Re: [Dev] Does IS has mutual authenticator packed in IS 5.1.0 disctribution?

Rajkumar Rajaratnam Mon, 27 Jul 2015 08:56:10 -0700

Thanks a lot Tharindu for confirming it. I guess it is better to update the
pre-configured pack with this change.


Thanks,
Raj.

On Mon, Jul 27, 2015 at 9:21 PM, Tharindu Edirisinghe <[email protected]>
wrote:

> Hi Raj,
>
> I tested the same and reproduced the issue... The fix is to delete the
> TenantConfig.properties file from <IS_HOME>/repository/conf/ directory.
> Ideally this file should not be there with Service Pack 1. I wonder how it
> got there because this was introduced in patch1040 which was released after
> service pack 1. If the TenantConfig.properties file is in conf directory,
> then there should be the latest authentication.endpoint webapp from support
> branch.
>
> Regards,
> Tharindu
>
> On Mon, Jul 27, 2015 at 8:19 PM, Tharindu Edirisinghe <[email protected]>
> wrote:
>
>> Hi Raj,
>>
>> This was done after SP1 release. You can find the source for the custom
>> secret callback handler in the patch1040 [1]. But this is needed only if
>> the Tenat List Dropdown feature [2] in the SSO login page is enabled and
>> also if secure vault is added for the TenantConfig.properties file. By
>> default this feature is disabled. If we get the error when this feature is
>> disabled, it is not correct. If so we need to patch authentication.endpoint
>> webapp that is delivered in the pack. Let's have a review on this tomorrow.
>>
>> [1]
>> https://svn.wso2.com/wso2/custom/projects/projects/carbon/turing/patches/patch1040/
>> [2]
>> http://tharindue.blogspot.com/2015/04/enabling-tenant-domains-dropdown-in-sso.html
>>
>> On Mon, Jul 27, 2015 at 3:15 PM, Darshana Gunawardana <[email protected]>
>> wrote:
>>
>>>
>>>
>>> On Mon, Jul 27, 2015 at 2:22 PM, Samuel Gnaniah <[email protected]> wrote:
>>>
>>>> Adding TharinduA.
>>>>
>>>> *Samuel Gnaniah*
>>>> Lead Technical Writer
>>>>
>>>> WSO2 (pvt.) Ltd.
>>>> Colombo, Sri Lanka
>>>> (+94) 773131798
>>>>
>>>> On Mon, Jul 27, 2015 at 12:33 PM, Rajkumar Rajaratnam <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi Tharindu
>>>>>
>>>>> On Sun, Apr 26, 2015 at 9:11 AM, Tharindu Edirisinghe <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi Firzan,
>>>>>>
>>>>>> The custom secret callback handler should be included in
>>>>>> authenticanendpoint/WEB-INF/lib directory only if secure vault is added. 
>>>>>> We
>>>>>> should write proper documentation for enabling secure vault for the
>>>>>> dropdown feature and mention that. However the error handling of the
>>>>>> feature is improved than the service pack when comes to the next release 
>>>>>> of
>>>>>> IS.
>>>>>>
>>>>>
>>>>> Where can I get CustomSecretCallbackHandler jar?
>>>>>
>>>>
>>> Check :
>>> https://wso2.org/jira/browse/IDENTITY-2981?focusedCommentId=95432&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-95432
>>>
>>>
>>> Thanks,
>>> Darshana.
>>>
>>>
>>>> I couldn't find it in SP01. The pre-configured IS pack [1] has
>>>>> TenantConfig.properties file which references
>>>>> org.wso2.carbon.securevault.custom.CustomSecretCallbackHandler. It throws
>>>>> following CNF exceptions since the jar is not included anywhere. Please
>>>>> advice.
>>>>>
>>>>> TID: [0] [IS] [2015-07-26 08:28:18,874] ERROR 
>>>>> {org.wso2.securevault.secret.SecretCallbackHandlerFactory} -  A 
>>>>> SecretCallbackHandler cannot be found for class name : 
>>>>> org.wso2.carbon.securevault.custom.CustomSecretCallbackHandler 
>>>>> {org.wso2.securevault.secret.SecretCallbackHandlerFactory}
>>>>> java.lang.ClassNotFoundException: 
>>>>> org.wso2.carbon.securevault.custom.CustomSecretCallbackHandler
>>>>>   at 
>>>>> org.wso2.carbon.webapp.mgt.loader.CarbonWebappClassLoader.loadClass(CarbonWebappClassLoader.java:138)
>>>>>   at 
>>>>> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
>>>>>   at 
>>>>> org.wso2.securevault.secret.SecretCallbackHandlerFactory.createSecretCallbackHandler(SecretCallbackHandlerFactory.java:62)
>>>>>   at 
>>>>> org.wso2.securevault.SecretResolverFactory.initPasswordManager(SecretResolverFactory.java:278)
>>>>>   at 
>>>>> org.wso2.securevault.SecretResolverFactory.create(SecretResolverFactory.java:218)
>>>>>   at 
>>>>> org.wso2.carbon.identity.application.authentication.endpoint.util.TenantDataManager.resolveSecrets(TenantDataManager.java:282)
>>>>>   at 
>>>>> org.wso2.carbon.identity.application.authentication.endpoint.util.TenantDataManager.init(TenantDataManager.java:88)
>>>>>   at 
>>>>> org.wso2.carbon.identity.application.authentication.endpoint.util.TenantDataManager.isTenantListEnabled(TenantDataManager.java:267)
>>>>>   at org.apache.jsp.login_jsp._jspService(org.apache.jsp.login_jsp:329)
>>>>>   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>>   at 
>>>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
>>>>>   at 
>>>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
