When I try to login from WL hybird application in the emulator I get the below exceptions.
Environment:
1) Worklight Server (505 version) installed using the default Liberty profile and Derby database.
2) Userregistry is configured to LDAP. LDAP is up and running.
3) I have followed "Module 20.1 Form-based Authentication"
Server.xml is correctly configured :
ldapRegistry id="IBMDirectoryServerLDAP" realm="defaultWIMFileBasedRealm"
host="testserver.com" port="4389" ignoreCase="true"
baseDN="dc=ibm,dc=com"
bindDN="cn=xyz"
bindPassword="xyz123"
ldapType="IBM Tivoli Directory Server" reuseConnection="true"
idsFilters
userFilter="(&(uid=%v)(objectclass=ePerson))"
groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))"
userIdMap="*:uid"
groupIdMap="*:cn"
groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember;groupOfNames:member;groupOfUniqueNames:uniqueMember"
ldapRegistry
Login module is : com.worklight.core.auth.ext.WebSphereLoginModule
Authenticator is : com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator
Exception:
[RandomNumberGenerationServlet]: Initialization successful.
[2/13/13 15:37:21:349 IST] 00000049 com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator I FWLSE0055I: Not recognized.
[2/13/13 15:38:27:288 IST] 0000004b ication.internal.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID wpsbind. An invalid user ID or password was specified.
[2/13/13 15:38:27:742 IST] 0000004f com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator I FWLSE0055I: Not recognized.
[2/13/13 15:38:27:746 IST] 0000004f com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator I FWLSE0055I: Not recognized.
[2/13/13 15:38:27:747 IST] 0000004f com.worklight.core.auth.impl.AuthenticationFilter E FWLSE0048E: Unhandled exception caught: realm WASLTPARealm is not allowed to ignore request to a protected resouce in a non-success state
java.lang.IllegalStateException: realm WASLTPARealm is not allowed to ignore request to a protected resouce in a non-success state
at com.worklight.core.auth.impl.AuthenticationContext.checkAuthentication(AuthenticationContext.java:515)
at com.worklight.core.auth.impl.AuthenticationContext.processRealms(AuthenticationContext.java:396)
at com.worklight.core.auth.impl.AuthenticationContext.pushCurrentResource(AuthenticationContext.java:373)
at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:63)
at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:162)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:85)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:940)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1037)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:81)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:930)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:274)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:529)
at com.ibm.ws.threading.internal.Worker.executeWork(Worker.java:398)
at com.ibm.ws.threading.internal.Worker.run(Worker.java:380)
The authentication takes place in Liberty, and in order for Worklight to recognize the logged-in user, it needs to know of it.
Form-based authentication will not help here. What you can and should do is implement a Custom-based Authenticator that will retrieve from the response from Liberty the custom HTTP header containing the user information.
You can read more about Custom-based Authentication in the following Getting Started training module, to first familiarize yourself with the concept:
ftp://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v505/Module_23_-_Custom_Authenticator_and_Login_Module.pdf
For a clearer "image" of the authentication flow, you can see the diagram as depicted here: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/topic/com.ibm.worklight.help.doc/integ/r_authentication_at_the_gateway.html
Related
I was trying to add an oauth2.0 authentication provider in our cas (v6.1.x). But I was getting the following error.
2020-11-15 10:03:30,675 INFO [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Credentials are successfully authenticated using the delegated client [OauthClient]>
2020-11-15 10:03:36,492 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ClientCredential(credentials=#OAuth20Credentials# | code: c.lKObb15ip36uiWfOYaTXEfQ | accessToken: com.github.scribejava.core.model.OAuth2AccessToken#5ca28902 |, clientName=OauthClient, typedIdUsed=true, userProfile=null)] of type [ClientCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2020-11-15 10:03:36,509 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[OauthClient]: [id cannot be blank]>
2020-11-15 10:03:36,513 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: NotYetAuthenticated-e111ad8e-8e6f-4edd-9de7-d2eae5040704
As you can see the credentials are successfully authenticated. After that redirected back with unauthorized access on the browser UI with the above error.
