subject:"\[Dev\] Exception in Facebook Federated Authentication"

Re: [Dev] Exception in Facebook Federated Authentication

2018-09-17 Thread Tharindu Edirisinghe

I'm adding Mathuriga and Nadeeshani to this thread as similar issue is
reported in the non-federated flow as well.

On Mon, Apr 16, 2018 at 3:13 PM Omindu Rathnaweera  wrote:

> On Mon, Apr 16, 2018 at 5:45 AM, Darshana Gunawardana 
> wrote:
>
>> AFAIR, this seems to be an issue with handling email type usernames
>> without enabling email usernames..
>>
>> Anyhow we have discussed to fix this from the sso consent
>> implementation.. @Omindu: Do we have any git issue related to this?
>>
>
> During SSO, we perform all the consent API related invocations after
> starting a tenant flow and setting the authenticated username the carbon
> context. I guess we can set the username accordingly based on whether the
> email username is enabled or not when setting the user to the context.
>
> Created https://github.com/wso2/product-is/issues/3079 to track this.
>
>
>> Thanks,
>>
>> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <
>> gmgunaward...@gmail.com> wrote:
>>
>>>
>>> Hi Tharindu,
>>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe <
>>> tharin...@wso2.com> wrote:
>>>
 Hi Gayan,

 It seems the error is coming form the consent management feature. If
 you don't require this feature, you can simply turn it off from the
 following property in identity.xml file.

 
 
 *false*
 
 

 Alternatively you can turn off the following listener from identity.xml
 file too for getting rid of the issue.

 >>> type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
 name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
 orderId="110" *enable*="*false*" />

>>>
 I could reproduce the same behavior and by setting any of the above
 configs, I could avoid the error and successfully authenticate the SP app
 (travelocity) with FB IDP.

>>> Thanks for the explanation. I have already disabled consent management
>>> to get it work. I suppose globally disabling consent management feature or
>>> disabling the listener would not be a good solution.
>>>

 @IAM Team - If we keep using the consent management feature, do we need
 any additional configuration? May be claim configuration to map the
 particular user claims which should require obtaining user consent?

>>>
 Thanks,
 TharinduE

 On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
 gmgunaward...@gmail.com> wrote:

> Hi All,
>
> I have configured travelocity.com sample application as SAML inbound
> and Facebook as federated authenticator for IS-5.5.0. After adding 
> Facebook
> credentials, got below UI.
>
>
> After enabling debug logs found below exception. Is there any further
> configuration I have to do to get it work ?
>
> [2018-04-14 20:25:49,655] ERROR
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  
> Error
> occurred while accessing Java Security Manager Privilege Block
> [2018-04-14 20:25:49,658] ERROR
> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
> -  Error occurred while evaluating post authentication
> org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException:
> Error occurred while retrieving consent data of user:
> gmgunaward...@gmail.com for service provider: CafeLebens-Sample in
> tenant domain: carbon.super.
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(ConsentMgtPostAuthnHandler.java:106)
> at
> org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.executePostAuthnHandler(PostAuthenticationMgtService.java:109)
> at
> org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.handlePostAuthentication(PostAuthenticationMgtService.java:78)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:134)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:157)
> at
>

Re: [Dev] Exception in Facebook Federated Authentication

2018-04-16 Thread Omindu Rathnaweera

On Mon, Apr 16, 2018 at 5:45 AM, Darshana Gunawardana 
wrote:

> AFAIR, this seems to be an issue with handling email type usernames
> without enabling email usernames..
>
> Anyhow we have discussed to fix this from the sso consent implementation..
> @Omindu: Do we have any git issue related to this?
>

During SSO, we perform all the consent API related invocations after
starting a tenant flow and setting the authenticated username the carbon
context. I guess we can set the username accordingly based on whether the
email username is enabled or not when setting the user to the context.

Created https://github.com/wso2/product-is/issues/3079 to track this.


> Thanks,
>
> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <
> gmgunaward...@gmail.com> wrote:
>
>>
>> Hi Tharindu,
>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe > > wrote:
>>
>>> Hi Gayan,
>>>
>>> It seems the error is coming form the consent management feature. If you
>>> don't require this feature, you can simply turn it off from the following
>>> property in identity.xml file.
>>>
>>> 
>>> 
>>> *false*
>>> 
>>>
>>> Alternatively you can turn off the following listener from identity.xml
>>> file too for getting rid of the issue.
>>>
>>> 
>>>
>>
>>> I could reproduce the same behavior and by setting any of the above
>>> configs, I could avoid the error and successfully authenticate the SP app
>>> (travelocity) with FB IDP.
>>>
>> Thanks for the explanation. I have already disabled consent management to
>> get it work. I suppose globally disabling consent management feature or
>> disabling the listener would not be a good solution.
>>
>>>
>>> @IAM Team - If we keep using the consent management feature, do we need
>>> any additional configuration? May be claim configuration to map the
>>> particular user claims which should require obtaining user consent?
>>>
>>
>>> Thanks,
>>> TharinduE
>>>
>>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>>> gmgunaward...@gmail.com> wrote:
>>>
 Hi All,

 I have configured travelocity.com sample application as SAML inbound
 and Facebook as federated authenticator for IS-5.5.0. After adding Facebook
 credentials, got below UI.


