Menu
▾
▴
unity-idm-discuss
|
From: Alvaro A. <alv...@tu...> - 2015-11-30 08:51:28
Attachments:
smime.p7s
|
Hello, I'm trying to get Unicore use Unity to validate users using our LDAP server and could use a little help from someone with experience on this. Until now I have set up a Unity server and created a simple authenticator for LDAP (code below), as well as the corresponding translation profile (also below). The dry test of the TP seems to be working well I also added the certificate of the Unity server to Unicore's assertion issuers and granted access to the LDAP users in the XUUDB. However, I'm still unable to login to Unicore using the rich client with the Unity option. Any hints about what I'm missing or doing wrong? Thanks! Alvaro ------------------------------ *wsrflite.xml (both for registry & unicore/x) *<property name="container.security.trustedAssertionIssuers.type" value="directory" /> <property name="container.security.trustedAssertionIssuers.directoryLocations.1" value="/home/somepath.../unity..pem" /> *uas.conf* container.security.rest.authentication.order=FILE UNITY container.security.rest.authentication.UNITY.class=eu.unicore.services.rest.security.UnitySAMLAuthenticator container.security.rest.authentication.UNITY.address=https://unity.zih.tu-dresden.de:2443/unicore-soapidp/saml2unicoreidp-soap/AuthenticationService container.security.rest.authentication.UNITY.validate=true *Authenticator* ldap.bindAs=system ldap.systemDN=cn=blahblah,dc=zih,dc=tu-dresden,dc=de ldap.systemPassword=secret ldap.servers.1=ldap-server.zih.tu-dresden.de ldap.ports.1=636 ldap.connectionMode=SSL ldap.trustAllServerCertificates=true ldap.userDNTemplate=uid={USERNAME},ou=users,dc=tu-dresden,dc=de ldap.groupsBaseName=ou=groups,dc=tu-dresden,dc=de ldap.groups.1.objectClass=posixGroup ldap.groups.1.memberAttribute=memberUid ldap.groups.1.nameAttribute=cn ldap.groups.1.matchByMemberAttribute=cn ldap.translationProfile=LDAP-Test *Translation Profile (LDAP-Test)* 1: Condition: true Action: mapIdentity Action parameters: unityIdentityType = x500Name expression = id credential requirement = Password requirement effect = CREATE_OR_MATCH 2: Condition: true Action: mapIdentity Action parameters: unityIdentityType = userName expression = attr['uid'] credential requirement = Password requirement effect = CREATE_OR_MATCH 3: Condition: true Action: mapAttribute Action parameters: unityAttribute = cn group = / expression = attr['cn'] visibility = full effect = CREATE_OR_UPDATE 4: Condition: true Action:mapAttribute Action parameters: unityAttribute = urn:unicore:attrType:xlogin group = / expression = attr['uid'] visibility = full effect = CREATE_OR_UPDATE 5: Condition: true Action: mapAttribute Action parameters: unityAttribute = email group = / expression = attr['mail'] visibility = full effect = CREATE_OR_UPDATE -- Dipl.-Inf. Alvaro Aguilera Wissenschaftlicher Mitarbeiter Technische Universität Dresden Zentrum für Informationsdienste und Hochleistungsrechnen Verteiltes und Datenintensives Rechnen Büro: Falkenbrunnen, Raum 256 Chemnitzer Straße 46b 01187 Dresden Tel: +49 (351) 463 33491 Email:alv...@tu... Web:http://www.tu-dresden.de/zih OTR-Fingerprint: 9CD3BC97 ACFB7430 D084BA9D 4BEB1775 4B0BA9F1 |
|
From: Bernd S. <b.s...@fz...> - 2015-11-30 08:59:18
|
hi, did you add the LDAP authenticator to the unicore-soapidp endpoint? If yes, try debug logging on Unity and/or UNICORE/X to find out more... Best regards, Bernd. On 30.11.2015 09:51, Alvaro Aguilera wrote: > Hello, > > I'm trying to get Unicore use Unity to validate users using our LDAP > server and could use a little help from someone with experience on this. > Until now I have set up a Unity server and created a simple > authenticator for LDAP (code below), as well as the corresponding > translation profile (also below). > The dry test of the TP seems to be working well > > I also added the certificate of the Unity server to Unicore's assertion > issuers and granted access to the LDAP users in the XUUDB. > > However, I'm still unable to login to Unicore using the rich client with > the Unity option. > > Any hints about what I'm missing or doing wrong? > > Thanks! > Alvaro > > > ------------------------------ > > > *wsrflite.xml (both for registry & unicore/x) > > *<property name="container.security.trustedAssertionIssuers.type" > value="directory" /> > <property > name="container.security.trustedAssertionIssuers.directoryLocations.1" > value="/home/somepath.../unity..pem" /> > > > *uas.conf* > > container.security.rest.authentication.order=FILE UNITY > container.security.rest.authentication.UNITY.class=eu.unicore.services.rest.security.UnitySAMLAuthenticator > container.security.rest.authentication.UNITY.address=https://unity.zih.tu-dresden.de:2443/unicore-soapidp/saml2unicoreidp-soap/AuthenticationService > container.security.rest.authentication.UNITY.validate=true > > > *Authenticator* [...] > > > *Translation Profile (LDAP-Test)* > [...] ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
|
From: Alvaro A. <alv...@tu...> - 2015-11-30 09:22:58
Attachments:
smime.p7s
|
Hi Bern,
when I add the authenticator to the endpoint like this:
...
