[midPoint] Midpoint and SSO

Jason Everling jeverling at bshp.edu
Fri Jun 3 16:03:58 CEST 2016


No, you need to comment out that block for CAS auth, that is only used if
you are using another method that passes the auth through the header, look
at mine below, that is correctly done for CAS, well at least for v 3.2

http://pastebin.com/mHW8hvP4

JASON

On Fri, Jun 3, 2016 at 2:09 AM, mceylan <mrveceylan at gmail.com> wrote:

> Hi,
> I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
> login page error
>
> stack tree
>
> 2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
> (com.evolveum.midpoint.web.page.error.PageError): Creating error page for
> code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
> page using constructor 'public
> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
> been thrown during construction!: {}
> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
> constructor 'public
> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
> been thrown during construction!
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> ~[wicket-request-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>
>
>
>
> 2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>
>> He was mentioning that to me thinking it was me having the issues,
>>
>> Merve, what are you using to pass your HEADER auth? Or are you using CAS?
>>
>> JASON
>>
>> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>>
>>> Hi Roman,
>>>
>>> why uncomment  line with "PRE_AUTH_FILTER"?
>>>
>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>>> setup Basically what needs to be done is to uncomment the following
>>> line:
>>>
>>> <custom-filter position="PRE_AUTH_FILTER" ref=
>>> "requestHeaderAuthenticationFilter" />
>>>
>>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>
>>>> Hah! Wait, I am not the one with issue, it is the other on the thread,
>>>> Merve
>>>>
>>>> JASON
>>>>
>>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>>> roman.pudil at ami.cz> wrote:
>>>>
>>>>> Hi Jason,
>>>>>
>>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> Roman Pudil
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 775 663 666
>>>>> e-mail: roman.pudil at ami.cz
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel./fax: [+420] 274 783 239
>>>>> web: www.ami.cz
>>>>>
>>>>>
>>>>>
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>> společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>>
>>>>>
>>>>> ------ Původní zpráva ------
>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>>>>> General Discussion" <midpoint at lists.evolveum.com>
>>>>> Odesláno: 2.6.2016 15:51:17
>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>
>>>>>
>>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
>>>>> issues, it was pretty easy to setup. I am looking over my files to see if I
>>>>> did anything outside of that document or what was commented in
>>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>>
>>>>> You can check ours here,
>>>>> http://pastebin.com/mHW8hvP4
>>>>>
>>>>>
>>>>> JASON
>>>>>
>>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>>> roman.pudil at ami.cz> wrote:
>>>>>
>>>>>> Hi Jason,
>>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>>
>>>>>> Here is URL with configuration:
>>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> Roman Pudil
>>>>>> solution architect
>>>>>>
>>>>>> gsm: [+420] 775 663 666
>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>
>>>>>>
>>>>>> AMI Praha a.s.
>>>>>> Pláničkova 11
>>>>>> 162 00 Praha 6
>>>>>> tel./fax: [+420] 274 783 239
>>>>>> web: http://www.ami.cz/
>>>>>>
>>>>>>
>>>>>>
>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>
>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>>> společnost AMI Praha a.s.
>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>> výhradně písemnou formu.
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------ Původní zpráva ------
>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>> Odesláno: 2.6.2016 15:34:33
>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>
>>>>>>
>>>>>> What SSO method are you using or what SSO agent/client?
>>>>>>
>>>>>> JASON
>>>>>>
>>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>>>
>>>>>>> hi,
>>>>>>>
>>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>>
>>>>>>> When I try to get to https://midpoint/ I get 500 and I can see
>>>>>>> stack trace in log (below).
>>>>>>>
>>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>>> attachments.
>>>>>>>
>>>>>>>
>>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Could you help me ?
>>>>>>> Thank you very much
>>>>>>>
>>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>>
>>>>>>> Merve
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> CONFIDENTIALITY NOTICE:
>>>>>> This e-mail together with any attachments is proprietary and
>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>> computer.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>> Merve CEYLAN
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/da23981a/attachment.htm>


More information about the midPoint mailing list