Closed lhoekenga closed 7 years ago
You may very well be right. I don't think the overlay considers the remote-user, though I speculate that with a few tricks to the web.xml, you might be able to make this work.
On Tue, Apr 11, 2017 at 10:25 AM, Misagh Moayyed notifications@github.com wrote:
You may very well be right. I don't think the overlay considers the remote -user, though I speculate that with a few tricks to the web.xml, you might be able to make this work.
I don't suppose you can share any pointers?
Liam
On Thu, May 4, 2017 at 3:41 PM, Liam Hoekenga liamr@umich.edu wrote:
You may very well be right. I don't think the overlay considers the remote -user, though I speculate that with a few tricks to the web.xml, you might be able to make this work.
Actually, I get the problem using the password authentication flow too:
2017-05-04 17:00:01,980 - ERROR [org.springframework.security.authentication.InsufficientAuthenticationException:76]
On Thu, May 4, 2017 at 4:01 PM, Liam Hoekenga liamr@umich.edu wrote:
Actually, I get the problem using the password authentication flow too:
Nevermind... it looks like I skipped the mvc-beans.xml step. I got further with password than i had.
Things are still amis back in the land of RemoteUser..
2017-05-04 17:31:00,048 - DEBUG [net.shibboleth.idp.oidc.flow.CheckAuthenticationRequiredAction:84] - - Profile Action CheckAuthenticationRequiredAction: Checking whether authentication is required 2017-05-04 17:31:00,048 - DEBUG [net.shibboleth.idp.oidc.flow.CheckAuthenticationRequiredAction:129] - - IdP session not found 2017-05-04 17:31:00,049 - DEBUG [net.shibboleth.idp.oidc.flow.BuildAuthenticationContextAction:97] - - Profile Action BuildAuthenticationContextAction: Building authentication context 2017-05-04 17:31:00,050 - DEBUG [net.shibboleth.idp.oidc.flow.BuildAuthenticationContextAction:118] - - Authentication context does not require force authN for client 2017-05-04 17:31:00,224 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:200] - - Profile Action PopulateAuthenticationContext: Installed 3 potential authentication flows into AuthenticationContext 2017-05-04 17:31:00,242 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:133] - - Profile Action PopulateSessionContext: No session found for client 2017-05-04 17:31:00,302 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:117] -
We might need to set up some sort of session so I can review this with you. Or at least learn more about your setup so I can duplicate it on my end. That sound like a good idea? Possible dates/times besides today and next Monday?
Pretty much any afternoon next week. If it's later in the week, I can confirm that my build works with the Password flow before tackling RemoteUser.
Liam
On Fri, May 5, 2017 at 11:03 AM, Misagh Moayyed notifications@github.com wrote:
We might need to set up some sort of session so I can review this with you. Or at least learn more about your setup so I can duplicate it on my end. That sound like a good idea? Possible dates/times besides today and next Monday?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/uchicago/shibboleth-oidc/issues/40#issuecomment-299505416, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-SK19sZGczmV1Qh28xgcuO3jSSZtueks5r20hAgaJpZM4M6Nxo .
OK. I am generally around until 3pm EDT. I'd prefer to this before next Thursday, but once you get confirmation please ping the same thread and we'll set something up.
I am also at mmoayyed@unicon.net if you wanted to reach out privately.
I think that we addressed most of this by calling out the individual OIDC endpoints in the filter-mapping in web.xml
I've installed the overlay on IDP 3.3.1 and it appears to be active. When I try to log in, the IDP present an error in the browser ("An error occurred: InsufficientAuthenticationException")
2017-04-05 15:11:57,023 - ERROR [org.springframework.security.authentication.InsufficientAuthenticationException:76] - 141.213.171.221 - org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed. at org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(AuthorizationEndpoint.java:138)
and I see this in the error log. I'm guessing the Shib RemoteUser handler isn't going through spring security?