By: Gopalan Prasaad user 26 Sep 2018 at 3:28 p.m. CDT

8 Responses

I am new to Gluu. In order to understand the flow of a custom authentication script I copied the *basic authN* script and made *one* change to it: inside the def authenticate(...) method, i commented out the call to the authenticationService.authenticate(...) method and replaced it with a logged_in = True ``` ... # logged_in = authenticationService.authenticate(user_name, user_password) logged_in = True ... ``` I ensure the default acr is pointing to this custom script. Expected: *everyone* is authenticated no matter what credentials they put in. Actual: ``` 2018-09-26 19:52:13,838 ERROR [qtp1744347043-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:156) - null java.lang.NullPointerException: null at org.xdi.oxauth.service.AuthenticationService.configureSessionUser(AuthenticationService.java:410) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:348) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:150) [classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticate(Authenticator.java:113) [classes/:?] at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_162] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.24.2.jar:8.5.24] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.24.2.jar:8.5.24] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.0.1.Final.jar:3.0.1.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.0.1.Final.jar:3.0.1.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [jsf-api-2.2.14.jar:2.2] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [jsf-api-2.2.14.jar:2.2] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [jsf-api-2.2.14.jar:2.2] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.14.jar:2.2.14] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [jsf-impl-2.2.14.jar:2.2.14] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [jsf-api-2.2.14.jar:2.2] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:73) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.ocpsoft.rewrite.servlet.impl.HttpRewriteResultHandler.handleResult(HttpRewriteResultHandler.java:42) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.rewrite(RewriteFilter.java:297) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:198) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_162] 2018-09-26 19:52:13,840 INFO [qtp1744347043-14] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:164) - Authentication failed for '<user>' ``` What am i doing wrong? Shouldn't my simple test work?

Ubuntu 1.2

closed

By Mohib Zico staff 27 Sep 2018 at 8:53 a.m. CDT

Copy

Customization is not covered in community support, sorry.

By Aliaksandr Samuseu staff 27 Sep 2018 at 11:17 a.m. CDT

Copy

Zico is right, but just one note: had you tested the default script before modifying it, making sure it works? It could be the issue with the script itself, not your modifications.

By Gopalan Prasaad user 28 Sep 2018 at 2:10 p.m. CDT

Copy

all i wanted to know was this: " as a test, if i write a custom authentication script that simply returns true for the authenticate() method, would that work (all users authenticated)? or should i take care of something else besides that? like some gluu session etc." this has nothing do with *my* custom script but about how to wire up a custom script in general.. *your documentation is lacking in that respect*

By Aliaksandr Samuseu staff 30 Sep 2018 at 1:56 p.m. CDT

Copy

>as a test, if i write a custom authentication script that simply returns true for the authenticate() method, would that work (all users authenticated)? or should i take care of something else besides that? like some gluu session etc It *should* work, but even if it doesn't, why won't you just leave the call to this function intact (NOT commenting it out), and just place an override for "logged_in" right after it? I.e., experiment a little, try to read the related code at Github etc - that's the part of the deal of being Community (free) user. Unless you are willing to pay for support, we can't afford to spend time of our dev team answering such in-depth questions here. Also, if you'll suceed you are welcome to leave a note for the rest of community here, explaining how to achieve this - this is how community works.

By Gopalan Prasaad user 01 Oct 2018 at 9:43 a.m. CDT

Copy

Thank you for your response - i did try that - basically here is the gist: ``` ... def authenticate(..): ... logged_in = authenticationService.authenticate(....) # returns False - since my user is NOT in Gluus's LDAP if (not logged_in) logged_in = <authenticate against my webservice> # returns True (this part works) return logged_in ... ``` after the above script runs the user is still not authenticated because i get an NPE in ``` 2018-10-01 14:24:16,900 ERROR [qtp1744347043-12] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:156) - null java.lang.NullPointerException: null at org.xdi.oxauth.service.AuthenticationService.configureSessionUser(AuthenticationService.java:410) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:348) ~[classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:150) [classes/:?] at org.xdi.oxauth.auth.Authenticator.authenticate(Authenticator.java:113) [classes/:?] at sun.reflect.GeneratedMethodAccessor482.invoke(Unknown Source) ~[?:?] ... ```

By Aliaksandr Samuseu staff 01 Oct 2018 at 11:42 a.m. CDT

Copy

Have you tried to use the script without any modifications? If it doesn't work, it may be because of the bug in the script itself. Also try to use this version: [link](https://github.com/GluuFederation/oxAuth/blob/version_3.1.1/Server/integrations/basic/BasicExternalAuthenticator.pyhttps://github.com/GluuFederation/oxAuth/blob/version_3.1.1/Server/integrations/basic/BasicExternalAuthenticator.py)

By Gopalan Prasaad user 01 Oct 2018 at 12:52 p.m. CDT

Copy

I have had success (i think) by adding the authenticated user (authenticated via my web-service) to identity (instead of local ldap) and Gluu allowed me to complete authentication successfully without any internal LDAP in play. in other words, following my pseudo-code from above post: ``` ... def authenticate(..): ... logged_in = authenticationService.authenticate(....) # returns False - since my user is NOT in Gluus's LDAP if (not logged_in) logged_in = <authenticate against my webservice> # returns True (this part works) newUser = User() newUser.setAttribute ("userId",user_name) identity.setUser(newUser) return logged_in ... ``` I have one question from this experience - i have set up OpenID Connect from a reporting client app within our servers and it sends users to Gluu for central auth - however Gluu seems to think the users are interactively logged on - i want Gluu to simply authenticate users and then take them back to the reporting app (upon suucess) i am trying to figure this one out. thank for playing along with me. seeing progress.

By Aliaksandr Samuseu staff 01 Oct 2018 at 7:11 p.m. CDT

Copy

It seems to me you may not fully understand how basic authentication is handled in Gluu by default. Here is the doc on the subject, there is a section describing it in details too: [link](https://gluu.org/docs/ce/3.1.1/authn-guide/basic/) I assumed you have a local user entry which can be used as source of user's data, as it's mandatory requirement. Gluu uses its internal LDAP server as source of all user attributes, so unless an entry for a user exists, you need to create it (we call it auto-enrollment in docs), and that's basically what you script now seems to do. >however Gluu seems to think the users are interactively logged on - i want Gluu to simply authenticate users and then take them back to the reporting app (upon suucess) i am trying to figure this one out. Not sure what is the nature of your issue is. Are you talking about SSO? Normally a user is only authenticated once, and for the duration of their session they are not asked for credentials anymore, unless some RP overrides this behaviour by asking for stricter auth method or to force an user to re-log in.

You need to Login in order to post an answer

Custom authN script (small alteration of basic authN) not working

By: Gopalan Prasaad user 26 Sep 2018 at 3:28 p.m. CDT

Answers

By Mohib Zico staff 27 Sep 2018 at 8:53 a.m. CDT

By Aliaksandr Samuseu staff 27 Sep 2018 at 11:17 a.m. CDT

By Gopalan Prasaad user 28 Sep 2018 at 2:10 p.m. CDT

By Aliaksandr Samuseu staff 30 Sep 2018 at 1:56 p.m. CDT

By Gopalan Prasaad user 01 Oct 2018 at 9:43 a.m. CDT

By Aliaksandr Samuseu staff 01 Oct 2018 at 11:42 a.m. CDT

By Gopalan Prasaad user 01 Oct 2018 at 12:52 p.m. CDT

By Aliaksandr Samuseu staff 01 Oct 2018 at 7:11 p.m. CDT

Post an answer