 After enabling debug logs found below exception. Is there any further
 configuration I have to do to get it work ?

 [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
 horization.JDBCAuthorizationManager} -  Error occurred while accessing
 Java Security Manager Privilege Block
 [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
 ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
 -  Error occurred while evaluating post authentication
 org.wso2.carbon.identity.application.authentication.framewor
 k.exception.PostAuthenticationFailedException: Error occurred while
 retrieving consent data of user: gmgunaward...@gmail.com for service
 provider: CafeLebens-Sample in tenant domain: carbon.super.
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
 ndlePreConsent(ConsentMgtPostAuthnHandler.java:201)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
 ndle(ConsentMgtPostAuthnHandler.java:106)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.services.PostAuthenticationMgtService.executePostAuthnHand
 ler(PostAuthenticationMgtService.java:109)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.services.PostAuthenticationMgtService.handlePostAuthentica
 tion(PostAuthenticationMgtService.java:78)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultAuthenticationRequestHandler.h
 andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultAuthenticationRequestHandler.h
 andle(DefaultAuthenticationRequestHandler.java:134)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
 ultRequestCoordinator.java:157)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
 ationServlet.java:53)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
 tionServlet.java:43)

 Thanks,
 Gayan

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Senior

Re: [Dev] Exception in Facebook Federated Authentication

2018-04-15 Thread gayan gunawardana

On Mon, Apr 16, 2018 at 9:15 AM, Darshana Gunawardana 
wrote:

> AFAIR, this seems to be an issue with handling email type usernames
> without enabling email usernames..
>
Thanks Darshana for the input. It looks like that. I will configure some
other attribute (other than email) as subject identifier and see.

>
> Anyhow we have discussed to fix this from the sso consent implementation..
> @Omindu: Do we have any git issue related to this?
>
> Thanks,
>
> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <
> gmgunaward...@gmail.com> wrote:
>
>>
>> Hi Tharindu,
>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe > > wrote:
>>
>>> Hi Gayan,
>>>
>>> It seems the error is coming form the consent management feature. If you
>>> don't require this feature, you can simply turn it off from the following
>>> property in identity.xml file.
>>>
>>> 
>>> 
>>> *false*
>>> 
>>>
>>> Alternatively you can turn off the following listener from identity.xml
>>> file too for getting rid of the issue.
>>>
>>> 
>>>
>>
>>> I could reproduce the same behavior and by setting any of the above
>>> configs, I could avoid the error and successfully authenticate the SP app
>>> (travelocity) with FB IDP.
>>>
>> Thanks for the explanation. I have already disabled consent management to
>> get it work. I suppose globally disabling consent management feature or
>> disabling the listener would not be a good solution.
>>
>>>
>>> @IAM Team - If we keep using the consent management feature, do we need
>>> any additional configuration? May be claim configuration to map the
>>> particular user claims which should require obtaining user consent?
>>>
>>
>>> Thanks,
>>> TharinduE
>>>
>>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>>> gmgunaward...@gmail.com> wrote:
>>>
 Hi All,

 I have configured travelocity.com sample application as SAML inbound
 and Facebook as federated authenticator for IS-5.5.0. After adding Facebook
 credentials, got below UI.


 After enabling debug logs found below exception. Is there any further
 configuration I have to do to get it work ?

 [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
 horization.JDBCAuthorizationManager} -  Error occurred while accessing
 Java Security Manager Privilege Block
 [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
 ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
 -  Error occurred while evaluating post authentication
 org.wso2.carbon.identity.application.authentication.framewor
 k.exception.PostAuthenticationFailedException: Error occurred while
 retrieving consent data of user: gmgunaward...@gmail.com for service
 provider: CafeLebens-Sample in tenant domain: carbon.super.
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
 ndlePreConsent(ConsentMgtPostAuthnHandler.java:201)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.ha
 ndle(ConsentMgtPostAuthnHandler.java:106)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.services.PostAuthenticationMgtService.executePostAuthnHand
 ler(PostAuthenticationMgtService.java:109)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.services.PostAuthenticationMgtService.handlePostAuthentica
 tion(PostAuthenticationMgtService.java:78)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultAuthenticationRequestHandler.h
 andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultAuthenticationRequestHandler.h
 andle(DefaultAuthenticationRequestHandler.java:134)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
 ultRequestCoordinator.java:157)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
 ationServlet.java:53)
 at org.wso2.carbon.identity.application.authentication.framewor
 k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
 tionServlet.java:43)

 Thanks,
 Gayan

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Senior Software Engineer | WSO2 Inc
>>> Platform Security Team
>>> Blog : http://tharindue.blogspot.com
>>> mobile : +94 775181586
>>>
>>
>>
>>
>> --
>> Gayan
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
>

Re: [Dev] Exception in Facebook Federated Authentication

2018-04-15 Thread Darshana Gunawardana

AFAIR, this seems to be an issue with handling email type usernames without
enabling email usernames..

