I'm trying to make work window authentication in Linux/Debian server with Kerberos. I'm using .net core 3.1 and IdentityServer4. For now I had joined Linux to the Windows AD like docs say:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio#kestrel-1
I have managet to work kerberos from bash with -kinit command. I also made work Apache2 with kerberos.
But in .net core it's always returns in logs
[17:39:53 Information] Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler AuthenticationScheme: Negotiate was challenged.
[17:39:54 Information] Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler None
if I set in krb5.conf wrong encript type I have error like:
Interop+NetSecurityNative+GssApiException: GSSAPI operation failed with error - Unspecified GSS failure. Minor code may provide more information(Request ticket server **** kvno 4 enctype aes256-cts found in keytab but cannot decrypt ticket).
at System.Net.Security.NegotiateStreamPal.GssAcceptSecurityContext(SafeGssContextHandle& context, Byte[] buffer, Byte[]& outputBuffer, UInt32& outFlags)
at System.Net.Security.NegotiateStreamPal.AcceptSecurityContext(SafeFreeCredentials credentialsHandle, SafeDeleteContext& securityContext, ContextFlagsPal requestedContextFlags, Byte[] incomingBlob, ChannelBinding channelBinding, Byte[]& resultBlob, ContextFlagsPal& contextFlags)
So the token is passing GSSAPI in normal mode and trying to validate user, but there is alwayse None in anwser. Can somebody help me get what I'm doing wrong?
I got it by using [Authorize] attribute instead of HttpContext.ChallengeAsync().
I have the following setup:
Spring Integration with Spring Data Mongo repositories
Above application running as a pod on kubernetes (Azure Kubernetes Service)
Above application connects to Azure CosmosDB (MongoDB)
Above application connects to Azure SQL Server
The application should fetch information from MongoDB and start processing. It works all fine while running locally and within a docker container. The problem occurs when it's deployed to AKS as it can't establish connection to Mongo and Azure SQL while bootstrapping. The connection will be successfully opened after another 3 seconds or so which you can see here: https://gist.github.com/nadworny/c69659e65a7d6e8d96573db13d1f1095
For comparison here is bootstrapping log from localhost: https://gist.github.com/nadworny/c04d6baa571e5b7ddcbd8856cf22a390
What I also can't explain is what happens afterwards. I have a Mongo inbound adapter that looks as follow:
return IntegrationFlows.from(MongoDb.reactiveInboundChannelAdapter(mongoDbFactory,
new Query().addCriteria(Criteria.where("status").is(ProcessingStatus.PROCESSED))
.with(Sort.by(Sort.Direction.DESC, "modifiedDate")).limit(1))
.collectionName("processingMetadata")
.entityClass(ProcessingMetadata.class)
.expectSingleResult(true),
e -> e.poller(Pollers.fixedDelay(Duration.ofSeconds(pollingIntervalSeconds))))
.<Mono<ProcessingMetadata>>handle((p, h) -> {
// do something
})
It should poll Mongo every 3 seconds but it actually never does (again it works locally without a problem).
The connectivity works fine after that as I have another process that is triggered by a file upload and it works correctly (data is written to MongoDB).
To be honest I'm a little bit confused which of the components is making troubles here so I hope you can help me narrow it down.
