search

hlavki / g-suite-identity-sync

G Suite to LDAP identity synchronizer
Apache License 2.0
127 stars 29 forks source link

Since version 0.4.0 I can't sign in #36

Closed mbarouski closed 5 years ago

mbarouski commented 5 years ago

I get such response:

{
  "error": "unauthorized_client",
  "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}

I used version 0.3.8 before and it was working. I performed new installation steps.

hlavki commented 5 years ago

Sorry, I forget to mention in documentation, that you have to do new intallation to use version 0.4.0 As workaround you can use image: hlavki/g-suite-identity-sync:0.3.8

hlavki commented 5 years ago

I'll write small tutorial how to upgrade to version 0.4.0

mbarouski commented 5 years ago

I like the way of configuring of service account data from version 0.4.0, so I will wait for the tutorial :) Or you could say what installation I have to make... Thanks!

mbarouski commented 5 years ago

Hm... I got back to 0.3.8 version and started getting NPE (as in issue #14):

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 500 Server Error</title>
</head>
<body><h2>HTTP ERROR 500</h2>
<p>Problem accessing /cxf/identity/user. Reason:
<pre>    Server Error</pre></p><h3>Caused by:</h3><pre>java.lang.NullPointerException
    at org.apache.cxf.rs.security.jose.jws.JwsCompactProducer.signWith(JwsCompactProducer.java:111)
    at org.apache.cxf.rs.security.jose.jws.JwsCompactProducer.signWith(JwsCompactProducer.java:98)
    at eu.hlavki.identity.services.google.impl.GSuiteDirectoryServiceImpl.getAccessToken(GSuiteDirectoryServiceImpl.java:218)
    at eu.hlavki.identity.services.google.impl.GSuiteDirectoryServiceImpl.lambda$configure$0(GSuiteDirectoryServiceImpl.java:58)
    at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:235)
    at eu.hlavki.identity.services.google.impl.GSuiteDirectoryServiceImpl.readGroupMembers(GSuiteDirectoryServiceImpl.java:86)
    at eu.hlavki.identity.services.google.impl.GSuiteDirectoryServiceImpl.getGroupMembers(GSuiteDirectoryServiceImpl.java:78)
    at Proxya285a139_d7ca_4663_9308_d9e4bf6cef4a.getGroupMembers(Unknown Source)
    at eu.hlavki.identity.services.rest.security.GSuiteGroupAuthorizationFilter.lambda$new$1(GSuiteGroupAuthorizationFilter.java:43)
    at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:235)
    at eu.hlavki.identity.services.rest.security.GSuiteGroupAuthorizationFilter.filter(GSuiteGroupAuthorizationFilter.java:61)
    at org.apache.cxf.jaxrs.utils.JAXRSUtils.runContainerRequestFilters(JAXRSUtils.java:1657)
    at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:205)
    at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:78)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
    at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:293)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.Server.handle(Server.java:531)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
    at java.lang.Thread.run(Thread.java:748)
</pre>
<hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.11.v20180605</a><hr/>

</body>
</html>
hlavki commented 5 years ago

Can you please try this small tutorial? https://github.com/hlavki/g-suite-identity-sync/wiki/Upgrade-from-0.3.x

thanks

mbarouski commented 5 years ago

I will check it tomorrow when I am near my computer. There is new scope https://www.googleapis.com/auth/admin.reports.audit.readonly, I think it's a reason of my issue. Thanks a lot :)

mbarouski commented 5 years ago

It works perfectly! Thanks! Just added new scope for service account.