[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...

bhaisaab Thu, 28 Jan 2016 09:26:18 -0800

Github user bhaisaab commented on the pull request:

    https://github.com/apache/cloudstack/pull/1380#issuecomment-176291448
  
    @DaanHoogland upgraded my local 4.7.0 cloudstack to 4.7.1 without the 
spring-saml ext dependency and logged in as a SAML user. Log:
    
    2016-01-28 18:16:32,085 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Starting SAML IDP Metadata Refresh Task
    2016-01-28 18:16:32,085 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Adding IdP to the list of discovered IdPs: 
https://idp.scaleninja.com/idp/shibboleth
    2016-01-28 18:16:32,088 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Finished refreshing SAML Metadata and expiring old auth tokens
    2016-01-28 18:22:41,287 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Module Hierarchy:         saml2
    2016-01-28 18:22:56,876 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-plugin-user-authenticator-saml2-4.7.1.jar!/META-INF/cloudstack/saml2/spring-saml2-context.xml]
    2016-01-28 18:22:56,876 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml]
    2016-01-28 18:22:56,876 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/core/spring-core-lifecycle-core-context-inheritable.xml]
    2016-01-28 18:22:56,876 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/system/spring-core-system-context-inheritable.xml]
    2016-01-28 18:22:56,877 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-framework-config-4.7.1.jar!/META-INF/cloudstack/system/spring-framework-config-system-context-inheritable.xml]
    2016-01-28 18:22:56,877 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-plugin-network-contrail-4.7.1.jar!/META-INF/cloudstack/system/spring-contrail-system-context-inheritable.xml]
    2016-01-28 18:22:56,877 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loading module context [saml2] from URL 
[jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/bootstrap/spring-bootstrap-context-inheritable.xml]
    2016-01-28 18:22:56,991 DEBUG [o.a.c.f.c.i.ConfigDepotImpl] (main:null) 
(logid:) Retrieving keys from SAML2AuthManagerImpl
    2016-01-28 18:22:57,012 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) 
(logid:) Registering extension [SAML2] in [User Authenticators Registry]
    2016-01-28 18:22:57,012 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) 
(logid:) Registered org.apache.cloudstack.saml.SAML2UserAuthenticator@573410b6
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) 
(logid:) Registering extension [SAML2Auth] in [Pluggable A P I Authenticators 
Registry]
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) 
(logid:) Registered org.apache.cloudstack.saml.SAML2AuthManagerImpl@3a678371
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) 
(logid:) Registering extension [SAML2] in [User Password Encoders Registry]
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) 
(logid:) Registered org.apache.cloudstack.saml.SAML2UserAuthenticator@573410b6
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) 
(logid:) Registering extension [SAML2Auth] in [Api Commands Registry]
    2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) 
(logid:) Registered org.apache.cloudstack.saml.SAML2AuthManagerImpl@3a678371
    2016-01-28 18:22:57,017 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Loaded module context [saml2] in 141 ms
    2016-01-28 18:23:02,673 DEBUG [c.c.a.ApiServer] (main:null) (logid:) 
Discovered plugin SAML2AuthManagerImpl
    2016-01-28 18:23:02,712 INFO  [o.a.c.s.l.r.DumpRegistry] (main:null) 
(logid:) Registry [User Authenticators Registry] contains [PBKDF2, SHA256SALT, 
MD5, LDAP, SAML2]
    2016-01-28 18:23:02,713 INFO  [o.a.c.s.l.r.DumpRegistry] (main:null) 
(logid:) Registry [Pluggable A P I Authenticators Registry] contains [SAML2Auth]
    2016-01-28 18:23:02,713 INFO  [o.a.c.s.l.r.DumpRegistry] (main:null) 
(logid:) Registry [User Password Encoders Registry] contains [PBKDF2, 
SHA256SALT, SAML2]
    2016-01-28 18:23:02,715 DEBUG [o.a.c.d.ApiDiscoveryServiceImpl] (main:null) 
(logid:) getting api commands of service: 