UPDATE1
I did some further debugging. Actually it's not a problem of mongo but the next handler after it which is Jpa Gateway:
.handle(Jpa.retrievingGateway(this.sourceEntityManagerFactory)
.entityClass(DocumentHeader.class)
.jpaQuery("from DocumentHeader d where d.modifiedDate > :modified")
.parameterExpression("modified", "payload")
.maxResults(maxResults), e -> e.id("retrieveDocumentHeader"))
.<List>handle((p, h) -> {
if (p.isEmpty())
this.advices.waitUntilCompletedAdvice().setWait(false);
return p;
})
.channel(Channels.DOCUMENT_HEADER.name())
For some reason, while executing on AKS, the Jpa Handler won't be invoked and Spring Integration jumps directly to the next step:
2020-09-25 08:35:07.771 DEBUG 1 --- [ask-scheduler-3] o.s.d.m.core.ReactiveMongoTemplate : find using query: { "status" : "PROCESSED"} fields: Document{{}} for class: class com.zurich.ccmc.data.orchestrator.domain.targetdb.ProcessingMetadata in collection: processingMetadata
2020-09-25 08:35:07.771 DEBUG 1 --- [ask-scheduler-3] o.s.i.e.SourcePollingChannelAdapter : Poll resulted in Message: GenericMessage [payload=MonoNext, headers={mongo_collectionName=processingMetadata, id=4a26e221-deb9-f1af-1c35-7ba0d47042b1, timestamp=1601022907771}]
2020-09-25 08:35:07.778 DEBUG 1 --- [ask-scheduler-3] o.s.i.splitter.DefaultMessageSplitter : handler 'bean 'setProcessingStatusToOpen.splitter#0' for component 'setProcessingStatusToOpen.org.springframework.integration.config.ConsumerEndpointFactoryBean#0'; defined in: 'class path resource [xxx/processing/ProcessingMetadataFlow.class]'; from source: 'bean method setProcessingStatusToOpen'' produced no reply for request Message: GenericMessage [payload=[], headers={mongo_collectionName=processingMetadata, id=0a446b4c-12fc-d72d-d4ad-8453eb51227c, timestamp=1601022907778}]
Found the problem. The spring.datasource.jdbc-url parameter was wrong (jdbc:sqlserver:// was missing at the beginning when deployed to AKS). I would expect some kind of a proper exception but there is only this warning:
2020-09-24 14:33:04.710 WARN 1 --- [ task-1] o.h.e.j.e.i.JdbcEnvironmentInitiator : HHH000342: Could not obtain connection to query metadata : Driver com.microsoft.sqlserver.jdbc.SQLServerDriver
accept jdbcUrl, xxx.database.windows.net
What I also don't understand is why the Jpa.retrievingGateway didn't throw any exception and jump over to the next handler...
I have used dotnetcore 3.0 to develop the IdentityServer in empty Asp.net Web Application hosting.
App Service I created is dotnetcore 3.0, Windows platform.
In my dotnet core solution I created the publish output using 'dotnet publish'
It worked fine on localhost url as I consumed that url in my client application. I have only TokenPoint and from UI application I pass username/ password
Below is the logs on App service:
2020-04-02 17:41:09 NEWIDPSERVER GET / X-ARR-LOG-ID=e83b7b1e-6f40-4f67-9f0d-0f4f474e2309 443 - 112.196.168.73 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/80.0.3987.149+Safari/537.36 ARRAffinity=c450828deae8ef5774d6b51f85ad7bb411cc76cec811344524a352e00ebf3ca1 - newidpserver.azurewebsites.net 500 30 574 2913 1374 6437
2020-04-02 17:41:19 ~1NEWIDPSERVER GET /detectors type=tools&name=eventviewer&X-ARR-LOG-ID=ec15da12-ce7e-44ae-83fe-7f8f4c9c62cc 443 - 112.196.168.73 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/80.0.3987.149+Safari/537.36 ARRAffinity=c450828deae8ef5774d6b51f85ad7bb411cc76cec811344524a352e00ebf3ca1 https://newidpserver.azurewebsites.net/ newidpserver.scm.azurewebsites.net 302 0 0 1047 1590 1062
IIS Detailed Error - 500.30 - Internal Server Error
HTTP Error 500.30 - Internal Server ErrorThe page cannot be displayed because an internal server error has occurred.Most likely causes: IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred. IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly. IIS was not able to process configuration for the Web site or application. The authenticated user does not have permission to use this DLL. The request is mapped to a managed handler but the .NET Extensibility Feature is not installed. Things you can try: Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account. Check the event logs to see if any additional information was logged. Verify the permissions for the DLL. Install the .NET Extensibility feature if the request is mapped to a managed handler. Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information:Module AspNetCoreModuleV2Notification ExecuteRequestHandlerHandler aspNetCoreError Code 0x8007023e
Requested URL https://newidpserver:80/.well-known/openid-configurationPhysical Path D:\home\site\wwwroot\.well-known\openid-configurationLogon Method AnonymousLogon User Anonymous
More Information:This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.View more information »Microsoft Knowledge Base Articles:
2020-04-02 17:42:35 NEWIDPSERVER GET /.well-known/openid-configuration X-ARR-LOG-ID=3273401b-d59d-4e79-ba95-207ca2a8273f 443 - 112.196.168.73 - - - newidpserver.azurewebsites.net 500 30 574 2923 892 0
2020-04-02T17:44:45 No new trace in the past 1 min(s).
2020-04-02T17:45:45 No new trace in the past 2 min(s).
2020-04-02T17:46:45 No new trace in the past 3 min(s).
2020-04-02T17:47:36 Welcome, you are now connected to log-streaming service. The default timeout is 2 hours. Change the timeout with the App Setting SCM_LOGSTREAM_TIMEOUT (in seconds).
2020-04-02T17:48:36 No new trace in the past 1 min(s).
2020-04-02T17:49:07
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled. ---> System.InvalidOperationException: The SAS URL for the cloud storage account is not specified. Use the environment variable 'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.at Microsoft.WindowsAzure.WebSites.Diagnostics.AzureBlobTraceListener.RefreshConfig()--- End of inner exception stack trace ---
2020-04-02T17:49:07 PID[6956] Information Loading modules from D:\Program Files (x86)\MiddlewareModules\1.2.4\Microsoft.Azure.AppService.Middleware.Modules.dll
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_LOGOUT_PATH' = '/.auth/logout'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_ENABLED' = 'False'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'EASY_AUTH_CONFIG_CONTENTS' = '{"preserveUrlFragmentsForLogins":false,"endpointPath":{"apiPrefix":"/.auth","logoutPath":"/.auth/logout","LogoutCompletionPath":"/.auth/logout/complete","mobileCompatibilityEnabled":false},"allowedExternalRedirectUri":{"allowedExternalRedirectUrls":null,"AllowedExternalRedirectUriCollection":[]},"nonce":{"validateNonce":true,"nonceExpirationInterval":"00:05:00"},"token":{"stateDirectory":"D:\home\data\.auth","TokenStorePath":"D:\home\data\.auth\tokens","tokenStoreEnabled":false,"tokenStoreContainerSasUrlSettingName":null,"tokenRefreshExtensionHours":72.0},"isAuthEnabled":false,"requireHttps":true,"defaultProvider":null,"unauthenticatedClientAction":0,"authConfigDirectory":null,"hideDeprecatedSecurityIds":false,"AppTracingLevel":31,"useLegacyClaims":true,"warmupPath":null,"forwardingHeader":null,"functionsExtensionVersion":null,"cookieExpirationTime":"08:00:00","azureActiveDirectory":{"openIdIssuer":null,"clientId":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"allowedAudiences":null,"loginParameters":null,"aadBypassSingleTenancyCheck":false,"activeDirectoryAcl":null,"disableWwwAuthenticateResponse":false,"OpenIdIssuerValue":null,"OpenIdConfigurationUrl":null},"facebook":{"facebookAppId":null,"facebookAppSecretSettingName":null,"facebookScope":null,"facebookGraphApiVersion":"v3.3"},"gitHub":{"gitHubAppId":null,"gitHubAppSecretSettingName":null,"gitHubScope":null},"twitter":{"twitterConsumerKey":null,"twitterConsumerSecretSettingName":null},"google":{"googleClientId":null,"googleClientSecretSettingName":null,"googleScope":null,"allowedAudiences":null},"openIdConnectProviders":null}'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_CORS_ALLOWED_ORIGINS' = ''
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_CORS_SUPPORT_CREDENTIALS' = 'False'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_LOGOUT_PATH' = '/.auth/logout'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_ENABLED' = 