[
https://issues.apache.org/jira/browse/KNOX-3258?focusedWorklogId=1006577&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1006577
]
ASF GitHub Bot logged work on KNOX-3258:
----------------------------------------
Author: ASF GitHub Bot
Created on: 22/Feb/26 13:28
Start Date: 22/Feb/26 13:28
Worklog Time Spent: 10m
Work Description: bonampak opened a new pull request, #1152:
URL: https://github.com/apache/knox/pull/1152
Updating oauth2-oidc-sdk to 9.13 to fix nimbus-jose-jwt:10.0.2 and
pac4j-oidc:4.5.6 incompatibility
[KNOX-3258](https://issues.apache.org/jira/browse/KNOX-3258) - Fix OIDC login
## What changes were proposed in this pull request?
Updating oauth2-oidc-sdk to 9.13 to fix nimbus-jose-jwt:10.0.2 and
pac4j-oidc:4.5.6 incompatibility
## How was this patch tested?
Manual test using keycloak in docker (see attached file and screenshots in
JIRA)
## Integration Tests
No integration tests added. Will add a test using testcontainers in a
following PR.
Issue Time Tracking
-------------------
Worklog Id: (was: 1006577)
Remaining Estimate: 0h
Time Spent: 10m
> Fix OIDC client login
> ---------------------
>
> Key: KNOX-3258
> URL: https://issues.apache.org/jira/browse/KNOX-3258
> Project: Apache Knox
> Issue Type: Task
> Components: KnoxSSO
> Affects Versions: 2.1.0
> Reporter: Tamás Marcinkovics
> Assignee: Tamás Marcinkovics
> Priority: Major
> Attachments: http500-oidc-client-pac4j-knox-login.png,
> keycloak-test-after-fix1.png, keycloak-test-after-fix2.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When configuring Knox to use OpenID Connect, (setting up pac4j as a
> federation provider in knoxsso and using the client OidcClient or
> AzureAdClient, etc.),
> login fails with a 500 internal server error and the stack trace shows that
> oauth2-oidc-sdk:8.22 used by pac4j:4.5.6 is not compatible with the
> com.nimbusds:nimbus-jose-jwt:10.
> HTTP ERROR 500 javax.servlet.ServletException:
> javax.servlet.ServletException: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> URI: /gateway/knoxsso/api/v1/websso
> STATUS: 500
> MESSAGE: javax.servlet.ServletException: javax.servlet.ServletException:
> java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> SERVLET: knoxsso-knox-gateway-servlet
> CAUSED BY: javax.servlet.ServletException: javax.servlet.ServletException:
> java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> CAUSED BY: javax.servlet.ServletException: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> CAUSED BY: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> Stack trace:
> ERROR knox.gateway (GatewayServlet.java:service(129)) - Gateway processing
> failed: javax.servlet.ServletException: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> javax.servlet.ServletException: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> at
> org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:65)
> ~[gateway-spi-2.1.0.jar:2.1.0]
> ...
> Caused by: java.lang.NoSuchMethodError:
> com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
> at
> com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet.<init>(IDTokenClaimsSet.java:238)
> ~[oauth2-oidc-sdk-8.22.jar:8.22]
> at
> com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.toIDTokenClaimsSet(IDTokenValidator.java:339)
> ~[oauth2-oidc-sdk-8.22.jar:8.22]
> at
> com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.validate(IDTokenValidator.java:289)
> ~[oauth2-oidc-sdk-8.22.jar:8.22]
> at
> com.nimbusds.openid.connect.sdk.validators.IDTokenValidator.validate(IDTokenValidator.java:224)
> ~[oauth2-oidc-sdk-8.22.jar:8.22]
> at
> org.pac4j.oidc.profile.creator.TokenValidator.validate(TokenValidator.java:103)
> ~[pac4j-oidc-4.5.6.jar:?]
> at
> org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:93)
> ~[pac4j-oidc-4.5.6.jar:?]
> at
> org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:45)
> ~[pac4j-oidc-4.5.6.jar:?]
> at
> org.pac4j.core.client.BaseClient.retrieveUserProfile(BaseClient.java:119)
> ~[pac4j-core-4.5.6.jar:?]
> at
> org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:99)
> ~[pac4j-core-4.5.6.jar:?]
> at
> org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:88)
> ~[pac4j-core-4.5.6.jar:?]
> at
> org.pac4j.jee.filter.CallbackFilter.internalFilter(CallbackFilter.java:75)
> ~[jee-pac4j-5.0.0.jar:?]
> at
> org.pac4j.jee.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:70)
> ~[jee-pac4j-5.0.0.jar:?]
> at
> org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:344)
> ~[gateway-provider-security-pac4j-2.1.0.jar:2.1.0]
> at
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:392)
> ~[gateway-server-2.1.0.jar:2.1.0]
> at
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:306)
> ~[gateway-server-2.1.0.jar:2.1.0]
> at
> org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
> ~[gateway-server-xforwarded-filter-2.1.0.jar:2.1.0]
> at
> org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:59)
> ~[gateway-spi-2.1.0.jar:2.1.0]
> ... 57 more
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