unityServer.core.authenticators.6.authenticatorName=ldapZIH
unityServer.core.authenticators.6.authenticatorType=ldap with web-password
unityServer.core.authenticators.6.verificatorConfigurationFile=conf/authenticators/ldap-zih.properties
unityServer.core.authenticators.6.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json
...
unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties
unityServer.core.endpoints.4.contextPath=/unicore-soapidp
unityServer.core.endpoints.4.endpointRealm=defaultRealm
unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML service
unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;certWS;ldapZIH
I get the following error:
------------------
2015-11-30 10:12:07,007 [main] FATAL unity.server.EngineInitialization
- Can't load endpoints which are configured
java.lang.NullPointerException
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:128)
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deploy(EndpointManagementImpl.java:97)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.loadEndpointsFromConfiguration(EngineInitialization.java:768)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:721)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:351)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.start(EngineInitialization.java:209)
at
org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
at
org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
at
org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:346)
at
org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:149)
at
org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:112)
at
org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:770)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:483)
at
pl.edu.icm.unity.server.UnityApplication.run(UnityApplication.java:49)
at
pl.edu.icm.unity.server.UnityApplication.main(UnityApplication.java:58)
2015-11-30 10:12:07,010 [main] WARN
org.springframework.context.support.ClassPathXmlApplicationContext -
Exception encountered during context initialization - cancelling refresh
attempt
org.springframework.context.ApplicationContextException: Failed to start
bean 'pl.edu.icm.unity.engine.internal.EngineInitialization#0'; nested
exception is pl.edu.icm.unity.exceptions.InternalException: Can't load
endpoints which are configured
at
org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:176)
at
org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
at
org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:346)
at
org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:149)
at
org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:112)
at
org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:770)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:483)
at
pl.edu.icm.unity.server.UnityApplication.run(UnityApplication.java:49)
at
pl.edu.icm.unity.server.UnityApplication.main(UnityApplication.java:58)
Caused by: pl.edu.icm.unity.exceptions.InternalException: Can't load
endpoints which are configured
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:725)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:351)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.start(EngineInitialization.java:209)
at
org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
... 8 more
Caused by: java.lang.NullPointerException
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:128)
at
pl.edu.icm.unity.engine.EndpointManagementImpl.deploy(EndpointManagementImpl.java:97)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.loadEndpointsFromConfiguration(EngineInitialization.java:768)
at
pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:721)
... 11 more
-----------------
do you know what's wrong with that?
I can add the authenticator to the SAMLUnicoreWebIdP endpoint without
problem, but that's not what I need.
Thanks
Alvaro
On 11/30/2015 09:59 AM, Bernd Schuller wrote:
> hi,
>
> did you add the LDAP authenticator to the unicore-soapidp endpoint?
>
> If yes, try debug logging on Unity and/or UNICORE/X to find out more...
>
>
> Best regards,
> Bernd.
>
> On 30.11.2015 09:51, Alvaro Aguilera wrote:
>> Hello,
>>
>> I'm trying to get Unicore use Unity to validate users using our LDAP
>> server and could use a little help from someone with experience on this.
>> Until now I have set up a Unity server and created a simple
>> authenticator for LDAP (code below), as well as the corresponding
>> translation profile (also below).
>> The dry test of the TP seems to be working well
>>
>> I also added the certificate of the Unity server to Unicore's assertion
>> issuers and granted access to the LDAP users in the XUUDB.
>>
>> However, I'm still unable to login to Unicore using the rich client with
>> the Unity option.
>>
>> Any hints about what I'm missing or doing wrong?
>>
>> Thanks!
>> Alvaro
>>
>>
>> ------------------------------
>>
>>
>> *wsrflite.xml (both for registry & unicore/x)
>>
>> *<property name="container.security.trustedAssertionIssuers.type"
>> value="directory" />
>> <property
>> name="container.security.trustedAssertionIssuers.directoryLocations.1"
>> value="/home/somepath.../unity..pem" />
>>
>>
>> *uas.conf*
>>
>> container.security.rest.authentication.order=FILE UNITY
>> container.security.rest.authentication.UNITY.class=eu.unicore.services.rest.security.UnitySAMLAuthenticator
>> container.security.rest.authentication.UNITY.address=https://unity.zih.tu-dresden.de:2443/unicore-soapidp/saml2unicoreidp-soap/AuthenticationService
>> container.security.rest.authentication.UNITY.validate=true
>>
>>
>> *Authenticator*
> [...]