>>>>>   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
>>>>>   at 
>>>>> org.wso2.carbon.identity.application.authentication.endpoint.oauth2.OAuth2Login.doGet(OAuth2Login.java:94)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
>>>>>   at 
>>>>> org.wso2.carbon.identity.application.authentication.endpoint.AuthenticationEndpoint.doGet(AuthenticationEndpoint.java:82)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
>>>>>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>>>>   at 
>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>>>>   at 
>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>>>>   at 
>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>>>>   at 
>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>>>>>   at 
>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>>>>   at 
>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>>>>>   at 
>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>>>>>   at 
>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>>>>>   at 
>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
>>>>>   at 
>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>>>>   at 
>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>>>>>   at 
>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>>>>>   at 
>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>>>>   at 
>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
>>>>>   at 
>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>>>   at 
>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>>>   at java.lang.Thread.run(Thread.java:745)
>>>>>
>>>>>
>>>>>
>>>>> [1]
>>>>> https://docs.wso2.com/display/CLUSTER420/Configuring+the+Pre-Packaged+Identity+Server+5.0.0+with+API+Manager+1.9.0
>>>>>
>>>>> Thanks,
>>>>> Raj.
>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> TharinduE
>>>>>>
>>>>>> On Sun, Apr 26, 2015 at 7:32 AM, Firzhan Naqash <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Thraindhu/Darshana,
>>>>>>>
>>>>>>> And also IMO, we should make sure it does not throw CNF errors in
>>>>>>> the console, in the event of mutual SSL authentication is disabled and 
>>>>>>> it
>>>>>>> doesn't have the custom authentication jar inside the
>>>>>>> authenticanendpoint/WEB-INF/lib.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Firzhan
>>>>>>>
>>>>>>> On Sat, Apr 25, 2015 at 3:49 PM, Tharindu Edirisinghe <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi Darshana,
>>>>>>>>
>>>>>>>> +1. Yes, IMO we should ship the mutual ssl authenticator with the
>>>>>>>> new release so that the features like tenant list dropdown in SSO login
>>>>>>>> page would work OOTB with only configuration changes.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> TharinduE
>>>>>>>>
>>>>>>>> On Sun, Apr 26, 2015 at 2:13 AM, Darshana Gunawardana <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi Devs,
>>>>>>>>>
>>>>>>>>> IS 5.0.0 does not have mutual authenticator shipped with 5.0.0.
>>>>>>>>> But in the SP it has instructions to copy it to dropins.
>>>>>>>>>
>>>>>>>>> How about shipping it in the standard distribution from 5.1.0
>>>>>>>>> onwards.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Darshana
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Darshana Gunawardana*Software Engineer
>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>
>>>>>>>>> *E-mail: [email protected] <[email protected]>*
>>>>>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise .
>>>>>>>>> Middleware
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Tharindu Edirisinghe
>>>>>>>> Software Engineer | WSO2 Inc
>>>>>>>> Identity Server Team
>>>>>>>> mobile : +94 775 181586
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Dev mailing list
>>>>>>>> [email protected]
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Tharindu Edirisinghe
>>>>>> Software Engineer | WSO2 Inc
>>>>>> Identity Server Team
>>>>>> mobile : +94 775 181586
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Rajkumar Rajaratnam
>>>>> Committer & PMC Member, Apache Stratos
>>>>> Software Engineer, WSO2
>>>>>
>>>>> Mobile : +94777568639
>>>>> Blog : rajkumarr.com
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [email protected]
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: [email protected] <[email protected]>*
>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>
>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Software Engineer | WSO2 Inc
>> Identity Server Team
>> Blog : tharindue.blogspot.com
>> mobile : +94 775 181586
>>
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Software Engineer | WSO2 Inc
> Identity Server Team
> Blog : tharindue.blogspot.com
> mobile : +94 775 181586
>
>
>


-- 
Rajkumar Rajaratnam
Committer & PMC Member, Apache Stratos
Software Engineer, WSO2

Mobile : +94777568639
Blog : rajkumarr.com

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Does IS has mutual authenticator packed in IS 5.1.0 disctribution?

Reply via email to