Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi Thanuja, I made a mistake when trying your previous suggestion, I have added http://wso2.org/claims/role; as a requested claim in first IS which you told to add it to second IS. After adding requested role claim to second IS, JIT provisioning works fine. But when I debug JIT provisioning test case I see user get provisioned in first IS without setting http://wso2.org/claims/role; as a requested claim in second IS. Thanks all for help / suggestions to solve my configuration mistake :). If we must add http://wso2.org/claims/role; as a requested claim in second IS, as Thanuja suggested it's better if we update documentation :) Thanks, Milinda On Mon, Nov 24, 2014 at 11:50 AM, Gayan Gunawardana ga...@wso2.com wrote: Hi Dulanja, On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com wrote: Hi Milinda, Seems this user is already provisioned - probably in a previous login attempt. Could you please confirm that? If that's the case, I don't think we have to worry about this. Thanks, Dulanja I have experienced this scenario, according to my observations we do not throw any exceptions. If user is already provisioned simple ignore provisioning. -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933 -- Milinda Perera Software Engineer; WSO2 Inc. http://wso2.com , Mobile: (+94) 714 115 032 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Noted. Thanks, *Samuel Gnaniah* Senior Technical Writer WSO2 (pvt.) Ltd. Colombo, Sri Lanka (+94) 773131798 On Mon, Nov 24, 2014 at 3:13 PM, Milinda Perera milin...@wso2.com wrote: Hi Thanuja, I made a mistake when trying your previous suggestion, I have added http://wso2.org/claims/role; as a requested claim in first IS which you told to add it to second IS. After adding requested role claim to second IS, JIT provisioning works fine. But when I debug JIT provisioning test case I see user get provisioned in first IS without setting http://wso2.org/claims/role; as a requested claim in second IS. Thanks all for help / suggestions to solve my configuration mistake :). If we must add http://wso2.org/claims/role; as a requested claim in second IS, as Thanuja suggested it's better if we update documentation :) Thanks, Milinda On Mon, Nov 24, 2014 at 11:50 AM, Gayan Gunawardana ga...@wso2.com wrote: Hi Dulanja, On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com wrote: Hi Milinda, Seems this user is already provisioned - probably in a previous login attempt. Could you please confirm that? If that's the case, I don't think we have to worry about this. Thanks, Dulanja I have experienced this scenario, according to my observations we do not throw any exceptions. If user is already provisioned simple ignore provisioning. -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933 -- Milinda Perera Software Engineer; WSO2 Inc. http://wso2.com , Mobile: (+94) 714 115 032 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi all, This seems a bug, and already reported in jira [1]. No need to update documentation. [1] https://wso2.org/jira/browse/IDENTITY-2642 Thanks, Milinda On Mon, Nov 24, 2014 at 3:27 PM, Samuel Gnaniah sam...@wso2.com wrote: Noted. Thanks, *Samuel Gnaniah* Senior Technical Writer WSO2 (pvt.) Ltd. Colombo, Sri Lanka (+94) 773131798 On Mon, Nov 24, 2014 at 3:13 PM, Milinda Perera milin...@wso2.com wrote: Hi Thanuja, I made a mistake when trying your previous suggestion, I have added http://wso2.org/claims/role; as a requested claim in first IS which you told to add it to second IS. After adding requested role claim to second IS, JIT provisioning works fine. But when I debug JIT provisioning test case I see user get provisioned in first IS without setting http://wso2.org/claims/role; as a requested claim in second IS. Thanks all for help / suggestions to solve my configuration mistake :). If we must add http://wso2.org/claims/role; as a requested claim in second IS, as Thanuja suggested it's better if we update documentation :) Thanks, Milinda On Mon, Nov 24, 2014 at 11:50 AM, Gayan Gunawardana ga...@wso2.com wrote: Hi Dulanja, On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com wrote: Hi Milinda, Seems this user is already provisioned - probably in a previous login attempt. Could you please confirm that? If that's the case, I don't think we have to worry about this. Thanks, Dulanja I have experienced this scenario, according to my observations we do not throw any exceptions. If user is already provisioned simple ignore provisioning. -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933 -- Milinda Perera Software Engineer; WSO2 Inc. http://wso2.com , Mobile: (+94) 714 115 032 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Milinda Perera Software Engineer; WSO2 Inc. http://wso2.com , Mobile: (+94) 714 115 032 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi Thanuja Dulanja,
@Dulanja : I checked that the user does not get provisioned in primary IS.
