Hi,
Yes, I'm using the OIDC security module. And provided some input with this PR 
<https://github.com/geoserver/geoserver/pull/7551>.
It didn't have the expected outcome, therefore I want to investigate it further.

How I add them?

I have a setup with Docker Geoserver and add the nightly build of that plugin. 
In addition I have a Docker container with Keycloak.
During development I copy the jar into the Geoserver container and restart. 
That's the reason why you want find the specific error message within Geoserver 
codebase.

Did that answer your question?

Regards, Roar


> 25. apr. 2024 kl. 01:07 skrev David Blasby <david.bla...@geocat.net>:
> 
> Hi,
> 
> This looks like you are using the OIDC security module(s) and it’s having 
> some issues. 
> 
> How did you add them?
> 
> Thanks,
> Dave
> 
> Sent from my iPhone
> 
>> On Apr 24, 2024, at 1:47 PM, Roar Brænden <roar.brenden...@gmail.com 
>> <mailto:roar.brenden...@gmail.com>> wrote:
>> 
>> Hi,
>> 
>> I've started to look at the user interface of Geoserver, and wonder about 
>> the error handling. As I see it there are three options:
>> 
>> 1 - 500 status code from the Servlet Engine. Usually presented with the 
>> stack trace.
>> 
>> 2 - Geoserver's version of number 1), but with the menu available and a 
>> message about using the mailing list.
>> 
>> 3 - A red message that don't interrupt the user, but tries to inform abut a 
>> problem.
>> 
>> For the moment I'm getting 1) with this stack trace:
>> java.lang.RuntimeException: None of the supported token claims 
>> [IdToken,AccessToken,MSGraphAPI,UserInfo] have been set as Role Source in 
>> the configuration of Authentication using OpenId Connect.
>>      
>> org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.getRoles(OpenIdConnectAuthenticationFilter.java:152)
>>      
>> org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doAuthenticate(GeoServerOAuthAuthenticationFilter.java:346)
>>      
>> org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:153)
>>      
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
>>      
>> org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
>>      
>> org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:72)
>>      
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>>      
>> org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
>>      
>> org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
>>      
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
>>      
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
>>      
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
>>      
>> org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
>>      
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
>>      
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
>>      
>> org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:100)
>>      org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
>>      
>> org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
>>      org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
>>      
>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>>      
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>> 
>> I'm at the front page with the url: 
>> https://some.url.at/geoserver/web?session_state=6d2d6c39-7eca 
>> <https://some.url.at/geoserver/web?session_state=6d2d6c39-7eca>.....
>> 
>> How could the message be presented like 3)?
>> 
>> Best regards,
>> Roar Brænden
>> 
>> _______________________________________________
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net 
>> <mailto:Geoserver-devel@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel 
>> <https://lists.sourceforge.net/lists/listinfo/geoserver-devel>
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to