Intermittent 403 Errors during Registration and Authentication

By: Marcus Masciarelli named 10 Feb 2021 at 4:33 p.m. CST

2 Responses
Marcus Masciarelli gravatar
I'm running gluu docker locally via pygluu-compose and hitting it with jmeter tests. Most of the time the test complete successfully but on some runs I hit 403 errors on either or registaration or authentication. ### Example requests #### Registration `POST https://test.gluu.org/oxauth/restv1/fido/u2f/registration` POST data: ``` tokenResponse=%7B%22registrationData%22%3A%22BQRvTjnPiMAHrlB8IgigTwpjnkFRdgo4dnlLvA3vjzEwMMzqoJi2olhr2h16ug_DjCju0PgksVJasnUvZEUoBwWFJDEyMTAxYzE0LThjYzctNGVlMi1hM2JmLTQxM2IyODQ1Mjg0MzCCAhQwggG3oAMCAQICBAUfqREwDAYIKoZIzj0EAwIFADB-MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTU4xFDASBgNVBAcTC0Jsb29taW5ndG9uMRgwFgYDVQQKEw9Nb3JwaG9UcnVzdCBVU0ExGDAWBgNVBAsTD0NvbW1vbiBTZXJ2aWNlczEYMBYGA1UEAxMPbW9ycGhvdHJ1c3QuY29tMB4XDTE3MTEyMTIxMjkxM1oXDTE4MDIxOTIxMjkxM1owfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1OMRQwEgYDVQQHEwtCbG9vbWluZ3RvbjEYMBYGA1UEChMPTW9ycGhvVHJ1c3QgVVNBMRgwFgYDVQQLEw9Db21tb24gU2VydmljZXMxGDAWBgNVBAMTD21vcnBob3RydXN0LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG9OOc-IwAeuUHwiCKBPCmOeQVF2Cjh2eUu8De-PMTAwzOqgmLaiWGvaHXq6D8OMKO7Q-CSxUlqydS9kRSgHBYWjITAfMB0GA1UdDgQWBBSsPXTKPSlxTX9UVoDYa9C3lEC9vjAMBggqhkjOPQQDAgUAA0kAMEYCIQCpmk1OJaRCpPXHDprRYexmoZWzhDeQLKubz0swJwemjwIhAK4p133rzHtumKG28Onnet01O1sjf4MXTtaRv9KKRuCnMEUCIFlWy_bklvANjpKlj4tmT39OfnwcQa5QFTQMLer0hydNAiEAi0V-p4W1_qV3LJgfgZX8uSX8GddjNnj0XyTfxIiQcKo%3D%22%2C%22clientData%22%3A%22eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6ImR0ZXh1VnR2bmdocUxrNlA2RWY2bFRSTFFPRUVTcGt5Tk55b01SbVQ2WFkiLCJvcmlnaW4iOiJodHRwczovL3Rlc3QuZ2x1dS5vcmcifQ%3D%3D%22%2C%22deviceData%22%3A%22eyJuYW1lIjoiam1ldGVyIiwib3NfbmFtZSI6ImNlbnRvcyIsIm9zX3ZlcnNpb24iOiI3LjAiLCJwbGF0Zm9ybSI6IkFORFJPSUQiLCJwdXNoX3Rva2VuIjoiOTdiOTA1OTVjNWFjM2MwMDc5NWUzZmQ1YjEwMDVjOGY2NDlhYTIxMGZkODFlZmYyN2IwMTAwODEyOTRhZmJjZCIsInR5cGUiOiJub3JtYWwiLCJ1dWlkIjoiSk1ldGVyNWNkODFkZDgtOGIzNS00YmU2LWE0YTctZTZiMTM3ZTU0NGVmIn0%3D%22%7D&username=jmeter_test_user ``` #### Authentication `POST https://test.gluu.org/oxauth/restv1/fido/u2f/authentication` POST data: `tokenResponse=%7B%22clientData%22%3A%22eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiN1lqT0lfbVhSRnZyN0E5Vm5DVEcyV01FMlZwZVVfeDJfYWphdW8tUTB6YyIsIm9yaWdpbiI6Imh0dHBzOi8vdGVzdC5nbHV1Lm9yZyJ9%22%2C%22keyHandle%22%3A%22NzY2NjEwNzItZWFhMS00NmI5LWFmYzEtYmZkOTU5MjkzM2Jh%22%2C%22signatureData%22%3A%22AQAAAAIwRAIgc_5vROf_-uh3Eeig__gGaIcAlr5UOuMncAS2DcP0mpoCIA6tWaOhE0R8gqI6j5PaE8TJqHcIMVoi_GEU5luaEcWP%22%7D` #### Error Response For both requests the error is a 403 with this body `{"status":null,"error":"session_expired","error_description":"The authentication or registration session was expired.","error_uri":null}` ### Config #### settings.py ``` HOST_IP = "172.17.0.1" DOMAIN = "test.gluu.org" ADMIN_PW = "Testtest123!" SVC_FIDO2 = False SVC_SCIM = True SVC_OXPASSPORT = False