Anyhow we have discussed to fix this from the sso consent implementation..
@Omindu: Do we have any git issue related to this?

Thanks,

On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana 
wrote:

>
> Hi Tharindu,
> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe 
> wrote:
>
>> Hi Gayan,
>>
>> It seems the error is coming form the consent management feature. If you
>> don't require this feature, you can simply turn it off from the following
>> property in identity.xml file.
>>
>> 
>> 
>> *false*
>> 
>>
>> Alternatively you can turn off the following listener from identity.xml
>> file too for getting rid of the issue.
>>
>> > />
>>
>
>> I could reproduce the same behavior and by setting any of the above
>> configs, I could avoid the error and successfully authenticate the SP app
>> (travelocity) with FB IDP.
>>
> Thanks for the explanation. I have already disabled consent management to
> get it work. I suppose globally disabling consent management feature or
> disabling the listener would not be a good solution.
>
>>
>> @IAM Team - If we keep using the consent management feature, do we need
>> any additional configuration? May be claim configuration to map the
>> particular user claims which should require obtaining user consent?
>>
>
>> Thanks,
>> TharinduE
>>
>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>> gmgunaward...@gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> I have configured travelocity.com sample application as SAML inbound
>>> and Facebook as federated authenticator for IS-5.5.0. After adding Facebook
>>> credentials, got below UI.
>>>
>>>
>>> After enabling debug logs found below exception. Is there any further
>>> configuration I have to do to get it work ?
>>>
>>> [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
>>> horization.JDBCAuthorizationManager} -  Error occurred while accessing
>>> Java Security Manager Privilege Block
>>> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>>> -  Error occurred while evaluating post authentication
>>> org.wso2.carbon.identity.application.authentication.framewor
>>> k.exception.PostAuthenticationFailedException: Error occurred while
>>> retrieving consent data of user: gmgunaward...@gmail.com for service
>>> provider: CafeLebens-Sample in tenant domain: carbon.super.
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
>>> handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
>>> handle(ConsentMgtPostAuthnHandler.java:106)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.services.PostAuthenticationMgtService.executePostAuthnHand
>>> ler(PostAuthenticationMgtService.java:109)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.services.PostAuthenticationMgtService.handlePostAuthentica
>>> tion(PostAuthenticationMgtService.java:78)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>> andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>> andle(DefaultAuthenticationRequestHandler.java:134)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
>>> ultRequestCoordinator.java:157)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
>>> ationServlet.java:53)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
>>> tionServlet.java:43)
>>>
>>> Thanks,
>>> Gayan
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586
>>
>
>
>
> --
> Gayan
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exception in Facebook Federated Authentication

2018-04-15 Thread gayan gunawardana

Hi Tharindu,
On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe 
wrote:

> Hi Gayan,
>
> It seems the error is coming form the consent management feature. If you
> don't require this feature, you can simply turn it off from the following
> property in identity.xml file.
>
> 
> 
> *false*
> 
>
> Alternatively you can turn off the following listener from identity.xml
> file too for getting rid of the issue.
>
>  type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
> name="org.wso2.carbon.identity.application.authentication.framework.
> handler.request.impl.consent.ConsentMgtPostAuthnHandler" orderId="110"
> *enable*="*false*" />
>

> I could reproduce the same behavior and by setting any of the above
> configs, I could avoid the error and successfully authenticate the SP app
> (travelocity) with FB IDP.
>
Thanks for the explanation. I have already disabled consent management to
get it work. I suppose globally disabling consent management feature or
disabling the listener would not be a good solution.