@Thanuja : I tried workaround 1, but didn't work.
It's confusing because JIT provisioning with SAML SSO works successfully in
our test cases.
Thanks,
Milinda
On Sat, Nov 22, 2014 at 7:06 PM, Thanuja Jayasinghe than...@wso2.com
wrote:
Hi Milinda,
If we select Use Local Claim Dialect in claim configuration section of
the IDP, role claim URI will be set to http://wso2.org/claims/role; by
default in the current implementation. So if second IS doesn't return a
value for role claim, adding user to LDAP will fail as role has no value
(Although stack trace doesn't show the actual cause).
Possible workarounds,
1. In the SP configuration of the second IS, add
http://wso2.org/claims/role; as a requested claim. So first IS will
receive a value for role claim.
2. Define a custom claim dialect between the two IS servers. This way role
claim URI value doesn't get saved unless you select it from the drop-down.
Option 1 is better in my opinion. Also we should add this to the
documentation.
Thanks,
Thanuja.
On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com
wrote:
Hi Milinda,
Seems this user is already provisioned - probably in a previous login
attempt. Could you please confirm that? If that's the case, I don't think
we have to worry about this.
Thanks,
Dulanja
On Fri, Nov 21, 2014 at 4:47 PM, Milinda Perera milin...@wso2.com
wrote:
Hi,
I was able to set up successfully SAML SSO with federated authentication
using two Identity Servers [1] and SSO works fine (with travelocity
sample). But when I enable JIT provisioning, I'm getting following
provisioning failure error (Note : SSO works fine even after enabling JIT
provisioning).
Back-end error trace:
[2014-11-21 15:21:30,053] ERROR
{org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager}
-
org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException:
Error when decoding the SAML Request.
[2014-11-21 15:21:44,790] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- User provisioning failed!
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException:
Error while provisioning user : IS2User1
at
org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:177)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handleJitProvisioning(DefaultStepBasedSequenceHandler.java:636)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handlePostAuthentication(DefaultStepBasedSequenceHandler.java:354)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:133)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:90)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Also check whether role value comes with SAML response.
On 24 Nov 2014 07:55, Thanuja Jayasinghe than...@wso2.com wrote:
Hi Milinda,
What are the reqested claims you added in second IS? Did you add the given
name also? If not please add and check. This worked for me in a fresh pack.
Thanks,
Thanuja.
On 24 Nov 2014 00:29, Milinda Perera milin...@wso2.com wrote:
Hi Thanuja Dulanja,
@Dulanja : I checked that the user does not get provisioned in primary IS.
@Thanuja : I tried workaround 1, but didn't work.
It's confusing because JIT provisioning with SAML SSO works successfully
in our test cases.
Thanks,
Milinda
On Sat, Nov 22, 2014 at 7:06 PM, Thanuja Jayasinghe than...@wso2.com
wrote:
Hi Milinda,
If we select Use Local Claim Dialect in claim configuration section of
the IDP, role claim URI will be set to http://wso2.org/claims/role; by
default in the current implementation. So if second IS doesn't return a
value for role claim, adding user to LDAP will fail as role has no value
(Although stack trace doesn't show the actual cause).
Possible workarounds,
1. In the SP configuration of the second IS, add
http://wso2.org/claims/role; as a requested claim. So first IS will
receive a value for role claim.
2. Define a custom claim dialect between the two IS servers. This way
role claim URI value doesn't get saved unless you select it from the
drop-down.
Option 1 is better in my opinion. Also we should add this to the
documentation.
Thanks,
Thanuja.
On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com
wrote:
Hi Milinda,
Seems this user is already provisioned - probably in a previous login
attempt. Could you please confirm that? If that's the case, I don't think
we have to worry about this.
Thanks,
Dulanja
On Fri, Nov 21, 2014 at 4:47 PM, Milinda Perera milin...@wso2.com
wrote:
Hi,
I was able to set up successfully SAML SSO with federated
authentication using two Identity Servers [1] and SSO works fine (with
travelocity sample). But when I enable JIT provisioning, I'm getting
following provisioning failure error (Note : SSO works fine even after
enabling JIT provisioning).