>>
>> *Translation Profile (LDAP-Test)*
>>
> [...]
>
>
> ------------------------------------------------------------------------------------------------
> ------------------------------------------------------------------------------------------------
> Forschungszentrum Juelich GmbH
> 52425 Juelich
> Sitz der Gesellschaft: Juelich
> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
> Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
> Prof. Dr. Sebastian M. Schmidt
> ------------------------------------------------------------------------------------------------
> ------------------------------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
> _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
--
Dipl.-Inf. Alvaro Aguilera
Wissenschaftlicher Mitarbeiter
Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen
Verteiltes und Datenintensives Rechnen
Büro: Falkenbrunnen, Raum 256
Chemnitzer Straße 46b
01187 Dresden
Tel: +49 (351) 463 33491
Email: alv...@tu...
Web: http://www.tu-dresden.de/zih
OTR-Fingerprint:
9CD3BC97 ACFB7430 D084BA9D 4BEB1775 4B0BA9F1
|
|
From: Krzysztof B. <go...@ic...> - 2015-11-30 09:28:53
|
Hi, W dniu 30.11.2015 o 10:22, Alvaro Aguilera pisze: > Hi Bern, > > when I add the authenticator to the endpoint like this: > > ... > unityServer.core.authenticators.6.authenticatorName=ldapZIH > unityServer.core.authenticators.6.authenticatorType=ldap with web-password > unityServer.core.authenticators.6.verificatorConfigurationFile=conf/authenticators/ldap-zih.properties > > unityServer.core.authenticators.6.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json > > ... > unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP > unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties > > unityServer.core.endpoints.4.contextPath=/unicore-soapidp > unityServer.core.endpoints.4.endpointRealm=defaultRealm > unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML service > unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;certWS;ldapZIH > > > I get the following error: > > ------------------ > 2015-11-30 10:12:07,007 [main] FATAL unity.server.EngineInitialization - > Can't load endpoints which are configured > java.lang.NullPointerException Your authenticator is configured for the web endpoints unityServer.core.authenticators.6.authenticatorType=ldap with web-password that is it can retrieve password via web widget and is useful for instance for authN from UNICORE portal. You need to have "ldap with cxf-httpbasic" in order to get password from web service client (unicore/X) I'll have to check this NPE - looks like a regression, the logged error should be informative. Best, Krzysztof |
|
From: Alvaro A. <alv...@tu...> - 2015-11-30 12:24:05
Attachments:
smime.p7s
|
Hi Krzysztof,
thank you for the hint. I changed the authenticator type and it goes an
step further but still get an authentication error:
**************************
UNITY Server Started
**************************
2015-11-30 13:20:12,965 [main] INFO org.eclipse.jetty.server.Server -
jetty-8.1.18.v20150929
2015-11-30 13:20:13,094 [main] INFO
org.eclipse.jetty.server.AbstractConnector - Started
NIO...@un...:2443
2015-11-30 13:20:13,095 [main] INFO unity.server.config.JettyServerBase
- Jetty HTTP server was started
2015-11-30 13:20:26,330 [qtp1704979234-39] DEBUG
unity.server.ldap.LdapClient - Established connection to LDAP server
2015-11-30 13:20:26,353 [qtp1704979234-39] DEBUG
unity.server.ldap.LdapClient - Established user's DN is:
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de
2015-11-30 13:20:26,388 [qtp1704979234-39] DEBUG
unity.server.ldap.LdapClient - LDAP bind as user
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de was successful
2015-11-30 13:20:26,695 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationProfile [TrProfile
LDAP-Test] - Input received from IdP ldap:
Identities:
- uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de (x500Name)
Attributes:
- uid: [projektnutzer01]
- homeDirectory: [/home/projektnutzer01]
- ou: [Zentr.f.Inform.dienste u.Hochleistrechn., Fak. Mathematik und
Naturwissenschaften]
- uidNumber: [20000037]
- givenName: [Projekt01]
- objectClass: [inetOrgPerson, organizationalPerson, person, top,
posixAccount]
- sn: [Nutzer]
- cn: [projektnutzer01]
- gidNumber: [40000007]
2015-11-30 13:20:26,697 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 1] - Condition OK
2015-11-30 13:20:26,729 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapIdentityAction [TrProfile LDAP-Test]
[r: 1] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] -
Mapped identity: [x500Name] uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de
2015-11-30 13:20:26,730 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 2] - Condition OK
2015-11-30 13:20:26,730 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapIdentityAction [TrProfile LDAP-Test]
[r: 2] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] -
Mapped identity: [userName] projektnutzer01
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 3] - Condition OK
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapAttributeAction [TrProfile
LDAP-Test] [r: 3] [ldap -
