[midPoint] Password reset with Gluu SSO
Doler, Alexander Earl (LATCO - Buenos Aires)
adoler at deloitte.com
Wed May 31 16:31:47 CEST 2017
I’d like to add that when Midpoint is configured with Gluu SSO, upon accessing the page /midpoint/forgotpassword, the following error is produced in the log, where “email_verified” is the scope that is currently being sent from Gluu to be mapped with Midpoint’s “name” attribute.
2017-05-31 09:46:31,408 [] [ajp-nio-8009-exec-4] ERROR (com.evolveum.midpoint.web.util.MidPointProfilingServletFilter): Encountered exception: org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: USERINFO_email_verified header not found in request.
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: USERINFO_email_verified header not found in request.
As I mentioned in my first e-mail, normally, this page is blocked for unauthenticated users unless it is specified as an exception in tomcat.
Let me know.
Thanks again,
Alex
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Katka Valalikova
Sent: miércoles, 31 de mayo de 2017 4:19 a. m.
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Password reset with Gluu SSO
Hi Alex,
which version of midPoint do you use? It seems to me that you are facing this problem<https://jira.evolveum.com/browse/MID-3877> that was already fixed. If so, you need to upgrade midPoint to the latest master.
Best regards,
Katarina Valalikova
Java Developer
evolveum.com
________________________________
From: "Alexander Earl Doler (LATCO - Buenos Aires)" <adoler at deloitte.com<mailto:adoler at deloitte.com>>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Sent: Tuesday, May 30, 2017 10:40:04 PM
Subject: [midPoint] Password reset with Gluu SSO
Hello,
We recently configured Midpoint with Gluu SSO using OpenID following the instructions provided here: https://wiki.evolveum.com/display/midPoint/Midpoint+and+SSO+using+Gluu+HOWTO. User authentication and redirect works well, but we are unable to reset user passwords through Midpoint (it worked prior to configuring Midpoint with Gluu). In order to be able to access the forgot password page without the user being authenticated already through the SSO page, we added the forgot password page as an exception in the file ctx-web-security.xml by adding the following line: <http pattern="/forgotpassword**" security="none"/>. This allows the page to be accessed, however, even so, when a user enters their e-mail address to reset their password, an error message is displayed stating that the user is not found. In the idm.log file, it indicates that a null value is being received for the e-mail field.
It seems that something to do with the SSO integration is blocking the reset password feature. Has anyone dealt with this or have any ideas as to what could be going on and how to fix it?
Thank you,
Alex
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170531/b750c4c1/attachment.htm>
More information about the midPoint
mailing list