<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<p>Hi Xiaoshu,</p>
<p>I do see the same exception in our Incommon midPoint testbed,
though the login appears to proceed fine, I see the same exception
logged at each login event. We are also using the httpHeader
module to process a headers set by a Shibboleth SP.<br>
</p>
<p>Ethan</p>
<p>2021-09-27 17:37:06,552 [MODEL] [ajp-nio-127.0.0.1-9090-exec-9]
INFO
(org.springframework.security.web.DefaultSecurityFilterChain):
Creating filter chain: Ant [pattern='/auth/shib/httpHeader/**'],
[org.springframework.security.web.header.HeaderWriterFilter@87b6f7,
org.springframework.security.web.csrf.CsrfFilter@aece9cc,
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter@2e822fcb,
com.evolveum.midpoint.web.security.filter.MidpointRequestHeaderAuthenticationFilter@5756d0c0,
org.springframework.security.web.authentication.logout.LogoutFilter@138f1343,
com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter@7011378c,
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@245a878c,
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1093c981,
com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter@28d763a3,
com.evolveum.midpoint.web.security.filter.MidpointExceptionTranslationFilter@55dbf759,
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@765d8718]<br>
2021-09-27 17:37:06,703 [MODEL] [ajp-nio-127.0.0.1-9090-exec-9]
ERROR
(com.evolveum.midpoint.web.security.filter.TranslateExeptionFilter):
Unable to handle the Spring Security Exception because the
response is already committed.<br>
javax.servlet.ServletException: Unable to handle the Spring
Security Exception because the response is already committed.<br>
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:138)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter.doFilter(MidpointAnonymousAuthenticationFilter.java:96)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointRequestHeaderAuthenticationFilter.doFilter(MidpointRequestHeaderAuthenticationFilter.java:65)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)<br>
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilterInternal(MidpointAuthFilter.java:192)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilter(MidpointAuthFilter.java:100)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:169)<br>
at
com.evolveum.midpoint.web.security.filter.TranslateExeptionFilter.doFilterInternal(TranslateExeptionFilter.java:30)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:152)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilterInternal(MidpointFilterChainProxy.java:95)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilter(MidpointFilterChainProxy.java:60)<br>
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)<br>
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
com.evolveum.midpoint.web.boot.TrailingSlashRedirectingFilter.doFilterInternal(TrailingSlashRedirectingFilter.java:60)<br>
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)<br>
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)<br>
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)<br>
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)<br>
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)<br>
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)<br>
at
com.evolveum.midpoint.web.boot.NodeIdHeaderValve.invoke(NodeIdHeaderValve.java:46)<br>
at
com.evolveum.midpoint.web.boot.TomcatRootValve.invoke(TomcatRootValve.java:62)<br>
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)<br>
at
org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:431)<br>
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)<br>
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)<br>
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)<br>
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)<br>
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)<br>
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)<br>
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<br>
at java.base/java.lang.Thread.run(Thread.java:834)<br>
Caused by:
org.springframework.security.access.AccessDeniedException: Not
authorized<br>
at
com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator.decide(MidPointGuiAuthorizationEvaluator.java:203)<br>
at
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)<br>
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)<br>
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)<br>
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:353)<br>
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)<br>
... 80 common frames omitted<br>
<br>
</p>
<div class="moz-cite-prefix">On 9/8/21 9:39 AM, Wang, Xiaoshu via
midPoint wrote:<br>
</div>
<blockquote type="cite" cite="mid:BL0PR03MB4243D54ABF17D69BB5462DD29CD49@BL0PR03MB4243.namprd03.prod.outlook.com">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:14.0pt">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">I am playing
with flexible authentication. I have a blank midpoint 4.3.1
setup on my local machine and put the the security policy
(in the attached file) in the post-initial-objects
directory. Then I can mimic the user by setting up the uid
Request Header on my browser. It works but it generated the
following exceptions on the server log. I do not see the
error prevents the app from functioning but still it
generates a lot of noise.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">My intension
was to see how to front midpoint with a SP provider, hence
the httpHeader module. This leads to my next question.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">What are the
paths that I need to set to let shibboleth SP to require
active session?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">I don’t
think all paths would work as it will block the emergency
login. In addition, I guess it would prevent the server from
using HTTP Basic that is required by a rest client. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">Xiaoshu Wang<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">2021-09-08
08:59:23,340 [MODEL] [http-nio-8080-exec-3] ERROR
(com.evolveum.midpoint.web.util.MidPointProfilingServletFilter):
Encountered exception: java.lang.IllegalStateException:
Cannot call sendRedirect() after the response has been
committed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">java.lang.IllegalStateException:
Cannot call sendRedirect() after the response has been
committed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:488)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.firewall.FirewalledResponse.sendRedirect(FirewalledResponse.java:48)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:136)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:136)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.servlet.ServletWebResponse.sendRedirect(ServletWebResponse.java:288)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.BufferedWebResponse$SendRedirectAction.invoke(BufferedWebResponse.java:409)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.BufferedWebResponse.writeTo(BufferedWebResponse.java:602)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.HeaderBufferingWebResponse.stopBuffering(HeaderBufferingWebResponse.java:60)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.HeaderBufferingWebResponse.flush(HeaderBufferingWebResponse.java:97)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:277)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:206)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:299)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:79)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:406)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:418)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt">
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>