The properties I used for delegated authentication is given below:-
cas.server.name=http://localhost:8080
cas.server.prefix=http://localhost:8080/cas
cas.authn.pac4j.oauth2[0].id=${CLIENT_ID}
cas.authn.pac4j.oauth2[0].secret=${CLIENT_SECRET}
cas.authn.pac4j.typedIdUsed=true
cas.authn.pac4j.principalAttributeId=email
cas.authn.pac4j.name=OauthClient
cas.authn.pac4j.order=0
cas.authn.pac4j.lazyInit=true
cas.authn.pac4j.oauth2[0].autoRedirect=false
cas.authn.pac4j.oauth2[0].principalAttributeId=email
cas.authn.pac4j.oauth2[0].enabled=true
cas.authn.pac4j.oauth2[0].authUrl=${AUTH_URL}
cas.authn.pac4j.oauth2[0].tokenUrl=${TOKEN_URL}
cas.authn.pac4j.oauth2[0].profileUrl=${PROFILE_URL}
cas.authn.pac4j.oauth2[0].profileVerb=GET
cas.authn.pac4j.oauth2[0].scope=profile,email,roles
cas.authn.pac4j.oauth2[0].clientName=OauthClient
Thanks in advance.
sonar.security.realm=LDAP
ldap.url=ldap://ldap-company.com
ldap.bindDn=CN=xxxxx,OU=Restricted,OU=xxxx,DC=company,DC=com
ldap.bindPassword=none
# User Configuration
ldap.user.baseDn=ou=Users,dc=mycompany,dc=com
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
# Group Configuration
ldap.group.baseDn=OU=Groups,OU=companyname,DC=comapany,DC=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
These are my configurations----sonarqube version-6.2
Database-Embedded
Do you guys have any idea how to integrate LDAP with Sonarqube. I tried different ways but couldn't get succeeded. this I my configuration for sonar.properties
I got an error 2017.03.15 15:57:25 ERROR web[AVrTij8L9uoXNT8qAAAK][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user xxx in <default> and also Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., dat
2017.03.15 15:55:05 INFO web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2017.03.15 15:55:49 ERROR web[AVrTij8L9uoXNT8qAAAJ][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user xxxxx in <default>
at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:89)
at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:83)
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:56)
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:45)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:91)
This is my web.log
2017.03.16 13:10:09 INFO web[][o.s.s.p.UpdateCenterClient] Update center: https://update.sonarsource.org/update-center.properties (no proxy)
2017.03.16 13:10:09 INFO web[][org.sonar.INFO] Security realm: LDAP
2017.03.16 13:10:09 INFO web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=company,DC=com, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=cn, emailAttribut
e=mail}
2017.03.16 13:10:09 INFO web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=OU=Groups,OU=comapny,Dc=company,DC=com, idAttribute=cn, requiredUserAttributes=[uid], request=(&(objectC
lass=posixGroup)(memberUid={0}))}
2017.03.16 13:10:09 INFO web[][o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2017.03.16 13:10:09 INFO web[][o.s.s.p.d.EmbeddedDatabase] Embedded database stopped
2017.03.16 13:10:09 ERROR web[][o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.web.PlatformServletContextListener
org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection
at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:206)
at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110)
Your bind is failing. You need to test with an external LDAP tool like Apache Directory Studio tool, or Softerra's LDAP Browser.
It could be a firewall issue from your server to the LDAP server. It could be the password is incorrect. It does look like your Sonar server is able to talk to the LDAP server (Which looks like Active Directory) since you get an AD style error message about needing to bind before searching.
If you can get the error on the bind failing it will return an error code 49 with a subcode that is of interest. 525, 52e, 777 or the like that refer to different reasons Active Directory will not let you connect.
Note: Your password is 'none' which is hard to tell if that is you trying to hide the password, or an actual literal password.
I am using WSO2 Identity server as a key manager in WSO2 API manager. I am creating sample playground app with OAuth2.0 flow with WSO2 API manager.I have added new app in API store and generated consumer key and consumer secret.
steps:
Run Sample playground app -localhost:8080/playground2
Playground app home page
Click on Image we will go to oauth2.jsp page
here we have to fill:
response_type = code
client_id = VALUE_OF_CONSUMER_KEY
redirect_uri = REDIRECT_URL_OF_THE_APPLICATION
scope = SCOPE_OF_THE_ACCESS_REQUEST
Authorize
On Clicking Authorize button The application (client) requests an authorization code from the authorization server(WSO2 identity server) by sending a HTTP GET request with the following query parameters.
response_type = code
client_id = VALUE_OF_CONSUMER_KEY
redirect_uri = REDIRECT_URL_OF_THE_APPLICATION
scope = SCOPE_OF_THE_ACCESS_REQUEST
and it displays consent page
Consent page
when we click approve it redirects to wso2 login page
Login page
After entering credentials it gives following error: AfterLogin Error
HTTP Status 500 - org.apache.cxf.interceptor.Fault
type Exception report
message org.apache.cxf.interceptor.Fault
description The server encountered an internal error that prevented it from fulfilling this request.
exception
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:336)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
root cause
org.apache.cxf.interceptor.Fault
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
root cause
java.lang.NullPointerException
org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:251)
org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1163)
org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:135)
org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorizePost(OAuth2AuthzEndpoint.java:574)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.73 logs.
