The reason it was reverting back to the Master domain was due to the
browser automatically re-populating the fields, I've fixed that issue
but still cannot login to the 2nd domain.
I have verified that the password is correct and I can get a token
using the /rest/accessTokens API with the 2nd domain admin/password.
I still cannot login to the 2nd domain as an administrator with the
"admin" account (using the password for the 2nd domain admin).
syncope-console only appears to authenticate users defined in the
Master domain, not the new one.
The core log shows the following error when trying to use the "admin"
login to the 2nd domain (with the correct password for 2nd domain):
10:48:37.808 WARN
org.apache.syncope.core.spring.security.DefaultCredentialChecker - The
default adminPassword property is being used. This must be changed to
avoid a security breach!
NOTE: I am testing all of this on a private network, so Im not
concerned about the default password/security stuff at this point, Im
just trying to get it to all work as expected.
I created a 2nd account in the new domain with a new name and password
using the swagger API and when I try to use that to login to the admin
console, it also fails but the core log never shows any error when
using accounts other than "admin".
So far:
1. I know that the admin and password for the 2nd domain are valid
because I can get a token and verify that it has the required
entitlements using the REST api(s).
2. I cannot use the "admin" account to login to the 2nd domain on the console UI
3. I can create new accounts in the 2nd domain using REST api and the
2nd domain "admin" account, but cannot login to the console UI with
those either.
- perhaps I need to create a new Role in the 2nd domain and give it
all of the entitlements required to be an administrator, then assign
that role to the new account?
The stack trace in the console log - any login ("admin" or other
accounts from 2nd domain) from the new domain generates this:
14:48:37.815 ERROR
org.apache.syncope.client.console.SyncopeConsoleSession -
Authentication failed
java.security.AccessControlException: Remote unauthorized exception
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:61)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
~[cxf-rt-rs-client-3.2.5.jar:3.2.5]
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:875)
~[cxf-rt-rs-client-3.2.5.jar:3.2.5]
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:788)
~[cxf-rt-rs-client-3.2.5.jar:3.2.5]
at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)
~[cxf-rt-rs-client-3.2.5.jar:3.2.5]
at com.sun.proxy.$Proxy75.login(Unknown Source) ~[?:?]
at org.apache.syncope.client.lib.SyncopeClient.init(SyncopeClient.java:111)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at org.apache.syncope.client.lib.SyncopeClient.<init>(SyncopeClient.java:83)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at
org.apache.syncope.client.lib.SyncopeClientFactoryBean.create(SyncopeClientFactoryBean.java:287)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at
org.apache.syncope.client.lib.SyncopeClientFactoryBean.create(SyncopeClientFactoryBean.java:260)
~[syncope-client-lib-2.1.0.jar:2.1.0]
at
org.apache.syncope.client.console.SyncopeConsoleSession.authenticate(SyncopeConsoleSession.java:148)
~[syncope-client-console-2.1.0.jar:2.1.0]
at
org.apache.wicket.authroles.authentication.AuthenticatedWebSession.signIn(AuthenticatedWebSession.java:66)
~[wicket-auth-roles-8.0.0.jar:8.0.0]
at org.apache.syncope.client.console.pages.Login$1.onSubmit(Login.java:118)
~[syncope-client-console-2.1.0.jar:2.1.0]
at
org.apache.wicket.ajax.markup.html.form.AjaxButton$1.onSubmit(AjaxButton.java:113)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter.onSubmit(AjaxFormSubmitBehavior.java:223)
~[wicket-core-8.0.0.jar:8.0.0]
at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:778)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.ajax.form.AjaxFormSubmitBehavior.onEvent(AjaxFormSubmitBehavior.java:176)
~[wicket-core-8.0.0.jar:8.0.0]
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:127)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:306)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:280)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:222)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:208)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)
~[wicket-request-8.0.0.jar:8.0.0]
at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)
~[wicket-native-websocket-core-8.0.0.jar:8.0.0]
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)
~[wicket-core-8.0.0.jar:8.0.0]
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
~[wicket-core-8.0.0.jar:8.0.0]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_171]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_171]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat8-util-8.5.14.jar:8.5.14]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
On Sat, Jul 21, 2018 at 8:20 AM, Francesco Chicchiriccò
<[email protected]> wrote:
> On 21/07/2018 13:44, Wyllys Ingersoll wrote:
>>
>> I followed the guide and have setup using the docker containers from
>> docker-hub apache/syncope, not maven.
>>
>> I setup a 2nd database and redeployed the core and the console apps.
>> Now I ca see the new domain when I query the /rest/domains endpoint.
>>
>> At this point I can even login to the new domain and get a token, so I
>> have gotten further than when I wrote the original question to the
>> list here.
>>
>> The issue now is that the admin UI (syncope-console) displays both
>> domains in the drop-down widget on the login page, but even if I
>> select the new domain and use the right credentials, it still logs
>> into the Master domain, not the new one.
>
>
> This sounds quite odd: could you please clear out Core and Console logs,
> then attempt to log in to the new domain from the Admin Console?
>
> Hopefully you'll get some stacktrace which should explain such a behavior.
>
> Regards.
>
>
