Done - https://issues.apache.org/jira/browse/SYNCOPE-1342
thanks for confirming this, I thought I was just doing something stupid or the documentation was missing a step or 2. On Sun, Jul 22, 2018 at 1:25 PM, Francesco Chicchiriccò <ilgro...@apache.org> wrote: > Hi, > I have replicated your Docker-based setup, with two domains and > 2.1.1-SNAPSHOT, found the same issue. > > ...that could be easily replicated by attempting to log in on the public > demo: > > http://syncope-vm.apache.org:9080/syncope-console > > on the Two domain, with credentials admin / password2 - working via REST. > > Please raise an issue on JIRA: it seems that the Admin Console's login form > does not take into account the value selected in the 'Domain' combo. > I have verified that the problem only affects 2.1.0, as 2.0.9 works as > expected - this means that there was something missing in the migration to > Wicket 8. > > Regards. > > > On 22/07/2018 17:35, Wyllys Ingersoll wrote: >> >> I created a role in the 2nd domain and granted it all of the >> entitlements using the REST api, then assigned that role to a user >> ("admin2") in the 2nd domain. Now when I attempt to login to the 2nd >> domain on the console UI, I get the following errors in the core.log >> file: >> >> Its basically complaining about the connector not having privileges to >> authenticate anyone. Not sure how to fix this since I cant manage the >> domain with the UI yet (chicken and egg problem?). >> 11:21:39.265 INFO >> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy - >> Authenticate was attempted, although the connector only has these >> capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action. >> >> >> I can get a token for this user with the REST api and validate the >> token and see that it does indeed have all of the required >> entitlements, the problem seems to be with the console UI and how it >> authenticates/authorizes users since going directly to the core for >> authentication via REST works as expected. >> >> >> >> Full stack trace: >> >> java.util.concurrent.ExecutionException: >> >> org.identityconnectors.framework.common.exceptions.InvalidCredentialException: >> Authentication failed for "admin2" >> at java.util.concurrent.FutureTask.report(FutureTask.java:122) >> ~[?:1.8.0_171] >> at java.util.concurrent.FutureTask.get(FutureTask.java:206) ~[?:1.8.0_171] >> at >> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy.authenticate(ConnectorFacadeProxy.java:141) >> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:255) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:218) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.AuthDataAccessor$$FastClassBySpringCGLIB$$b4b63ada.invoke(<generated>) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >> ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294) >> ~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98) >> ~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:60) >> ~[syncope-core-persistence-jpa-2.1.0.jar:2.1.0] >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$fea6d20d.authenticate(<generated>) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.lambda$authenticate$1(UsernamePasswordAuthenticationProvider.java:123) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:126) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:123) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) >> ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) >> ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.apache.syncope.core.spring.security.JWTAuthenticationFilter.doFilterInternal(JWTAuthenticationFilter.java:90) >> ~[syncope-core-spring-2.1.0.jar:2.1.0] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) >> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) >> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >> at >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) >> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >> at >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) >> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >> at >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) >> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) >> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >> at >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> ~[?:1.8.0_171] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> ~[?:1.8.0_171] >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> ~[tomcat8-util-8.5.14.jar:8.5.14] >> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >> Caused by: >> org.identityconnectors.framework.common.exceptions.InvalidCredentialException: >> Authentication failed for "admin2" >> at >> net.tirasa.connid.bundles.ad.authentication.ADAuthenticate.authenticate(ADAuthenticate.java:74) >> ~[?:?] >> at >> net.tirasa.connid.bundles.ad.ADConnector.authenticate(ADConnector.java:243) >> ~[?:?] >> at >> org.identityconnectors.framework.impl.api.local.operations.AuthenticationImpl.authenticate(AuthenticationImpl.java:85) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[?:1.8.0_171] >> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >> at >> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[?:1.8.0_171] >> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >> at >> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[?:1.8.0_171] >> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >> at >> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[?:1.8.0_171] >> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >> at >> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >> at >> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.authenticate(AbstractConnectorFacade.java:235) >> ~[connector-framework-internal-1.4.4.0.jar:?] >> at >> org.apache.syncope.core.provisioning.java.AsyncConnectorFacade.authenticate(AsyncConnectorFacade.java:56) >> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >> at >> org.apache.syncope.core.provisioning.java.AsyncConnectorFacade$$FastClassBySpringCGLIB$$886ae36a.invoke(<generated>) >> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >> at >> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >> ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at >> org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115) >> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_171] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> ~[?:1.8.0_171] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> ~[?:1.8.0_171] >> ... 1 more >> 11:21:39.265 INFO >> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy - >> Authenticate was attempted, although the connector only has these >> capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action. > > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ >