search

CandyShop / gerrit

Automatically exported from code.google.com/p/gerrit
Apache License 2.0
1 stars 0 forks source link

Problems with openid registration in new gerrit #1010

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Affected Version: 2.2.1

What steps will reproduce the problem?
1. We had gerrit version 2.1.6.1 and home openid server (crowd - 
atlassian.com). Autorization with OpenID
2. Upgrading to 2.1.7 and after upgrading to 2.2.1.
3. We have problem with registration new users.

What is the expected output? What do you see instead?

[2011-06-10 17:58:16,396] WARN  / : Unexpected error during authentication
org.openid4java.message.MessageException: 0x100: Namespace declaration for 
extension http://openid.net/sreg/1.0 MUST be signed
        at org.openid4java.message.Message.getExtension(Message.java:495)
        at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.doAuth(OpenIdServiceImpl.java:320)
        at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doPost(OpenIdLoginServlet.java:50)
        at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doGet(OpenIdLoginServlet.java:40)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216)
        at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141)
        at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:54)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:921)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
        at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:59)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
        at org.eclipse.jetty.server.Server.handle(Server.java:352)
        at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596)
        at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1052)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:590)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:212)
        at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450)
        at java.lang.Thread.run(Thread.java:662)

Original issue reported on code.google.com by denyastr...@gmail.com on 10 Jun 2011 at 2:25

GoogleCodeExporter commented 9 years ago 
Openid - local service in business network.
If i register in browser - we have 500 Problem accessing /OpenID. Reason: 
server error

Original comment by denyastr...@gmail.com on 10 Jun 2011 at 2:33

GoogleCodeExporter commented 9 years ago 
Help me, please...=(((

Original comment by denyastr...@gmail.com on 10 Jun 2011 at 2:33

GoogleCodeExporter commented 9 years ago 
I have the same issue. When I use delegate authentication.

Original comment by rol...@rschulz.eu on 11 Jun 2011 at 5:10

GoogleCodeExporter commented 9 years ago 
>[2011-06-10 17:58:16,396] WARN  / : Unexpected error during authentication
> org.openid4java.message.MessageException: 0x100: Namespace declaration for 
extension http://openid.net/sreg/1.0 MUST be signed

This is most likely an error in your OpenID server. The standard strongly 
encourages servers to sign attributes, to prevent them from being forged. I 
would take this up with your OpenID vendor.

Gerrit 2.1.7 and later upgraded to a newer version of the openid4java client to 
fix a major security flaw in the openid4java's validation of a user's 
information. The new code is stricter to the standard, because the old way 
permitted forging of user identity data in some pretty nasty ways.

Your vendor should already be testing their server product against openid4java, 
as its one of the most popular clients available for the Java platform. They 
may already a patched version of their server product available that fixes this 
issue.

Original comment by sop@google.com on 13 Jun 2011 at 2:32

GoogleCodeExporter commented 9 years ago 
Thank you very much

Original comment by denyastr...@gmail.com on 13 Jun 2011 at 2:36

GoogleCodeExporter commented 9 years ago 
Hi Team,

This is regarding apache2, Crowd OpenID authentication with Delegated Directory 
based LDAP issue with Git/Gerrit.

My Environment details:

Operating system: Ubuntu 12.4 LTS – 64 bit.
Apache2 Version
Server version: Apache/2.2.22 (Ubuntu)
Server built:   Mar  5 2015 18:10:14
Crowd Version - Atlassian Crowd Version: 2.8.2

Problem description:-

I have configured Crowd OpenID authentication with Delegated directory type 
Microsoft Active Directory with our LDAP settings and provided necessary 
permissions to crowd-openid-server settings and to our git/gerrit server.

Currently my (gerrit.config) file has below settings to access our git/gerrit 
portal.

 [auth]
  type = OPENID_SSO
  openIdSsoUrl = http://100.101.102.103:8095/openidserver/
  logoutUrl = http:// 100.101.102.103:8095/gerrit_logout.html

But when tried access my gerrit portal, front end shows sign in button once I 
clicked that the authentication not forwarding to crowd page to enter my 
login-id and password. It remains on local host itself(means remains in gerrit 
portal itself).

Note: we have two servers: one for Git/Gerrit & another one for Crowd.

So kindly advise me to fix the same.

Thanks,
Mohan

Original comment by mohans...@gmail.com on 29 May 2015 at 4:12