Hi Gayan,
It seems the error is coming form the consent management feature. If you
don't require this feature, you can simply turn it off from the following
property in identity.xml file.
<Consent>
<!--Specify whether consent management should be enable during
SSO.-->
<EnableSSOConsentManagement>*false*</EnableSSOConsentManagement>
</Consent>
Alternatively you can turn off the following listener from identity.xml
file too for getting rid of the issue.
<EventListener
type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
orderId="110" *enable*="*false*" />
I could reproduce the same behavior and by setting any of the above
configs, I could avoid the error and successfully authenticate the SP app
(travelocity) with FB IDP.
@IAM Team - If we keep using the consent management feature, do we need any
additional configuration? May be claim configuration to map the particular
user claims which should require obtaining user consent?
Thanks,
TharinduE
On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <[email protected]>
wrote:
> Hi All,
>
> I have configured travelocity.com sample application as SAML inbound and
> Facebook as federated authenticator for IS-5.5.0. After adding Facebook
> credentials, got below UI.
>
>
> ​After enabling debug logs found below exception. Is there any further
> configuration I have to do to get it work ?
>
> [2018-04-14 20:25:49,655] ERROR
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
> - Error occurred while accessing Java Security Manager Privilege Block
> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.
> application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
> - Error occurred while evaluating post authentication
> org.wso2.carbon.identity.application.authentication.framework.exception.
> PostAuthenticationFailedException: Error occurred while retrieving
> consent data of user: [email protected] for service provider:
> CafeLebens-Sample in tenant domain: carbon.super.
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
> handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(
> ConsentMgtPostAuthnHandler.java:106)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.executePostAuthnHandler(
> PostAuthenticationMgtService.java:109)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.handlePostAuthentication(
> PostAuthenticationMgtService.java:78)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.
> handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(
> DefaultAuthenticationRequestHandler.java:134)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultRequestCoordinator.handle(
> DefaultRequestCoordinator.java:157)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doPost(
> CommonAuthenticationServlet.java:53)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doGet(
> CommonAuthenticationServlet.java:43)
>
> Thanks,
> Gayan
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
