Using the 2.1.1-SNAPSHOT build, I am now able to login to the 2nd domain as the default "admin" account, but I cannot login using any other accounts even if those accounts are assigned a role with all of the privileges.
You can see the same error on the demo vm using login "testadm/password2" in domain "Two". On Sun, Jul 22, 2018 at 3:00 PM, Wyllys Ingersoll <wyllys.ingers...@keepertech.com> wrote: > Done - https://issues.apache.org/jira/browse/SYNCOPE-1342 > > thanks for confirming this, I thought I was just doing something > stupid or the documentation was missing a step or 2. > > On Sun, Jul 22, 2018 at 1:25 PM, Francesco Chicchiriccò > <ilgro...@apache.org> wrote: >> Hi, >> I have replicated your Docker-based setup, with two domains and >> 2.1.1-SNAPSHOT, found the same issue. >> >> ...that could be easily replicated by attempting to log in on the public >> demo: >> >> http://syncope-vm.apache.org:9080/syncope-console >> >> on the Two domain, with credentials admin / password2 - working via REST. >> >> Please raise an issue on JIRA: it seems that the Admin Console's login form >> does not take into account the value selected in the 'Domain' combo. >> I have verified that the problem only affects 2.1.0, as 2.0.9 works as >> expected - this means that there was something missing in the migration to >> Wicket 8. >> >> Regards. >> >> >> On 22/07/2018 17:35, Wyllys Ingersoll wrote: >>> >>> I created a role in the 2nd domain and granted it all of the >>> entitlements using the REST api, then assigned that role to a user >>> ("admin2") in the 2nd domain. Now when I attempt to login to the 2nd >>> domain on the console UI, I get the following errors in the core.log >>> file: >>> >>> Its basically complaining about the connector not having privileges to >>> authenticate anyone. Not sure how to fix this since I cant manage the >>> domain with the UI yet (chicken and egg problem?). >>> 11:21:39.265 INFO >>> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy - >>> Authenticate was attempted, although the connector only has these >>> capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action. >>> >>> >>> I can get a token for this user with the REST api and validate the >>> token and see that it does indeed have all of the required >>> entitlements, the problem seems to be with the console UI and how it >>> authenticates/authorizes users since going directly to the core for >>> authentication via REST works as expected. >>> >>> >>> >>> Full stack trace: >>> >>> java.util.concurrent.ExecutionException: >>> >>> org.identityconnectors.framework.common.exceptions.InvalidCredentialException: >>> Authentication failed for "admin2" >>> at java.util.concurrent.FutureTask.report(FutureTask.java:122) >>> ~[?:1.8.0_171] >>> at java.util.concurrent.FutureTask.get(FutureTask.java:206) ~[?:1.8.0_171] >>> at >>> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy.authenticate(ConnectorFacadeProxy.java:141) >>> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:255) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.AuthDataAccessor.authenticate(AuthDataAccessor.java:218) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.AuthDataAccessor$$FastClassBySpringCGLIB$$b4b63ada.invoke(<generated>) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>> ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294) >>> ~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98) >>> ~[spring-tx-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.apache.syncope.core.persistence.jpa.spring.DomainTransactionInterceptor.invoke(DomainTransactionInterceptor.java:60) >>> ~[syncope-core-persistence-jpa-2.1.0.jar:2.1.0] >>> at >>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.apache.syncope.core.spring.security.AuthDataAccessor$$EnhancerBySpringCGLIB$$fea6d20d.authenticate(<generated>) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.lambda$authenticate$1(UsernamePasswordAuthenticationProvider.java:123) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.AuthContextUtils.execWithAuthContext(AuthContextUtils.java:126) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.spring.security.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:123) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) >>> ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) >>> ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.apache.syncope.core.spring.security.JWTAuthenticationFilter.doFilterInternal(JWTAuthenticationFilter.java:90) >>> ~[syncope-core-spring-2.1.0.jar:2.1.0] >>> at >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) >>> ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE] >>> at >>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >>> ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) >>> ~[tomcat8-catalina-8.5.14.jar:8.5.14] >>> at >>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) >>> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >>> at >>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) >>> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >>> at >>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) >>> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) >>> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >>> at >>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >>> ~[tomcat8-coyote-8.5.14.jar:8.5.14] >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>> ~[?:1.8.0_171] >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>> ~[?:1.8.0_171] >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> ~[tomcat8-util-8.5.14.jar:8.5.14] >>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >>> Caused by: >>> org.identityconnectors.framework.common.exceptions.InvalidCredentialException: >>> Authentication failed for "admin2" >>> at >>> net.tirasa.connid.bundles.ad.authentication.ADAuthenticate.authenticate(ADAuthenticate.java:74) >>> ~[?:?] >>> at >>> net.tirasa.connid.bundles.ad.ADConnector.authenticate(ADConnector.java:243) >>> ~[?:?] >>> at >>> org.identityconnectors.framework.impl.api.local.operations.AuthenticationImpl.authenticate(AuthenticationImpl.java:85) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> ~[?:1.8.0_171] >>> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >>> at >>> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >>> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> ~[?:1.8.0_171] >>> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >>> at >>> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >>> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> ~[?:1.8.0_171] >>> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >>> at >>> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >>> at sun.reflect.GeneratedMethodAccessor655.invoke(Unknown Source) ~[?:?] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> ~[?:1.8.0_171] >>> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171] >>> at >>> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at com.sun.proxy.$Proxy278.authenticate(Unknown Source) ~[?:?] >>> at >>> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.authenticate(AbstractConnectorFacade.java:235) >>> ~[connector-framework-internal-1.4.4.0.jar:?] >>> at >>> org.apache.syncope.core.provisioning.java.AsyncConnectorFacade.authenticate(AsyncConnectorFacade.java:56) >>> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >>> at >>> org.apache.syncope.core.provisioning.java.AsyncConnectorFacade$$FastClassBySpringCGLIB$$886ae36a.invoke(<generated>) >>> ~[syncope-core-provisioning-java-2.1.0.jar:2.1.0] >>> at >>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>> ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at >>> org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115) >>> ~[spring-aop-5.0.7.RELEASE.jar:5.0.7.RELEASE] >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_171] >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>> ~[?:1.8.0_171] >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>> ~[?:1.8.0_171] >>> ... 1 more >>> 11:21:39.265 INFO >>> org.apache.syncope.core.provisioning.java.ConnectorFacadeProxy - >>> Authenticate was attempted, although the connector only has these >>> capabilities: [SEARCH, DELETE, SYNC, UPDATE]. No action. >> >> >> -- >> Francesco Chicchiriccò >> >> Tirasa - Open Source Excellence >> http://www.tirasa.net/ >> >> Member at The Apache Software Foundation >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail >> http://home.apache.org/~ilgrosso/ >>