search

GluuFederation / oxAuth

OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)
https://gluu.org/docs/ce
MIT License
424 stars 151 forks source link

U2F authn failing #455

Closed nynymike closed 7 years ago

nynymike commented 7 years ago

image

2017-01-20 22:56:00,224 WARN  [pool-2-thread-1] [org.apache.http.client.protocol.ResponseProcessCookies] (ResponseProcessCookies.java:121) - Cookie rejected [JSESSIONID="1hd2anxvrbdci1ot5kphka9pl9", version:0, domain:goblin.gluu.info, path:/oxauth, expiry:null] Illegal path attribute "/oxauth". Path of origin: "/.well-known/fido-u2f-configuration"
2017-01-20 23:01:18,310 ERROR [qtp1100439041-16] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:215) - null
org.python.core.PyException: null
        at org.python.core.Py.AttributeError(Py.java:205) ~[jython-2.7.0.jar:?]
        at org.python.core.PyType.noAttributeError(PyType.java:1883) ~[jython-2.7.0.jar:?]
        at org.python.core.PyObject.__getattr__(PyObject.java:1008) ~[jython-2.7.0.jar:?]
        at org.python.pycode._pyx0.prepareForStep$9(<iostream>:185) ~[?:?]
        at org.python.pycode._pyx0.call_function(<iostream>) ~[?:?]
        at org.python.core.PyTableCode.call(PyTableCode.java:167) ~[jython-2.7.0.jar:?]
        at org.python.core.PyBaseCode.call(PyBaseCode.java:307) ~[jython-2.7.0.jar:?]
        at org.python.core.PyBaseCode.call(PyBaseCode.java:198) ~[jython-2.7.0.jar:?]
        at org.python.core.PyFunction.__call__(PyFunction.java:482) ~[jython-2.7.0.jar:?]
        at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) ~[jython-2.7.0.jar:?]
        at org.python.core.PyMethod.__call__(PyMethod.java:228) ~[jython-2.7.0.jar:?]
        at org.python.core.PyMethod.__call__(PyMethod.java:218) ~[jython-2.7.0.jar:?]
        at org.python.core.PyMethod.__call__(PyMethod.java:213) ~[jython-2.7.0.jar:?]
        at org.python.core.PyObject._jcallexc(PyObject.java:3626) ~[jython-2.7.0.jar:?]
        at org.python.core.PyObject._jcall(PyObject.java:3658) ~[jython-2.7.0.jar:?]
        at org.python.proxies.__builtin__$PersonAuthentication$0.prepareForStep(Unknown Source) ~[?:?]
        at org.xdi.oxauth.service.external.ExternalAuthenticationService.executeExternalPrepareForStep(ExternalAuthenticationService.java:213) [classes/:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112]
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.xdi.oxauth.service.external.ExternalAuthenticationService_$$_javassist_seam_22.executeExternalPrepareForStep(ExternalAuthenticationService_$$_javassist_seam_22.java) [classes/:?]
        at org.xdi.oxauth.auth.Authenticator.prepareAuthenticationForStep(Authenticator.java:493) [classes/:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112]
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
**        at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.xdi.oxauth.auth.Authenticator_$$_javassist_seam_43.prepareAuthenticationForStep(Authenticator_$$_javassist_seam_43.java) [classes/:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112]
        at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335) [jboss-el-1.0_02.CR6.jar:1.0_02.CR6]
        at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348) [jboss-el-1.0_02.CR6.jar:1.0_02.CR6]
        at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58) [jboss-el-1.0_02.CR6.jar:1.0_02.CR6]
        at org.jboss.el.parser.AstValue.invoke(AstValue.java:96) [jboss-el-1.0_02.CR6.jar:1.0_02.CR6]
        at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) [jboss-el-1.0_02.CR6.jar:1.0_02.CR6]
        at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:222) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.navigation.Page.preRender(Page.java:311) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.navigation.Pages.preRender(Pages.java:351) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.jsf.SeamPhaseListener.preRenderPage(SeamPhaseListener.java:565) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.jsf.SeamPhaseListener.beforeRenderResponse(SeamPhaseListener.java:476) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:147) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:117) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:228) [jsf-impl-2.1.28-jbossorg-1.jar:?]
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:99) [jsf-impl-2.1.28-jbossorg-1.jar:?]
        at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.28-jbossorg-1.jar:?]
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.1.28.Final.jar:2.1.28.Final]
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:584) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220]
        at org.jboss.seam.web.RewriteFilter.process(RewriteFilter.java:98) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:57) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final]
.
.
.
yurem commented 7 years ago

Fixed

nynymike commented 7 years ago

Still getting this error...

2017-01-31 19:58:43,531 ERROR [pool-2-thread-1] [org.xdi.service.custom.script.CustomScriptManager] (CustomScriptManager.java:364) - Failed to initialize custom script: 'u2f'
org.jboss.resteasy.client.exception.ResteasyIOException: IOException
        at org.jboss.resteasy.client.exception.mapper.ApacheHttpClient4ExceptionMapper.mapIOException(ApacheHttpClient4ExceptionMapper.java:110) ~[resteasy-jaxrs-2.3.7.Final.jar:?]
        at ...
Caused by: java.net.ConnectException: Connection refused (Connection refused)
 refused (Connection refused)

But weridly, I think it worked the first time I enabled the script... it was after a restart that it failed.

yurem commented 7 years ago

After enabling it it works fine:

2017-02-01 17:37:39,995 TRACE [qtp1100439041-17] [oxauth.ws.rs.fido.u2f.U2fConfigurationWS] (U2fConfigurationWS.java:67) - FIDO U2F configuration: {
  "version" : "2.0",
  "issuer" : "https://u144.gluu.info",
  "registration_endpoint" : "https://u144.gluu.info/oxauth/seam/resource/restv1/fido/u2f/registration",
  "authentication_endpoint" : "https://u144.gluu.info/oxauth/seam/resource/restv1/fido/u2f/authentication"
}

Cheeking how it works after restart

yurem commented 7 years ago

Updated script to re-try OpenId configuration load at restart