Issue enabling passport_saml

By: Stephen Ford user 25 Sep 2018 at 4:32 p.m. CDT

4 Responses
Stephen Ford gravatar
I'm working through setting up [passport_saml](https://gluu.org/docs/ce/3.1.3.1/authn-guide/inbound-saml-passport/#enable-passport). However, every time I click to enable passport_saml, then click update, the passport_saml tab goes from green to red after refreshing the 'manage custom scripts' window and I get the following error: ```java java.lang.Exception: Using default external type class at org.xdi.service.custom.script.CustomScriptManager.createExternalType(CustomScriptManager.java:349) at org.xdi.service.custom.script.CustomScriptManager.reloadCustomScriptConfigurations(CustomScriptManager.java:253) at org.xdi.service.custom.script.CustomScriptManager.reloadImpl(CustomScriptManager.java:153) at org.xdi.service.custom.script.CustomScriptManager.reload(CustomScriptManager.java:141) at org.xdi.service.custom.script.CustomScriptManager.reloadTimerEvent(CustomScriptManager.java:118) at org.xdi.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.reloadTimerEvent(Unknown Source) at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) at org.jboss.weld.injection.MethodInvocationStrategy$SimpleMethodInvocationStrategy.invoke(MethodInvocationStrategy.java:129) at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:330) at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:308) at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:286) at javax.enterprise.inject.spi.ObserverMethod.notify(ObserverMethod.java:124) at org.jboss.weld.util.Observers.notify(Observers.java:166) at org.jboss.weld.event.ObserverNotifier.notifySyncObservers(ObserverNotifier.java:285) at org.jboss.weld.event.ObserverNotifier.notify(ObserverNotifier.java:273) at org.jboss.weld.event.ObserverNotifier.fireEvent(ObserverNotifier.java:177) at org.jboss.weld.event.ObserverNotifier.fireEvent(ObserverNotifier.java:159) at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:614) at org.jboss.weld.util.ForwardingBeanManager.fireEvent(ForwardingBeanManager.java:104) at org.xdi.service.timer.TimerJob.execute(TimerJob.java:37) at org.xdi.service.timer.JobExecutionDelegate.execute(JobExecutionDelegate.java:29) at org.xdi.service.timer.JobExecutionDelegate$Proxy$_$$_WeldClientProxy.execute(Unknown Source) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) ``` If I look under the oxauth_script.log file I see the following: ``` 2018-09-25 21:13:42,777 INFO [oxAuthScheduler_Worker-4] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroy 2018-09-25 21:13:42,778 INFO [oxAuthScheduler_Worker-4] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroyed successfully 2018-09-25 21:13:42,802 INFO [oxAuthScheduler_Worker-4] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialization 2018-09-25 21:13:42,804 INFO [oxAuthScheduler_Worker-4] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialized successfully 2018-09-25 21:14:13,167 INFO [oxAuthScheduler_Worker-2] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. init called 2018-09-25 21:14:13,168 INFO [oxAuthScheduler_Worker-2] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - readBehaviour. Failure to determine behaviour. Check script config properties (valid values are 'social' or 'saml') 2018-09-25 21:14:13,169 INFO [oxAuthScheduler_Worker-2] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. init. Behaviour is None 2018-09-25 21:14:13,169 INFO [oxAuthScheduler_Worker-2] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getCustomAuthzParameter. No custom param for OIDC authz request in script properties 2018-09-25 21:14:13,169 INFO [oxAuthScheduler_Worker-2] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. getCustomAuthzParameter. Passport flow cannot be initiated by doing an OpenID connect authorization request ``` I have a feeling I've missed something in my installation/configuration but not sure where to go. Thanks for any suggestions.
Ubuntu 16.04
closed

Answers

By Aliaksandr Samuseu staff 25 Sep 2018 at 4:39 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Stephen. Do you use the script which came pre-packaged with your instance, or you copied a new one from Github may be? Make sure you have all extra script's properties defined as shown on the attached picture.
Selection_007.jpg

By Stephen Ford user 25 Sep 2018 at 5:09 p.m. CDT

Copy
Stephen Ford gravatar
Aliaksandr, thanks for the reply. I copied the script from: https://raw.githubusercontent.com/GluuFederation/oxAuth/master/Server/integrations/saml-passport/SamlPassportAuthenticator.py I think you nailed it with those script properties... several were missing. I'm still getting an error, but that's probably because I need to coordinate with IT to get key_store_password information.

By Aliaksandr Samuseu staff 25 Sep 2018 at 5:29 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
You should have used the version which came prepackaged, I can't guarantee the one from "master" branch is fully compatible with previous packages. You could at least try to use [this one](https://github.com/GluuFederation/oxAuth/blob/version_3.1.3/Server/integrations/saml-passport/SamlPassportAuthenticator.py) instead, if nothing else will work. >I need to coordinate with IT to get key_store_password information Not sure I follow. I don't think any such password is needed to make a default Passport-SAML setup to work.

By Stephen Ford user 25 Sep 2018 at 5:33 p.m. CDT

Copy
Stephen Ford gravatar
Aliaksandr, thanks again. Yes, talking with IT they did not set that key_store password, I made a bad assumption. After making the changes you suggest I'm seeing the following: ``` 2018-09-25 22:32:12,775 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport. destroy called 2018-09-25 22:32:13,150 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport-saml: Initialized successfully 2018-09-25 22:32:13,152 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport-saml: Initialization init method call 2018-09-25 22:32:13,153 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Passport-saml: Extension module key not found 2018-09-25 22:32:13,155 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroy 2018-09-25 22:32:13,155 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Destroyed successfully 2018-09-25 22:32:13,163 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialization 2018-09-25 22:32:13,164 INFO [oxAuthScheduler_Worker-1] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Permission dynamic scope. Initialized successfully ``` I think I'm good to keep going.

Post an answer