Tamás Marcinkovics created KNOX-3258:
----------------------------------------
Summary: Fix OIDC client login
Key: KNOX-3258
URL: https://issues.apache.org/jira/browse/KNOX-3258
Project: Apache Knox
Issue Type: Task
Components: KnoxSSO
Affects Versions: 2.1.0
Reporter: Tamás Marcinkovics
Assignee: Tamás Marcinkovics
When configuring Knox to use OpenID Connect, (setting up pac4j as a federation
provider in knoxsso and using the client OidcClient or AzureAdClient, etc.),
login fails with a 500 internal server error:
HTTP ERROR 500 javax.servlet.ServletException: javax.servlet.ServletException:
java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
URI: /gateway/knoxsso/api/v1/websso
STATUS: 500
MESSAGE: javax.servlet.ServletException: javax.servlet.ServletException:
java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
SERVLET: knoxsso-knox-gateway-servlet
CAUSED BY: javax.servlet.ServletException: javax.servlet.ServletException:
java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
CAUSED BY: javax.servlet.ServletException: java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
CAUSED BY: java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
The stack trace shows that oauth2-oidc-sdk:8.22 used by pac4j:4.5.6 is not
compatible with the com.nimbusds:nimbus-jose-jwt:10.
ERROR knox.gateway (GatewayServlet.java:service(129)) - Gateway processing
failed: javax.servlet.ServletException: java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
javax.servlet.ServletException: java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
at
org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:65)
~[gateway-spi-2.1.0.jar:2.1.0]
...
Caused by: java.lang.NoSuchMethodError:
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
at
com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet.<init>(IDTokenClaimsSet.java:238)
~[oauth2-oidc-sdk-8.22.jar:8.22]
at
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.toIDTokenClaimsSet(IDTokenValidator.java:339)
~[oauth2-oidc-sdk-8.22.jar:8.22]
at
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.validate(IDTokenValidator.java:289)
~[oauth2-oidc-sdk-8.22.jar:8.22]
at
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.validate(IDTokenValidator.java:224)
~[oauth2-oidc-sdk-8.22.jar:8.22]
at
org.pac4j.oidc.profile.creator.TokenValidator.validate(TokenValidator.java:103)
~[pac4j-oidc-4.5.6.jar:?]
at
org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:93)
~[pac4j-oidc-4.5.6.jar:?]
at
org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:45)
~[pac4j-oidc-4.5.6.jar:?]
at
org.pac4j.core.client.BaseClient.retrieveUserProfile(BaseClient.java:119)
~[pac4j-core-4.5.6.jar:?]
at org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:99)
~[pac4j-core-4.5.6.jar:?]
at
org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:88)
~[pac4j-core-4.5.6.jar:?]
at
org.pac4j.jee.filter.CallbackFilter.internalFilter(CallbackFilter.java:75)
~[jee-pac4j-5.0.0.jar:?]
at
org.pac4j.jee.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:70)
~[jee-pac4j-5.0.0.jar:?]
at
org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:344)
~[gateway-provider-security-pac4j-2.1.0.jar:2.1.0]
at
org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:392)
~[gateway-server-2.1.0.jar:2.1.0]
at
org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:306)
~[gateway-server-2.1.0.jar:2.1.0]
at
org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
~[gateway-server-xforwarded-filter-2.1.0.jar:2.1.0]
at
org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:59)
~[gateway-spi-2.1.0.jar:2.1.0]
... 57 more
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
