UMA Authorization Context type error

By: Sakit Atakishiyev user 01 Nov 2017 at 10:17 a.m. CDT

9 Responses
Sakit Atakishiyev gravatar
Hi. I am tring to write custom policy script with name `policy1`. For testing I just print authenticated user and return true to back. The below my `authorize` method ``` def authorize(self, context): print "Policy 1. Authorizing ..." print "User: "+ context.getUser() return True ``` But `oxauth.log` through error ``` Failed to execute python 'authorize' method, script: policy1, message: null org.python.core.PyException: null at org.python.core.Py.TypeError(Py.java:259) ~[jython-2.7.0.jar:?] ``` I checked the [source code](https://github.com/GluuFederation/oxAuth/blob/64ee5c198f3e24b44f7c3931b0d19bffad6e71a5/Server/src/main/java/org/xdi/oxauth/uma/authorization/UmaAuthorizationContext.java#L164) `UmaAuthorizationContext.getUser(String...args)` is exist. For this I called `context.getClaims()` but I got the same error again. Is there anything I did wrong? I handled error on pyhton side and it gives the below error ```('Unexpected error:', AttributeError("'org.xdi.oxauth.uma.authorization.UmaAuthorizationC' object has no attribute 'getUserDn'",)) ``` I checked the `oxauth.war` which shipped with `gluu server 3.1.0` and there is no `user` object in `org.xdi.oxauth.uma.authorization.UmaAuthorizationContext` class so that python gives error that could not found attribute
Ubuntu 16.04
closed

Answers

By Yuriy Zabrovarnyy staff 02 Nov 2017 at 2:56 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
First of all make sure that you have CE `3.1.1` because in `3.1.0` there were a few critical issues in UMA 2, just to make sure you does not run into other issues there. Once you have `3.1.1` please check whether you are authenticated via `context.isAuthenticated()`. If you are sure that user is authenticated then please give: - full source of the script - full `oxauth.log` file, so I can check the workflow and full stacktrace thrown by jython Also I guess you may wish to check our sample scripts ``` https://github.com/GluuFederation/oxAuth/blob/version_3.1.1/Server/uma/sample/UmaRptPolicy.py#L21-21 https://github.com/GluuFederation/oxAuth/blob/version_3.1.1/Server/uma/sample/UmaClaimsGathering.py#L9-9 ``` Specifically `prepareForStep method in UmaClaimsGathering.py`. Let us know how it goes. Thanks, Yuriy Z

By Sakit Atakishiyev user 02 Nov 2017 at 8:10 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi Yuriy. Today I installed version `3.1.1`. Now I can call `getUser()` method. But context returns me `null` object. I am sharing my `custom uma script` and `oxauth.log` [policy.py](https://drive.google.com/file/d/0B0k0w2ZRcqm_TmxkVndHUEp4OXc/view?usp=sharing) [oxauth.log](https://drive.google.com/file/d/0B0k0w2ZRcqm_eUh3VGw3WkpUa1U/view?usp=sharing)

By Yuriy Zabrovarnyy staff 02 Nov 2017 at 8:53 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
It seems user is not logged in during script execution. From your log ``` 2017-11-02 11:58:47,553 TRACE [qtp2008017533-11] [org.xdi.oxauth.uma.service.UmaSessionService] (UmaSessionService.java:52) - Cookie - session_id: 2017-11-02 11:58:47,554 TRACE [qtp2008017533-11] [org.xdi.oxauth.uma.service.UmaSessionService] (UmaSessionService.java:242) - No logged in user. ``` Please make sure that user is logged in. (You can check also presence of `session_id` cookie via browser, however presence is not enough, session must be also authenticated but in your particular case http request cookie does not have `session_id` cookie with correct value which is send by browser automatically). Thanks, Yuriy Z

By Yuriy Zabrovarnyy staff 02 Nov 2017 at 8:58 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
I assume you generate your token request not from browser but from program (which leads to cookie absence). You can emulate it and provide cookie or otherwise I guess more clear path is to work via `Claims-Gathering Endpoint`. So you need claims `I`. So you have : - define required claims in `getRequiredClaims` (currently you return just `None`) - then in `Claims Gathering Script` during redirect browser will send cookies automatically so you will have access to `User` object without extra efforts of emulation. Please check again this sample ``` https://github.com/GluuFederation/oxAuth/blob/version_3.1.1/Server/uma/sample/UmaClaimsGathering.py#L9-9 ``` Thanks, Yuriy Z

By Sakit Atakishiyev user 02 Nov 2017 at 10:21 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Yes Yuri you are right. My app did not keep session so that not found authenticated user. I configured and now working. thank you very much

By Yuriy Zabrovarnyy staff 02 Nov 2017 at 10:36 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Glad to hear it! Should we close this ticket then or you have further questions ?

By Sakit Atakishiyev user 02 Nov 2017 at 10:40 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Yes of course

By Sakit Atakishiyev user 02 Nov 2017 at 11:01 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Yuriy let me ask a question from you. You said that > define required claims in getRequiredClaims (currently you return just None) But if you look my code I don't need any extra claims. I just need user's city attribute(which is ldap name is `I`). Because of this I return `None`. Is it wrong?

By Yuriy Zabrovarnyy staff 02 Nov 2017 at 11:38 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
It's correct if you don't need to go further. Idea with `getRequiredClaims` was to use it together with `Claims Gathering Script` but you don't need it if you was able get `session_id`. That's it. Thanks, Yuriy Z

Post an answer