Shibboleth using JAAS for user authentication error messages
Rochford, Mike
MRochford at STARKSTATE.EDU
Thu Sep 20 09:53:36 EDT 2018
I'm attempting to configure shibboleth version 3.3.3.1 to use JAAS for user authentication on Window Server 2016 using the bundled Jetty server. I can see from the log files and network captures that the initial binding to the Active Directory server is successful. When I attempt to authenticate a test user account using testshib.org I receive an error message on the login page. The error message is a long java error similar to the below error message entered into the log files.
>From the network traces I can see that the authentication request is never sent to the Active Directory servers for authentication. In the log files I can see that its showing authentication failed. Here is the relevant portion of the log files showing the failure and an informational message that shows invalid syntax with idp.home. I've attempted to search for this error message and have not been able to find anything that matches this error message.
2018-09-20 09:11:59,733 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS:243] - Profile Action ValidateUsernamePasswordAgainstJAAS: Attempting to authenticate user 'shibstu0101' via 'ShibUserPassAuth'
2018-09-20 09:11:59,734 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS:339] - Profile Action ValidateUsernamePasswordAgainstJAAS: Using custom JAAS configuration type JavaLoginConfig with parameters of type java.security.URIParameter
2018-09-20 09:11:59,780 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS:254] - Profile Action ValidateUsernamePasswordAgainstJAAS: Login by 'shibstu0101' via 'ShibUserPassAuth' failed
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Invalid property syntax: idp.home
at org.ldaptive.props.PropertyValueParser.initializeProperties(PropertyValueParser.java:124)
at org.ldaptive.props.PropertyValueParser.initialize(PropertyValueParser.java:106)
at org.ldaptive.props.CredentialConfigParser.<init>(CredentialConfigParser.java:59)
at org.ldaptive.props.SslConfigPropertyInvoker.convertValue(SslConfigPropertyInvoker.java:54)
at org.ldaptive.props.AbstractPropertyInvoker.setProperty(AbstractPropertyInvoker.java:166)
at org.ldaptive.props.AbstractPropertySource.initializeObject(AbstractPropertySource.java:163)
at org.ldaptive.props.SslConfigPropertySource.initialize(SslConfigPropertySource.java:106)
at org.ldaptive.props.ConnectionConfigPropertySource.initialize(ConnectionConfigPropertySource.java:124)
at org.ldaptive.props.DefaultConnectionFactoryPropertySource.initialize(DefaultConnectionFactoryPropertySource.java:120)
at org.ldaptive.props.AuthenticatorPropertySource.initConnectionFactoryManager(AuthenticatorPropertySource.java:207)
at org.ldaptive.props.AuthenticatorPropertySource.initialize(AuthenticatorPropertySource.java:152)
at org.ldaptive.jaas.PropertiesAuthenticatorFactory.createAuthenticatorInternal(PropertiesAuthenticatorFactory.java:80)
at org.ldaptive.jaas.PropertiesAuthenticatorFactory.createAuthenticator(PropertiesAuthenticatorFactory.java:59)
at org.ldaptive.jaas.LdapLoginModule.initialize(LdapLoginModule.java:103)
at java.base/javax.security.auth.login.LoginContext.invoke(Unknown Source)
at java.base/javax.security.auth.login.LoginContext.access$000(Unknown Source)
at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at java.base/javax.security.auth.login.LoginContext.login(Unknown Source)
at net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS.authenticate(ValidateUsernamePasswordAgainstJAAS.java:351)
at net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS.doExecute(ValidateUsernamePasswordAgainstJAAS.java:245)
at net.shibboleth.idp.authn.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:98)
at org.opensaml.profile.action.AbstractProfileAction.execute(AbstractProfileAction.java:117)
at net.shibboleth.idp.profile.AbstractProfileAction.doExecute(AbstractProfileAction.java:154)
at net.shibboleth.idp.profile.AbstractProfileAction.execute(AbstractProfileAction.java:126)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
at org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
at org.springframework.webflow.engine.Flow.resume(Flow.java:537)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:253)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772)
at net.shibboleth.idp.log.SLF4JMDCServletFilter.doFilter(SLF4JMDCServletFilter.java:72)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
at net.shibboleth.utilities.java.support.net.RequestResponseContextFilter.doFilter(RequestResponseContextFilter.java:61)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
at net.shibboleth.utilities.java.support.net.CookieBufferingFilter.doFilter(CookieBufferingFilter.java:68)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:539)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.base/java.lang.Thread.run(Unknown Source)
at java.base/javax.security.auth.login.LoginContext.invoke(Unknown Source)
Thanks,
Mike Rochford
IT Manager
Stark State College
mrochford at starkstate.edu<mailto:mrochford at starkstate.edu>
330-494-6170 x 4244
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180920/d5e10380/attachment.html>
More information about the users
mailing list