'False'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'EASY_AUTH_CONFIG_CONTENTS' = '{"preserveUrlFragmentsForLogins":false,"endpointPath":{"apiPrefix":"/.auth","logoutPath":"/.auth/logout","LogoutCompletionPath":"/.auth/logout/complete","mobileCompatibilityEnabled":false},"allowedExternalRedirectUri":{"allowedExternalRedirectUrls":null,"AllowedExternalRedirectUriCollection":[]},"nonce":{"validateNonce":true,"nonceExpirationInterval":"00:05:00"},"token":{"stateDirectory":"D:\home\data\.auth","TokenStorePath":"D:\home\data\.auth\tokens","tokenStoreEnabled":false,"tokenStoreContainerSasUrlSettingName":null,"tokenRefreshExtensionHours":72.0},"isAuthEnabled":false,"requireHttps":true,"defaultProvider":null,"unauthenticatedClientAction":0,"authConfigDirectory":null,"hideDeprecatedSecurityIds":false,"AppTracingLevel":31,"useLegacyClaims":true,"warmupPath":null,"forwardingHeader":null,"functionsExtensionVersion":null,"cookieExpirationTime":"08:00:00","azureActiveDirectory":{"openIdIssuer":null,"clientId":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"allowedAudiences":null,"loginParameters":null,"aadBypassSingleTenancyCheck":false,"activeDirectoryAcl":null,"disableWwwAuthenticateResponse":false,"OpenIdIssuerValue":null,"OpenIdConfigurationUrl":null},"facebook":{"facebookAppId":null,"facebookAppSecretSettingName":null,"facebookScope":null,"facebookGraphApiVersion":"v3.3"},"gitHub":{"gitHubAppId":null,"gitHubAppSecretSettingName":null,"gitHubScope":null},"twitter":{"twitterConsumerKey":null,"twitterConsumerSecretSettingName":null},"google":{"googleClientId":null,"googleClientSecretSettingName":null,"googleScope":null,"allowedAudiences":null},"openIdConnectProviders":null}'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_CORS_ALLOWED_ORIGINS' = ''
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_CORS_SUPPORT_CREDENTIALS' = 'False'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_SIGNING_KEY' = '0F****'
2020-04-02T17:49:08 PID[6956] Verbose Detected application setting 'WEBSITE_AUTH_ENCRYPTION_KEY' = 'CE****'
IIS Detailed Error - 500.0 - Internal Server Error
HTTP Error 500.0 - Internal Server ErrorThe page cannot be displayed because an internal server error has occurred.Most likely causes: IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred. IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly. IIS was not able to process configuration for the Web site or application. The authenticated user does not have permission to use this DLL. The request is mapped to a managed handler but the .NET Extensibility Feature is not installed. Things you can try: Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account. Check the event logs to see if any additional information was logged. Verify the permissions for the DLL. Install the .NET Extensibility feature if the request is mapped to a managed handler. Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information:Module AspNetCoreModuleV2Notification ExecuteRequestHandlerHandler aspNetCoreError Code 0x00000000
Requested URL https://newidpserver:80/.well-known/openid-configurationPhysical Path D:\home\site\wwwroot\.well-known\openid-configurationLogon Method AnonymousLogon User Anonymous
More Information:This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.View more information »Microsoft Knowledge Base Articles:
2:
https://i.stack.imgur.com/zeALq.png
Token on my local:
ack.imgur.com/X6Ch3.png
You can publish you webapps by vscode, if you has something with your visual studio.
Add Extensions about azure, and open your project which created by visual studio. Run it in local make sure you can open the site.
Then you can deploy you apps follow the document about publish app by vscode .I suggest you deploy apps by visual studio. I think it's easy publishing with Visual Studio.
