1.objectClass=groups
> ldap.groups.1.memberAttribute=memberUid
> ldap.groups.1.matchByMemberAttribute=cn
> ldap.groups.1.nameAttribute=cn
>
> ldap.translationProfile=ldapProfile
>
>
> When I try to connect, I get -
>
> **************************
> Starting UNITY Web Server
> **************************
> 2014-08-21 09:29:30,340 [main] INFO unity.server.config.JettyServerBase
> - Creating Jetty HTTP server, will listen on: https://xxx
> 2014-08-21 09:29:34,058 [main] INFO unity.server.db.InitDB - Database
> initialized, skipping creation
> 2014-08-21 09:29:39,679 [main] INFO unity.server.EngineInitialization -
> Checking if all identity types are defined
> 2014-08-21 09:29:39,783 [main] INFO unity.server.EngineInitialization -
> Checking if all system attribute types are defined
> 2014-08-21 09:29:40,268 [main] INFO unity.server.EngineInitialization -
> Loading all configured credentials
> 2014-08-21 09:29:40,297 [main] INFO unity.server.EngineInitialization -
> Loading all configured credential requirements
> 2014-08-21 09:29:40,388 [main] INFO unity.server.EngineInitialization -
> Loading configured translation profiles
> 2014-08-21 09:29:40,389 [main] INFO unity.server.EngineInitialization -
> Loading all configured authenticators
> 2014-08-21 09:29:40,418 [main] INFO unity.server.EngineInitialization -
> Removing all persisted endpoints
> 2014-08-21 09:29:40,431 [main] INFO unity.server.EngineInitialization -
> Removing all persisted realms
> 2014-08-21 09:29:40,464 [main] INFO unity.server.EngineInitialization -
> Loading configured realms
> 2014-08-21 09:29:40,487 [main] INFO unity.server.EngineInitialization
> - - defaultRealm: [blockAfter 4, blockFor 30, rememberMe -1,
> maxInactive 3600
> 2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization
> - - adminRealm: [blockAfter 4, blockFor 30, rememberMe -1, maxInactive
> 1800
> 2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization -
> Loading all configured endpoints
> 2014-08-21 09:29:40,729 [main] INFO unity.server.EngineInitialization
> - - UNITY administration interface: WebAdminUI
> 2014-08-21 09:29:41,776 [main] INFO unity.server.EngineInitialization
> - - UNITY SAML web authentication: SAMLWebIdP
> 2014-08-21 09:29:41,844 [main] INFO unity.server.EngineInitialization
> - - UNITY UNICORE web authentication: SAMLUnicoreWebIdP
> 2014-08-21 09:29:41,891 [main] FATAL unity.server.EngineInitialization
> - Can't load endpoints which are configured
> pl.edu.icm.unity.exceptions.EngineException: Unable to deploy an
> endpoint: The authenticator of type web-vaadin7 is not supported by the
> binding. Supported are: [webservice-cxf2]
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:132)
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deploy(EndpointManagementImpl.java:101)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.loadEndpointsFromConfiguration(EngineInitialization.java:631)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:579)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:282)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.start(EngineInitialization.java:181)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
> at
> org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:346)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:149)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:112)
> at
> org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:773)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:485)
> at
> pl.edu.icm.unity.server.UnityApplication.run(UnityApplication.java:50)
> at
> pl.edu.icm.unity.server.UnityApplication.main(UnityApplication.java:58)
> Caused by: pl.edu.icm.unity.exceptions.WrongArgumentException: The
> authenticator of type web-vaadin7 is not supported by the binding.
> Supported are: [webservice-cxf2]
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.verifyAuthenticators(EndpointManagementImpl.java:147)
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:120)
> ... 14 more
>
> Is there any mistake in configuration?
Yes, there is. As the error message says the authenticator is
incompatible with the endpoint. The authenticator 'ldapWeb' can be used
only for web endpoints as it is configured to retrieve user's password
using the web form (see documentation of authenticators):
unityServer.core.authenticators.4.authenticatorType=ldap with web-password
It is not possible to use it with SOAP endpoint, used by UCC or URC. SO
you need to define another authenticator (LDAP specific part can reuse
the same configuration file), but the new authenticator must be of type:
ldap with cxf-httpbasic
This authenticator will work with the SOAP endpoint.
Best,
Krzysztof
|
Thanks for helping keep SourceForge clean.
X