SVC_OXSHIBBOLETH = False SVC_LDAP = False PERSISTENCE_TYPE = "couchbase" COUCHBASE_USER = "Administrator" COUCHBASE_URL = "couchbase" EMAIL = "test@test.com" ORG_NAME = "Test" COUNTRY_CODE = "US" STATE = "NA" CITY = "Anywhere" OXTRUST_API_ENABLED = True PASSPORT_ENABLED = False SAML_ENABLED = False SCIM_ENABLED = True ``` ### Logs #### Registration ``` nginx | 192.168.96.1 - - [10/Feb/2021:19:46:51 +0000] "GET /oxauth/restv1/fido/u2f/registration?application=https://test.gluu.org&username=jmeter_test_user&enrollment_code=FFFFFFFF-7273-6D74-0007-000000000001 HTTP/1.1" 200 7988 "-" "Apache-HttpClient/4.5.7 (Java/11.0.9.1)" "-" oxauth | 2021-02-10 19:46:51,204 DEBUG [qtp1978869058-16] [oxauth.ws.rs.fido.u2f.U2fRegistrationWS] (U2fRegistrationWS.java:162) - Finishing registration for username 'jmeter_test_user' with response '{"registrationData":"BQRvTjnPiMAHrlB8IgigTwpjnkFRdgo4dnlLvA3vjzEwMMzqoJi2olhr2h16ug_DjCju0PgksVJasnUvZEUoBwWFJDU0NWFkNzQxLTBiMjUtNGNiNi1iY2Y1LTcwZjQ2ZmRmZjk4NjCCAhQwggG3oAMCAQICBAUfqREwDAYIKoZIzj0EAwIFADB-MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTU4xFDASBgNVBAcTC0Jsb29taW5ndG9uMRgwFgYDVQQKEw9Nb3JwaG9UcnVzdCBVU0ExGDAWBgNVBAsTD0NvbW1vbiBTZXJ2aWNlczEYMBYGA1UEAxMPbW9ycGhvdHJ1c3QuY29tMB4XDTE3MTEyMTIxMjkxM1oXDTE4MDIxOTIxMjkxM1owfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1OMRQwEgYDVQQHEwtCbG9vbWluZ3RvbjEYMBYGA1UEChMPTW9ycGhvVHJ1c3QgVVNBMRgwFgYDVQQLEw9Db21tb24gU2VydmljZXMxGDAWBgNVBAMTD21vcnBob3RydXN0LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG9OOc-IwAeuUHwiCKBPCmOeQVF2Cjh2eUu8De-PMTAwzOqgmLaiWGvaHXq6D8OMKO7Q-CSxUlqydS9kRSgHBYWjITAfMB0GA1UdDgQWBBSsPXTKPSlxTX9UVoDYa9C3lEC9vjAMBggqhkjOPQQDAgUAA0kAMEYCIQCpmk1OJaRCpPXHDprRYexmoZWzhDeQLKubz0swJwemjwIhAK4p133rzHtumKG28Onnet01O1sjf4MXTtaRv9KKRuCnMEUCIQCoS1fTOnY9q1rz-Sk35QRXcCfOE8-s7AQXCyhiUMg_WQIgY1-WlBCj4Kk5KMqv5VFrZHTr1cz5bOdyDN6IZFPta7E=","clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6ImNrU25MczVqNVlGQjhud0dEM0hvNHoxcXpHbktrS1hPOVFzVTR2WFpvQWciLCJvcmlnaW4iOiJodHRwczovL3Rlc3QuZ2x1dS5vcmcifQ==","deviceData":"eyJuYW1lIjoiam1ldGVyIiwib3NfbmFtZSI6ImNlbnRvcyIsIm9zX3ZlcnNpb24iOiI3LjAiLCJwbGF0Zm9ybSI6IkFORFJPSUQiLCJwdXNoX3Rva2VuIjoiOTdiOTA1OTVjNWFjM2MwMDc5NWUzZmQ1YjEwMDVjOGY2NDlhYTIxMGZkODFlZmYyN2IwMTAwODEyOTRhZmJjZCIsInR5cGUiOiJub3JtYWwiLCJ1dWlkIjoiSk1ldGVyMGIwY2Q3YmMtY2E4Ni00NTg1LWI0ZDUtNjJmMDk4M2IwNTAxIn0="}' oxauth | 2021-02-10 19:46:51,211 DEBUG [qtp1978869058-16] [org.gluu.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:72) - Looking for the error with id: session_expired oxauth | 2021-02-10 19:46:51,212 DEBUG [qtp1978869058-16] [org.gluu.