By: Leonardo Machado user 16 Jan 2018 at 6:20 a.m. CST

5 Responses
Leonardo Machado gravatar

I am trying to run a custom script unsuccessfully. The init method is:

print "CSBase. Initialization"
         self.csbaseProxy = CSBaseLoginProxy(configurationAttributes.get("CSBaseServer").getValue2(),configurationAttributes.get("CSBasePort").getValue2(), True)
         return True

This runs ok, and my proxy reaches the server responsible for authentication. I see the respective log messages.

But as for authenticate:

def authenticate(self, configurationAttributes, requestParameters, step):

         if (step == 1):
             print "CSBase. Authenticate for step 1"
             identity = CdiUtil.bean(Identity)
             credentials = identity.getCredentials()

             user_name = credentials.getUsername()
             user_password = credentials.getPassword()

             logged_in = False
             if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
                 logged_in = self.csbaseProxy.authenticate(user_name, user_password)

             if (not logged_in):
                 return False

             return True
         else:
             return False

Something goes wrong

java.lang.NullPointerException: null at org.xdi.oxauth.service.AuthenticationService.configureSessionUser(AuthenticationService.java:426) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:333) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:138) [classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticate(Authenticator.java:101) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.0.33.jar:8.0.33] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.0.33.jar:8.0.33] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.0.0.Final.jar:3.0.0.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.0.0.Final.jar:3.0.0.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [jsf-api-2.2.14.jar:2.2] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [jsf-api-2.2.14.jar:2.2] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [jsf-api-2.2.14.jar:2.2] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:199) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:74) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.ocpsoft.rewrite.servlet.impl.HttpRewriteResultHandler.handleResult(HttpRewriteResultHandler.java:42) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.rewrite(RewriteFilter.java:297) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:198) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]

I executed from the gluu server machine a python standalone test script that access this authenticate method from my csbaseproxy and it ran ok.

Can anyone help me?

Thanks.

By mohib zico staff 16 Jan 2018 at 6:42 a.m. CST

mohib zico gravatar
  • What's the purpose ( aka. target ) of this custom AuthN script?
  • How did you run it?
  • What kind of failure it's happening ( can't initiate or can't perform it's operation )?
  • Checked oxauth/oxtrust_script log?

By Leonardo Machado user 16 Jan 2018 at 6:53 a.m. CST

Leonardo Machado gravatar
  • The purpose is to replace the default ldap authentication with an authentication from a server (CSBase)
  • I ran it like instructed in the documentation: created the script, put the csbase classes in ext lib directory, changed the default authentication mode and tried to access the gluu admin web page
  • it does initiate, as I said above, but when I try to login in the web page it says the login/passwd is invalid
  • The above output was the only error I found in oxauth stderr logo file

By mohib zico staff 16 Jan 2018 at 7:04 a.m. CST

mohib zico gravatar

I ran it like instructed in the documentation:

Which doc?

it does initiate

Are we sure?

Please note that, 'custom authN' script troubleshooting is out of community support policy so the more troubleshooting info you can provide; the more we will have chance to assist you. From log.. I see just NPE which doesn't make much sense to me.

Here is how you can use your custom authN in Gluu server.

By Leonardo Machado user 16 Jan 2018 at 7:13 a.m. CST

Leonardo Machado gravatar

The doc I used was this one:

https://gluu.org/docs/ce/latest/authn-guide/customauthn/

and this one:

https://gluu.org/docs/ce/3.1.1/authn-guide/intro/

I am sure it does initiate, because the classes I added to the external classpath (/opt/gluu/jetty/oxauth/lib/ext) they print to stdout the csbase server connection success of failure. In my script, the init (as you see in my original post) access those classes. In the log files I see that csbase server was accessed successfully.

I'm just asking the support to take a look at my authenticate method above and see if I'm doing something wrong. I know for sure that csbaseProxy.authenticate works, but maybe, the previous lines before calling it have some problem.

By Leonardo Machado user 17 Jan 2018 at 3:43 a.m. CST

Leonardo Machado gravatar

One update: It seems that Gluu is trying to get something else than the simple boolean from authenticate method from the custom script. I found in oxauth_script.log the following stack trace:

2018-01-17 09:12:38,355 ERROR [qtp359023572-19] [org.xdi.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:167) - null org.python.core.PyException: null at org.python.core.Py.TypeError(Py.java:259) ~[jython-2.7.0.jar:?] at org.python.core.PyObject._basic_add(PyObject.java:2141) ~[jython-2.7.0.jar:?] at org.python.core.PyObject._add(PyObject.java:2119) ~[jython-2.7.0.jar:?] at org.python.pycode._pyx3.authenticate$8(<iostream>:62) ~[?:?] at org.python.pycode._pyx3.call_function(<iostream>) ~[?:?] at org.python.core.PyTableCode.call(PyTableCode.java:167) ~[jython-2.7.0.jar:?] at org.python.core.PyBaseCode.call(PyBaseCode.java:307) ~[jython-2.7.0.jar:?] at org.python.core.PyBaseCode.call(PyBaseCode.java:198) ~[jython-2.7.0.jar:?] at org.python.core.PyFunction.call(PyFunction.java:482) ~[jython-2.7.0.jar:?] at org.python.core.PyMethod.instancemethodcall_(PyMethod.java:237) ~[jython-2.7.0.jar:?] at org.python.core.PyMethod.call(PyMethod.java:228) ~[jython-2.7.0.jar:?] at org.python.core.PyMethod.call(PyMethod.java:218) ~[jython-2.7.0.jar:?] at org.python.core.PyMethod.call(PyMethod.java:213) ~[jython-2.7.0.jar:?] at org.python.core.PyObject._jcallexc(PyObject.java:3626) ~[jython-2.7.0.jar:?] at org.python.core.PyObject._jcall(PyObject.java:3658) ~[jython-2.7.0.jar:?] at org.python.proxies.builtin__$PersonAuthentication$3.authenticate(Unknown Source) ~[?:?] at org.xdi.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:165) [classes/:?]

Looking at line 165 for that classe (at github branch version3.1.1) I found:

Map<String, SimpleCustomProperty> configurationAttributes = customScriptConfiguration.getConfigurationAttributes();

And in oxauth.log I found:

2018-01-17 09:12:38,382 INFO [qtp359023572-19] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:152) - Authentication failed for 'admin' 2018-01-17 09:15:47,122 ERROR [qtp359023572-12] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:212) - Failed to get session attributes

which seems to indicate that Gluu is trying to get session attributes for the authenticated user. This is reasonable to expect, but in the custom script documentation there is no indication that the script should implement this.

What is missing in my script?

Thanks.