org.apache.cloudstack.saml.SAML2AuthManagerImpl
    2016-01-28 18:23:02,941 INFO  [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] 
(main:null) (logid:) Starting module [saml2]
    2016-01-28 18:23:02,942 INFO  [o.a.c.s.SAML2AuthManagerImpl] (main:null) 
(logid:) SAML auth plugin loaded
    2016-01-28 18:23:03,747 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (main:null) 
(logid:) Provided Metadata is not a URL, trying to read metadata file from 
local path: /etc/cloudstack/management/idpmetadata.xml
    2016-01-28 18:23:03,806 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Starting SAML IDP Metadata Refresh Task
    2016-01-28 18:23:03,806 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Adding IdP to the list of discovered IdPs: 
https://idp.scaleninja.com/idp/shibboleth
    2016-01-28 18:23:04,092 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) 
(logid:) Finished refreshing SAML Metadata and expiring old auth tokens
    2016-01-28 18:23:11,774 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) ===START===  192.168.1.12 -- 
GET  command=listAndSwitchSamlAccount&response=json&_=1454001791786
    2016-01-28 18:23:11,781 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) Authentication failure: 
{"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
 authenticated saml users can request this API"}}
    2016-01-28 18:23:11,782 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) ===END===  192.168.1.12 -- GET 
 command=listAndSwitchSamlAccount&response=json&_=1454001791786
    2016-01-28 18:23:24,598 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) ===START===  192.168.1.12 -- 
GET  
command=samlSso&idpid=https://idp.scaleninja.com/idp/shibboleth&response=json
    2016-01-28 18:23:24,623 DEBUG [o.a.c.a.c.SAML2LoginAPIAuthenticatorCmd] 
(catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) Sending SAMLRequest 
id=82g5fbvlve8eg4irbfv15i6ku6h626ah
    2016-01-28 18:23:24,854 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) ===END===  192.168.1.12 -- GET 
 command=samlSso&idpid=https://idp.scaleninja.com/idp/shibboleth&response=json
    2016-01-28 18:23:32,746 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-6:ctx-30dd9192) (logid:9a27f021) ===START===  192.168.1.12 -- 
POST  command=samlSso
    2016-01-28 18:23:32,868 DEBUG [o.a.c.a.c.SAML2LoginAPIAuthenticatorCmd] 
(catalina-exec-6:ctx-30dd9192) (logid:9a27f021) Received SAMLResponse in 
response to id=82g5fbvlve8eg4irbfv15i6ku6h626ah
    2016-01-28 18:23:33,021 DEBUG [o.a.c.s.SAMLUtils] 
(catalina-exec-6:ctx-30dd9192) (logid:9a27f021) SAML attribute name: 
urn:oid:0.9.2342.19200300.100.1.1 friendly-name:uid value:bhaisaab
    2016-01-28 18:23:33,027 DEBUG [o.a.c.s.SAML2UserAuthenticator] 
(catalina-exec-6:ctx-30dd9192) (logid:9a27f021) Trying SAML2 auth for user: 
bhaisaab
    2016-01-28 18:23:33,075 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-6:ctx-30dd9192) (logid:9a27f021) ===END===  192.168.1.12 -- POST 
 command=samlSso
    2016-01-28 18:23:33,647 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-16:ctx-dfd79bf5) (logid:f01ab9f9) ===START===  192.168.1.12 -- 
GET  command=listAndSwitchSamlAccount&response=json&_=1454001813660
    2016-01-28 18:23:33,654 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-16:ctx-dfd79bf5) (logid:f01ab9f9) ===END===  192.168.1.12 -- GET 
 command=listAndSwitchSamlAccount&response=json&_=1454001813660
    2016-01-28 18:23:38,410 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-11:ctx-b53034c3) (logid:106746c7) ===START===  192.168.1.12 -- 
POST  command=listAndSwitchSamlAccount&response=json
    2016-01-28 18:23:38,418 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-11:ctx-b53034c3) (logid:106746c7) Authentication failure: 
{"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":431,"errortext":"User
 account is not allowed to switch to the requested account"}}
    2016-01-28 18:23:38,418 DEBUG [c.c.a.ApiServlet] 
(catalina-exec-11:ctx-b53034c3) (logid:106746c7) ===END===  192.168.1.12 -- 
POST  command=listAndSwitchSamlAccount&response=json




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...

Reply via email to