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Mapped attribute:
cn: [projektnutzer01]
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 4] - Condition OK
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapAttributeAction [TrProfile
LDAP-Test] [r: 4] [ldap -
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Mapped attribute:
urn:unicore:attrType:xlogin: [projektnutzer01]
2015-11-30 13:20:26,731 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 5] - Condition OK
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapAttributeAction [TrProfile
LDAP-Test] [r: 5] [ldap -
uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] - Attribute value
evaluated to null, skipping
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationRule [TrProfile
LDAP-Test] [r: 6] - Condition OK
2015-11-30 13:20:26,732 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.MapGroupAction [TrProfile LDAP-Test]
[r: 6] [ldap - uid=projektnutzer01,ou=users,dc=tu-dresden,dc=de] -
Mapped group: /portal
2015-11-30 13:20:26,783 [qtp1704979234-39] DEBUG
unity.server.externaltranslation.InputTranslationEngine - No identity
needs to be added
2015-11-30 13:20:26,803 [qtp1704979234-39] INFO
unity.server.externaltranslation.InputTranslationEngine - Adding to
group /portal
2015-11-30 13:20:26,811 [qtp1704979234-39] INFO
unity.server.rest.AuthenticationInterceptor - Authentication failed for
client
2015-11-30 13:20:26,814 [qtp1704979234-39] WARN
org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for
{http://ws.samlidp.unicore.unity.icm.edu.pl/}SAMLETDAuthnImplService#{urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Invalid user name, credential or
external authentication failed.
at
pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:114)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:241)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at
org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
at
org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:256)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:317)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:861)
at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:236)
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at
org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:745)
Caused by: pl.edu.icm.unity.server.authn.AuthenticationException:
Invalid user name, credential or external authentication failed.
at
pl.edu.icm.unity.rest.authn.AuthenticationInterceptor.handleMessage(AuthenticationInterceptor.java:105)
... 40 more
any idea?
Thanks again,
Alvaro
On 11/30/2015 10:28 AM, Krzysztof Benedyczak wrote:
> Hi,
>
> W dniu 30.11.2015 o 10:22, Alvaro Aguilera pisze:
>> Hi Bern,
>>
>> when I add the authenticator to the endpoint like this:
>>
>> ...
>> unityServer.core.authenticators.6.authenticatorName=ldapZIH
>> unityServer.core.authenticators.6.authenticatorType=ldap with
>> web-password
>> unityServer.core.authenticators.6.verificatorConfigurationFile=conf/authenticators/ldap-zih.properties
>>
>>
>> unityServer.core.authenticators.6.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json
>>
>>
>> ...
>> unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
>> unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties
>>
>>
>> unityServer.core.endpoints.4.contextPath=/unicore-soapidp
>> unityServer.core.endpoints.4.endpointRealm=defaultRealm
>> unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML
>> service
>> unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;certWS;ldapZIH
>>
>>
>> I get the following error:
>>
>> ------------------
>> 2015-11-30 10:12:07,007 [main] FATAL unity.server.EngineInitialization -
>> Can't load endpoints which are configured
>> java.lang.NullPointerException
>
> Your authenticator is configured for the web endpoints
>
> unityServer.core.authenticators.6.authenticatorType=ldap with
> web-password
>
> that is it can retrieve password via web widget and is useful for
> instance for authN from UNICORE portal. You need to have "ldap with
> cxf-httpbasic" in order to get password from web service client
> (unicore/X)
>
> I'll have to check this NPE - looks like a regression, the logged
> error should be informative.
>
> Best,
> Krzysztof
>
--
Dipl.-Inf. Alvaro Aguilera
Wissenschaftlicher Mitarbeiter
Technische Universität Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen
Verteiltes und Datenintensives Rechnen
Büro: Falkenbrunnen, Raum 256
Chemnitzer Straße 46b
01187 Dresden
Tel: +49 (351) 463 33491
Email: alv...@tu...
Web: http://www.tu-dresden.de/zih
OTR-Fingerprint:
9CD3BC97 ACFB7430 D084BA9D 4BEB1775 4B0BA9F1
|
|
From: Krzysztof B. <go...@ic...> - 2015-11-30 13:02:29
|
Hi Alvaro, W dniu 30.11.2015 o 13:23, Alvaro Aguilera pisze: > Hi Krzysztof, > > thank you for the hint. I changed the authenticator type and it goes an > step further but still get an authentication error: > > Please enable TRACE (this is the highest) logging level on: unity.server.rest Or even better: on the whole unity.server and check the details. If you will be still unsure please provide your current authenticator and endpoint configs. Best, Krzysztof |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X