Error using Certificate Authentication

By: David Harris user 18 Dec 2019 at 12:05 p.m. CST

2 Responses
David Harris gravatar
Hi, I have Gluu 4.0 installed and I’m trying to get Certificate authentication working. I’ve followed the instructions here: https://gluu.org/docs/ce/authn-guide/cert-auth/ and set up my Default oxTrust authentication mode to be ‘Cert’. Next I try to access a site that is using the gluu server for authentication via SAML. I get redirected to the ‘auth/cert/login.htm’ page which asks me to click the login button and then choose my cert. I do so and I am presented with the dialog box asking me to choose a cert and all the certs I expect to see are there. After choosing a certificate I get an error screen. I see that the cert.py script seems to be throwing an error when attempting to process the cert: ``` Traceback (most recent call last): File "cert.py", line 241, in prepareForStep File "cert.py", line 370, in certFromPemString File "cert.py", line 366, in certFromString AttributeError: type object 'org.gluu.oxauth.util.CertUtil' has no attribute 'x509CertificateFromBytes' at org.python.core.Py.AttributeError(Py.java:207) at org.python.core.PyType.noAttributeError(PyType.java:1994) at org.python.core.PyObject.__getattr__(PyObject.java:1027) at org.python.pycode._pyx1.certFromString$19(cert.py:366) at org.python.pycode._pyx1.call_function(cert.py) at org.python.core.PyTableCode.call(PyTableCode.java:171) at org.python.core.PyBaseCode.call(PyBaseCode.java:154) ``` … I’m not sure if I did something wrong during the set up or how I should correct this error, does anyone have any idea? Thanks David
Gluu 4.0 CentOS 7.0
closed

Answers

By David Harris user 20 Dec 2019 at 9:11 p.m. CST

Copy
David Harris gravatar
The x509CertificateFromBytes method was removed from the CertUtil class in commit ‘aacbf5de51a9d510b12125010231c930a2732c9c’ (back when it was in the org.xdi.oxauth.util and not the org.gluu.oxauth.util package). The python script ‘UserCertExternalAuthenticator.py’ was still referencing the x509CertificateFromBytes method and that is what was causing the error. I was able to get it working again by changing the script using in the following ways: First I added these imports: ``` from java.security.cert import CertificateFactory from java.io import ByteArrayInputStream ``` Then I changed: ``` def certFromString(self, x509CertificateEncoded): x509CertificateDecoded = base64.b64decode(x509CertificateEncoded) return CertUtil.x509CertificateFromBytes(x509CertificateDecoded) ``` To: ``` def certFromString(self, x509CertificateEncoded): x509CertificateDecoded = base64.b64decode(x509CertificateEncoded) certFactory = CertificateFactory.getInstance("X.509"); return certFactory.generateCertificate(ByteArrayInputStream(x509CertificateDecoded)); ``` I’m not sure if that is the best way or not but it works and only required a change to the .py script. David

By Yuriy Movchan staff 21 Dec 2019 at 2:39 a.m. CST

Copy
Yuriy Movchan gravatar
Hi, You are tight. We moved this method to `from org.gluu.oxauth.model.util import CertUtils` during work on MLTS update. Thank you for informing us about this wrong import!

Post an answer