I got an "500 Internal Server Error - An error occurred while starting the application" after deploying my application: https://iidapp.azurewebsites.net/
I keep finding the following error message but I am unable to find out on msdn websites any information describing how I can specify the SAS URL
INFO: The app was working for a long period and I didn't have to set the SAS URL; I wonder why suddenly Azure is generating exceptions
INFO2: the app works perfectly on my local machine
Any help is welcomed as I couldn't find any solution by reading the related topics on stackoverflow
2017-04-05T18:51:32
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled. ---> System.InvalidOperationException: The SAS URL for the cloud storage account is not specified. Use the environment variable 'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.
at Microsoft.WindowsAzure.WebSites.Diagnostics.AzureBlobTraceListener.RefreshConfig()
--- End of inner exception stack trace ---
An error was triggered by W3SVC-WP : {app name}02000780
I found out on eventid that the code 02000780 meant that a file was missing
I eventually found out that it was possible to log further information by enabling the stdoulog inside the web.config. Read When a .NET Core Azure App Service won’t start: 502.5 Process Failure
I opened the debug console and found out that a directory wasn't found https://{app_id}.scm.azurewebsites.net/DebugConsole
Voilà! I corrected the code and the app is up and running!
I am getting this exception while trying to invoke PingFederae StartSSO.ping endpoint.
12:49:54,153 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/startSSO.ping
12:49:54,157 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,157 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null} replacing Cookie{PF=F1OpbNzE8iYqMJq6UcG5wa; path=/; maxAge=-1; domain=null}
12:49:54,157 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: null, newKey: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS, value: 1)
12:49:54,157 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null}
12:49:54,160 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
12:49:54,232 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/ENvrS/resumeSAML20/idp/startSSO.ping
12:49:54,233 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] getAttr(key: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS): 1
12:49:54,233 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null} replacing null
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: LotsmXsBxdLFrhrm8OVFYE, newKey: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS, value: 2)
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS): 2
12:49:54,233 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:sbwb-ppc-idp subject:null
12:49:54,233 ERROR [HandleAuthnRequest] Exception occurred during request processing
org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:54)
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:78)
at org.sourceid.saml20.profiles.ProfileProcessManager.resumeHandleRequest(ProfileProcessManager.java:73)
at $ProfileProcessMgmtService_1461cd08008.resumeHandleRequest($ProfileProcessMgmtService_1461cd08008.java)
at org.sourceid.websso.servlet.IntegrationControllerServlet.process(IntegrationControllerServlet.java:63)
at org.sourceid.websso.servlet.EnforcerServletBase.checkProcess(EnforcerServletBase.java:89)
at org.sourceid.websso.servlet.EnforcerServletBase.doGet(EnforcerServletBase.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:669)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1448)
at org.sourceid.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:55)
at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at org.sourceid.websso.servlet.ProxyFilter.doFilter(ProxyFilter.java:34)
at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:126)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:368)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:141)
at org.sourceid.saml20.profiles.idp.HandleAuthnRequest.doResume(HandleAuthnRequest.java:245)
at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.exeResume(ResumableRequestHandlerBase.java:66)
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:50)
... 43 more
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthNHelper(IdpAuthnAdapter.java:159)
at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthN(IdpAuthnAdapter.java:78)
at org.sourceid.websso.authn.AdapterAuthnProcessor.lookupAuthN(AdapterAuthnProcessor.java:96)
at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:132)
... 46 more
12:49:54,238 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null}
12:49:54,239 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
And i think this exception is invoked when the PingFederate cannot find the OpenToken generated by application. But the cookie is present in the browser.
And the Ping Federate Application shows the error page :
And my Idp Adapter setting looks like :
cookie-path=/
use-verbose-error-messages=false
cipher-suite=2
obfuscate-password=true
session-cookie=false
password=Kyx+ElfeRRDkPRYZoVF3BQ==
token-name=opentoken
cookie-domain=.banka.liferay.com
token-notbefore-tolerance=0
token-renewuntil=43200
use-sunjce=false
secure-cookie=false
token-lifetime=300
use-cookie=true
I am struggling to find out the cause of this problem. But with no success.
What could be the cause of this problem? Is it related to Ping Federate or am i missing something in my configuration ?
And here is the Screen-shot of IdP Adapter :
And here is the summary of SP Connection :
Could it be that you're redirected to the resume URL with the hostname being localhost? In that case your browser won't send a cookie issued to .banka.liferay.com to the server, hence the error.