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:77) - Found error, id: session_expired oxauth | 2021-02-10 19:46:51,213 ERROR [qtp1978869058-16] [oxauth.ws.rs.fido.u2f.U2fRegistrationWS] (U2fRegistrationWS.java:195) - Exception happened oxauth | javax.ws.rs.WebApplicationException: HTTP 403 Forbidden oxauth | at org.gluu.oxauth.ws.rs.fido.u2f.U2fRegistrationWS.finishRegistration(U2fRegistrationWS.java:170) ~[classes/:?] oxauth | at org.gluu.oxauth.ws.rs.fido.u2f.U2fRegistrationWS$Proxy$_$$_WeldClientProxy.finishRegistration(Unknown Source) ~[classes/:?] oxauth | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] oxauth | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?] oxauth | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?] oxauth | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?] oxauth | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:395) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:364) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0] oxauth | at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) ~[websocket-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.gluu.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:362) ~[oxcore-server-4.2.1.Final.jar:?] oxauth | at org.gluu.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:139) ~[oxcore-server-4.2.1.Final.jar:?] oxauth | at org.gluu.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:118) ~[classes/:?] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) ~[jetty-security-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] nginx | 192.168.96.1 - - [10/Feb/2021:19:46:51 +0000] "POST /oxauth/restv1/fido/u2f/registration HTTP/1.1" 403 136 "-" "Apache-HttpClient/4.5.7 (Java/11.0.9.1)" "-" oxauth | at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at java.lang.Thread.run(Unknown Source) [?:?] ``` #### Authentication ``` oxauth | 2021-02-10 20:03:03,971 DEBUG [qtp1989335500-18] [oxauth.ws.rs.fido.u2f.U2fAuthenticationWS] (U2fAuthenticationWS.java:80) - Startig authentication with username 'null', keyhandle 'NzY2NjEwNzItZWFhMS00NmI5LWFmYzEtYmZkOTU5MjkzM2Jh' for appId 'https://test.gluu.org' and session_id '1b63eb9e-6148-4135-9f77-11d713169186' nginx | 192.168.112.1 - - [10/Feb/2021:20:03:04 +0000] "GET /oxauth/restv1/fido/u2f/authentication?application=https://test.gluu.org&session_id=1b63eb9e-6148-4135-9f77-11d713169186&keyhandle=NzY2NjEwNzItZWFhMS00NmI5LWFmYzEtYmZkOTU5MjkzM2Jh HTTP/1.1" 200 9442 "-" "Apache-HttpClient/4.5.7 (Java/11.0.9.1)" "-" oxauth | 2021-02-10 20:03:04,220 DEBUG [qtp1989335500-22] [oxauth.ws.rs.fido.u2f.U2fAuthenticationWS] (U2fAuthenticationWS.java:141) - Finishing authentication for username 'null' with response '{"clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiN1lqT0lfbVhSRnZyN0E5Vm5DVEcyV01FMlZwZVVfeDJfYWphdW8tUTB6YyIsIm9yaWdpbiI6Imh0dHBzOi8vdGVzdC5nbHV1Lm9yZyJ9","keyHandle":"NzY2NjEwNzItZWFhMS00NmI5LWFmYzEtYmZkOTU5MjkzM2Jh","signatureData":"AQAAAAIwRAIgc_5vROf_-uh3Eeig__gGaIcAlr5UOuMncAS2DcP0mpoCIA6tWaOhE0R8gqI6j5PaE8TJqHcIMVoi_GEU5luaEcWP"}' oxauth | 2021-02-10 20:03:04,231 DEBUG [qtp1989335500-22] [org.gluu.