Back-end error trace:
[2014-11-21 15:21:30,053] ERROR
{org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager}
-
org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException:
Error when decoding the SAML Request.
[2014-11-21 15:21:44,790] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- User provisioning failed!
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException:
Error while provisioning user : IS2User1
at
org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:177)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handleJitProvisioning(DefaultStepBasedSequenceHandler.java:636)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handlePostAuthentication(DefaultStepBasedSequenceHandler.java:354)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:133)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:90)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi Milinda,
If we select Use Local Claim Dialect in claim configuration section of
the IDP, role claim URI will be set to http://wso2.org/claims/role; by
default in the current implementation. So if second IS doesn't return a
value for role claim, adding user to LDAP will fail as role has no value
(Although stack trace doesn't show the actual cause).
Possible workarounds,
1. In the SP configuration of the second IS, add
http://wso2.org/claims/role; as a requested claim. So first IS will receive
a value for role claim.
2. Define a custom claim dialect between the two IS servers. This way role
claim URI value doesn't get saved unless you select it from the drop-down.
Option 1 is better in my opinion. Also we should add this to the
documentation.
Thanks,
Thanuja.
On Fri, Nov 21, 2014 at 6:09 PM, Dulanja Liyanage dula...@wso2.com wrote:
Hi Milinda,
Seems this user is already provisioned - probably in a previous login
attempt. Could you please confirm that? If that's the case, I don't think
we have to worry about this.
Thanks,
Dulanja
On Fri, Nov 21, 2014 at 4:47 PM, Milinda Perera milin...@wso2.com wrote:
Hi,
I was able to set up successfully SAML SSO with federated authentication
using two Identity Servers [1] and SSO works fine (with travelocity
sample). But when I enable JIT provisioning, I'm getting following
provisioning failure error (Note : SSO works fine even after enabling JIT
provisioning).
Back-end error trace:
[2014-11-21 15:21:30,053] ERROR
{org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager}
-
org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException:
Error when decoding the SAML Request.
[2014-11-21 15:21:44,790] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- User provisioning failed!
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException:
Error while provisioning user : IS2User1
at
org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:177)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handleJitProvisioning(DefaultStepBasedSequenceHandler.java:636)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handlePostAuthentication(DefaultStepBasedSequenceHandler.java:354)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:133)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:90)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
[Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi,
I was able to set up successfully SAML SSO with federated authentication
using two Identity Servers [1] and SSO works fine (with travelocity
sample). But when I enable JIT provisioning, I'm getting following
provisioning failure error (Note : SSO works fine even after enabling JIT
provisioning).
Back-end error trace:
[2014-11-21 15:21:30,053] ERROR
{org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager}
-
org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException:
Error when decoding the SAML Request.
[2014-11-21 15:21:44,790] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- User provisioning failed!
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException:
Error while provisioning user : IS2User1
at
org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:177)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handleJitProvisioning(DefaultStepBasedSequenceHandler.java:636)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handlePostAuthentication(DefaultStepBasedSequenceHandler.java:354)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:133)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:90)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
Re: [Dev] [IS] Getting error after enabling JIT provisioning in SAML SSO federated authentication setup
Hi Milinda,
Seems this user is already provisioned - probably in a previous login
attempt. Could you please confirm that? If that's the case, I don't think
we have to worry about this.
Thanks,
Dulanja
On Fri, Nov 21, 2014 at 4:47 PM, Milinda Perera milin...@wso2.com wrote:
Hi,
I was able to set up successfully SAML SSO with federated authentication
using two Identity Servers [1] and SSO works fine (with travelocity
sample). But when I enable JIT provisioning, I'm getting following
provisioning failure error (Note : SSO works fine even after enabling JIT
provisioning).
Back-end error trace:
[2014-11-21 15:21:30,053] ERROR
{org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager}
-
org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException:
Error when decoding the SAML Request.
[2014-11-21 15:21:44,790] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- User provisioning failed!
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException:
Error while provisioning user : IS2User1
at
org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:177)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handleJitProvisioning(DefaultStepBasedSequenceHandler.java:636)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handlePostAuthentication(DefaultStepBasedSequenceHandler.java:354)
at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:133)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:90)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