>
> @IAM Team - If we keep using the consent management feature, do we need
> any additional configuration? May be claim configuration to map the
> particular user claims which should require obtaining user consent?
>

> Thanks,
> TharinduE
>
> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
> gmgunaward...@gmail.com> wrote:
>
>> Hi All,
>>
>> I have configured travelocity.com sample application as SAML inbound and
>> Facebook as federated authenticator for IS-5.5.0. After adding Facebook
>> credentials, got below UI.
>>
>>
>> After enabling debug logs found below exception. Is there any further
>> configuration I have to do to get it work ?
>>
>> [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
>> horization.JDBCAuthorizationManager} -  Error occurred while accessing
>> Java Security Manager Privilege Block
>> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>> -  Error occurred while evaluating post authentication
>> org.wso2.carbon.identity.application.authentication.framewor
>> k.exception.PostAuthenticationFailedException: Error occurred while
>> retrieving consent data of user: gmgunaward...@gmail.com for service
>> provider: CafeLebens-Sample in tenant domain: carbon.super.
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.handler.request.impl.consent.ConsentMgtPostAuthnHan
>> dler.handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.handler.request.impl.consent.ConsentMgtPostAuthnHan
>> dler.handle(ConsentMgtPostAuthnHandler.java:106)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.services.PostAuthenticationMgtService.executePostAuthnHand
>> ler(PostAuthenticationMgtService.java:109)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.services.PostAuthenticationMgtService.handlePostAuthentica
>> tion(PostAuthenticationMgtService.java:78)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>> andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.handler.request.impl.DefaultAuthenticationRequestHandler.
>> handle(DefaultAuthenticationRequestHandler.java:134)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
>> ultRequestCoordinator.java:157)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
>> ationServlet.java:53)
>> at org.wso2.carbon.identity.application.authentication.framewor
>> k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
>> tionServlet.java:43)
>>
>> Thanks,
>> Gayan
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : http://tharindue.blogspot.com
> mobile : +94 775181586
>



-- 
Gayan
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exception in Facebook Federated Authentication

2018-04-15 Thread Tharindu Edirisinghe

Hi Gayan,

It seems the error is coming form the consent management feature. If you
don't require this feature, you can simply turn it off from the following
property in identity.xml file.



*false*


Alternatively you can turn off the following listener from identity.xml
file too for getting rid of the issue.



I could reproduce the same behavior and by setting any of the above
configs, I could avoid the error and successfully authenticate the SP app
(travelocity) with FB IDP.

@IAM Team - If we keep using the consent management feature, do we need any
additional configuration? May be claim configuration to map the particular
user claims which should require obtaining user consent?

Thanks,
TharinduE

On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana 
wrote:

> Hi All,
>
> I have configured travelocity.com sample application as SAML inbound and
> Facebook as federated authenticator for IS-5.5.0. After adding Facebook
> credentials, got below UI.
>
>
> After enabling debug logs found below exception. Is there any further
> configuration I have to do to get it work ?
>
> [2018-04-14 20:25:49,655] ERROR 
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
> -  Error occurred while accessing Java Security Manager Privilege Block
> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.
> application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
> -  Error occurred while evaluating post authentication
> org.wso2.carbon.identity.application.authentication.framework.exception.
> PostAuthenticationFailedException: Error occurred while retrieving
> consent data of user: gmgunaward...@gmail.com for service provider:
> CafeLebens-Sample in tenant domain: carbon.super.
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
> handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(
> ConsentMgtPostAuthnHandler.java:106)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.executePostAuthnHandler(
> PostAuthenticationMgtService.java:109)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.handlePostAuthentication(
> PostAuthenticationMgtService.java:78)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.
> handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(
> DefaultAuthenticationRequestHandler.java:134)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultRequestCoordinator.handle(
> DefaultRequestCoordinator.java:157)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doPost(
> CommonAuthenticationServlet.java:53)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doGet(
> CommonAuthenticationServlet.java:43)
>
> Thanks,
> Gayan
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Exception in Facebook Federated Authentication

2018-04-14 Thread gayan gunawardana

Hi All,

I have configured travelocity.com sample application as SAML inbound and
Facebook as federated authenticator for IS-5.5.0. After adding Facebook
credentials, got below UI.


After enabling debug logs found below exception. Is there any further
configuration I have to do to get it work ?

[2018-04-14 20:25:49,655] ERROR
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Error
occurred while accessing Java Security Manager Privilege Block
[2018-04-14 20:25:49,658] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
-  Error occurred while evaluating post authentication
org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException:
Error occurred while retrieving consent data of user:
gmgunaward...@gmail.com for service provider: CafeLebens-Sample in tenant
domain: carbon.super.
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(ConsentMgtPostAuthnHandler.java:106)
at
org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.executePostAuthnHandler(PostAuthenticationMgtService.java:109)
at
org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.handlePostAuthentication(PostAuthenticationMgtService.java:78)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:134)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:157)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:43)

Thanks,
Gayan
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exception in Facebook Federated Authentication

Re: [Dev] Exception in Facebook Federated Authentication

Re: [Dev] Exception in Facebook Federated Authentication

Re: [Dev] Exception in Facebook Federated Authentication

Re: [Dev] Exception in Facebook Federated Authentication

Re: [Dev] Exception in Facebook Federated Authentication

[Dev] Exception in Facebook Federated Authentication

7 matches

Site Navigation

Mail list logo

Footer information