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:72) - Looking for the error with id: session_expired oxauth | 2021-02-10 20:03:04,232 DEBUG [qtp1989335500-22] [org.gluu.oxauth.model.error.ErrorResponseFactory] (ErrorResponseFactory.java:77) - Found error, id: session_expired oxauth | 2021-02-10 20:03:04,233 ERROR [qtp1989335500-22] [oxauth.ws.rs.fido.u2f.U2fAuthenticationWS] (U2fAuthenticationWS.java:175) - Exception happened oxauth | javax.ws.rs.WebApplicationException: HTTP 403 Forbidden oxauth | at org.gluu.oxauth.ws.rs.fido.u2f.U2fAuthenticationWS.finishAuthentication(U2fAuthenticationWS.java:149) ~[classes/:?] oxauth | at org.gluu.oxauth.ws.rs.fido.u2f.U2fAuthenticationWS$Proxy$_$$_WeldClientProxy.finishAuthentication(Unknown Source) ~[classes/:?] oxauth | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] oxauth | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?] oxauth | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?] oxauth | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?] oxauth | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:395) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:364) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] oxauth | at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0] oxauth | at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) ~[websocket-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.gluu.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:362) ~[oxcore-server-4.2.1.Final.jar:?] oxauth | at org.gluu.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:139) ~[oxcore-server-4.2.1.Final.jar:?] oxauth | at org.gluu.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:118) ~[classes/:?] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] oxauth | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) ~[jetty-security-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) ~[jetty-servlet-9.4.26.v20200117.jar:9.4.26.v20200117] nginx | 192.168.112.1 - - [10/Feb/2021:20:03:04 +0000] "POST /oxauth/restv1/fido/u2f/authentication HTTP/1.1" 403 136 "-" "Apache-HttpClient/4.5.7 (Java/11.0.9.1)" "-" oxauth | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.Server.handle(Server.java:500) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270) [jetty-server-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) [jetty-util-9.4.26.v20200117.jar:9.4.26.v20200117] oxauth | at java.lang.Thread.run(Unknown Source) [?:?] ```
Gluu 4.2.1 Docker 20.102
closed

Answers

By Yuriy Movchan staff 26 Mar 2021 at 4:07 a.m. CDT

Copy
Yuriy Movchan gravatar
Hi, Registration process contains 2 parts. 1) Generate registration requests and store them in DB: `GET https://test.gluu.org/oxauth/restv1/fido/u2f/registration` 2) Finish registration. Here application loads from DB already stored registration request for validation. `POST https://test.gluu.org/oxauth/restv1/fido/u2f/registration` According you your registration log exception `session_expired` was happened because application can't find in DB request from step 1 by response challenge_id. Can you share full log and get request too? Regards, Yuriy

By Mohib Zico staff 10 Apr 2021 at 11:15 p.m. CDT

Copy
Mohib Zico gravatar
Hi, Please reopen the ticket if required.

Post an answer