On Mon, Apr 16, 2018 at 9:15 AM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> AFAIR, this seems to be an issue with handling email type usernames
> without enabling email usernames..
>
Thanks Darshana for the input. It looks like that. I will configure some
other attribute (other than email) as subject identifier and see.

>
> Anyhow we have discussed to fix this from the sso consent implementation..
> @Omindu: Do we have any git issue related to this?
>
> Thanks,
>
> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <
> gmgunaward...@gmail.com> wrote:
>
>>
>> Hi Tharindu,
>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe <tharin...@wso2.com
>> > wrote:
>>
>>> Hi Gayan,
>>>
>>> It seems the error is coming form the consent management feature. If you
>>> don't require this feature, you can simply turn it off from the following
>>> property in identity.xml file.
>>>
>>>     <Consent>
>>>         <!--Specify whether consent management should be enable during
>>> SSO.-->
>>>         <EnableSSOConsentManagement>*false*</EnableSSOConsentManagement>
>>>     </Consent>
>>>
>>> Alternatively you can turn off the following listener from identity.xml
>>> file too for getting rid of the issue.
>>>
>>> <EventListener type="org.wso2.carbon.identity
>>> .core.handler.AbstractIdentityHandler" name="org.wso2.carbon.identity.
>>> application.authentication.framework.handler.request.impl.
>>> consent.ConsentMgtPostAuthnHandler" orderId="110" *enable*="*false*" />
>>>
>>
>>> I could reproduce the same behavior and by setting any of the above
>>> configs, I could avoid the error and successfully authenticate the SP app
>>> (travelocity) with FB IDP.
>>>
>> Thanks for the explanation. I have already disabled consent management to
>> get it work. I suppose globally disabling consent management feature or
>> disabling the listener would not be a good solution.
>>
>>>
>>> @IAM Team - If we keep using the consent management feature, do we need
>>> any additional configuration? May be claim configuration to map the
>>> particular user claims which should require obtaining user consent?
>>>
>>
>>> Thanks,
>>> TharinduE
>>>
>>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>>> gmgunaward...@gmail.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> I have configured travelocity.com sample application as SAML inbound
>>>> and Facebook as federated authenticator for IS-5.5.0. After adding Facebook
>>>> credentials, got below UI.
>>>>
>>>>
>>>> ​After enabling debug logs found below exception. Is there any further
>>>> configuration I have to do to get it work ?
>>>>
>>>> [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
>>>> horization.JDBCAuthorizationManager} -  Error occurred while accessing
>>>> Java Security Manager Privilege Block
>>>> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
>>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>>>> -  Error occurred while evaluating post authentication
>>>> org.wso2.carbon.identity.application.authentication.framewor
>>>> k.exception.PostAuthenticationFailedException: Error occurred while
>>>> retrieving consent data of user: gmgunaward...@gmail.com for service
>>>> provider: CafeLebens-Sample in tenant domain: carbon.super.
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
>>>> ndlePreConsent(ConsentMgtPostAuthnHandler.java:201)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
>>>> ndle(ConsentMgtPostAuthnHandler.java:106)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.services.PostAuthenticationMgtService.executePostAuthnHand
>>>> ler(PostAuthenticationMgtService.java:109)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.services.PostAuthenticationMgtService.handlePostAuthentica
>>>> tion(PostAuthenticationMgtService.java:78)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>>> andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>>> andle(DefaultAuthenticationRequestHandler.java:134)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
>>>> ultRequestCoordinator.java:157)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
>>>> ationServlet.java:53)
>>>>     at org.wso2.carbon.identity.application.authentication.framewor
>>>> k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
>>>> tionServlet.java:43)
>>>>
>>>> Thanks,
>>>> Gayan
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Senior Software Engineer | WSO2 Inc
>>> Platform Security Team
>>> Blog : http://tharindue.blogspot.com
>>> mobile : +94 775181586
>>>
>>
>>
>>
>> --
>> Gayan
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859*Lean . Enterprise . Middleware
>



-- 
Gayan
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to