I created a role in the 2nd domain and granted it all of the
entitlements using the REST api, then assigned that role to a user
("admin2") in the 2nd domain. Now when I attempt to login to the 2nd
domain on the console UI, I get the following errors in the core.log
file:
Its basically complaining about the connector not having privileges to
authenticate anyone. Not sure how to fix this since I cant manage the
domain with the UI yet (chicken and egg problem?).
11:21:39.265 INFO
org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy -
Authenticate was attempted, although the connector only has these
capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action.
I can get a token for this user with the REST api and validate the
token and see that it does indeed have all of the required
entitlements, the problem seems to be with the console UI and how it
authenticates/authorizes users since going directly to the core for
authentication via REST works as expected.
Full stack trace:
java.util.concurrent.ExecutionException:
org.identityconnectors.framework.common.exceptions.InvalidCredentialException:
Authentication failed for "admin2"
at java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[?:1.8.0_171]
at java.util.concurrent.FutureTask.get(FutureTask.java:206) ~[?:1.8.0_171]
at
org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy.authenticate(ConnectorFacadeProxy.java:141)
~[syncope-core-provisioning-java-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:255)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:218)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.AuthDataAccessor$$FastClassBySpringCGLIB$$b4b63ada.invoke(<generated>)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)
~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:60)
~[syncope-core-persistence-jpa-2.1.0.jar:2.1.0]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$fea6d20d.authenticate(<generated>)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.lambda$authenticate$1(UsernamePasswordAuthenticationProvider.java:123)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:126)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:123)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.apache.syncope.core.spring.security.JWTAuthenticationFilter.doFilterInternal(JWTAuthenticationFilter.java:90)
~[syncope-core-spring-2.1.0.jar:2.1.0]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
~[tomcat8-catalina-8.5.14.jar:8.5.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat8-coyote-8.5.14.jar:8.5.14]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_171]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_171]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat8-util-8.5.14.jar:8.5.14]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by:
org.identityconnectors.framework.common.exceptions.InvalidCredentialException:
Authentication failed for "admin2"
at
net.tirasa.connid.bundles.ad.authentication.ADAuthenticate.authenticate(ADAuthenticate.java:74)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.authenticate(ADConnector.java:243)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.AuthenticationImpl.authenticate(AuthenticationImpl.java:85)
~[connector-framework-internal-1.4.4.0.jar:?]
at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.4.0.jar:?]
at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.4.0.jar:?]
at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
~[connector-framework-internal-1.4.4.0.jar:?]
at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
~[connector-framework-internal-1.4.4.0.jar:?]
at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?]
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.authenticate(AbstractConnectorFacade.java:235)
~[connector-framework-internal-1.4.4.0.jar:?]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade.authenticate(AsyncConnectorFacade.java:56)
~[syncope-core-provisioning-java-2.1.0.jar:2.1.0]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade$$FastClassBySpringCGLIB$$886ae36a.invoke(<generated>)
~[syncope-core-provisioning-java-2.1.0.jar:2.1.0]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at
org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_171]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_171]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_171]
... 1 more
11:21:39.265 INFO
org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy -
Authenticate was attempted, although the connector only has these
capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action.