Apache Tomcat/7.0.73
In API Manager console it is giving following error:
I.
ERROR - AMDefaultKeyManagerImpl Can not retrieve OAuth application for the given consumer key : PBMTE1piS4sKNdn2HdsJAbMeCQga
org.apache.axis2.AxisFault: Access Denied. Authentication failed - System error occurred. Please check server logs for more details.
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
II.
[2017-03-10 11:48:21,226] ERROR - item-info:jag org.wso2.carbon.apimgt.api.APIManagementException: Can not retrieve OAuth application for the given consumer key : PBMTE1piS4sKNdn2HdsJAbMeCQga
[2017-03-10 11:48:49,063] WARN - APIAuthenticationHandler API authentication failure due to Unclassified Authentication Failure
[2017-03-10 11:49:02,990] INFO - TimeoutHandler This engine will expire all callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, after the specified or optional timeout
[2017-03-10 11:49:30,889] INFO - DependencyTracker Local entry : gov:/apimgt/statistics/ga-config.xml was added to the Synapse configuration successfully
[2017-03-10 11:49:31,028] INFO - JMSConnectionFactory JMS ConnectionFactory : jmsEventPublisher initialized
[2017-03-10 11:49:32,336] INFO - AMQConnection Unable to connect to broker at tcp://localhost:5672
org.wso2.andes.transport.TransportException: Could not open connection
at org.wso2.andes.transport.network.mina.MinaNetworkTransport$IoConnectorCreator.connect(MinaNetworkTransport.java:216)
at org.wso2.andes.transport.network.mina.MinaNetworkTransport.connect(MinaNetworkTransport.java:74)
at org.wso2.andes.client.AMQConnectionDelegate_8_0.makeBrokerConnection(AMQConnectionDelegate_8_0.java:130)
at org.wso2.andes.client.AMQConnection$2.run(AMQConnection.java:631)
at org.wso2.andes.client.AMQConnection$2.run(AMQConnection.java:628)
at java.security.AccessController.doPrivileged(Native Method)
at org.wso2.andes.client.AMQConnection.makeBrokerConnection(AMQConnection.java:628)
at org.wso2.andes.client.AMQConnection.<init>(AMQConnection.java:409)
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:351)
III.
org.wso2.andes.AMQConnectionFailureException: Could not open connection
at org.wso2.andes.client.AMQConnection.<init>(AMQConnection.java:486)
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:351)
IV.
Caused by: org.wso2.andes.transport.TransportException: Could not open connection
at org.wso2.andes.transport.network.mina.MinaNetworkTransport$IoConnectorCreator.connect(MinaNetworkTransport.java:216)
at org.wso2.andes.transport.network.mina.MinaNetworkTransport.connect(MinaNetworkTransport.java:74)
V.
[2017-03-10 11:49:32,345] ERROR - JMSConnectionFactory Error acquiring a Connection from the JMS CF : jmsEventPublisher using properties : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=throttleData}
javax.jms.JMSException: Error creating connection: Could not open connection
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:361)
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:40)
VI.
[2017-03-10 11:49:32,350] ERROR - JMSConnectionFactory Error acquiring a Connection from the JMS CF : jmsEventPublisher using properties : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=throttleData}
org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterRuntimeException: Error acquiring a Connection from the JMS CF : jmsEventPublisher using properties : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=throttleData}
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.handleException(JMSConnectionFactory.java:197)
Please help me to solve this issue.
I`m trying to connect a Spark application to HBase with Kerberos enabled. Spark version is 1.5.0, CDH 5.5.2 and it's executed in yarn cluster mode.
When HbaseContext is initialized, it throws this error:
ERROR ipc.AbstractRpcClient: SASL authentication failed. The most likely cause is missing or invalid credentials. Consider 'kinit'.
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
I have tried to do the authentication in the code, adding:
UserGroupInformation.setConfiguration(config)
UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename)
I distribute the keytab file with --files option in spark-submit.
Now, the error is:
java.io.IOException: Login failure for usercomp#COMPANY.CORP from keytab krb5.usercomp.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
...
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856)
Is this the way to connect to Kerberized HBase from a Spark app?
please see the example configuration like below if you are missing anything like hadoop.security.authentication
val conf= HBaseConfiguration.create()
conf.set("hbase.zookeeper.quorum", "list of ip's")
conf.set("hbase.zookeeper"+ ".property.clientPort","2181");
conf.set("hbase.master", "masterIP:60000");
conf.set("hadoop.security.authentication", "kerberos");
Actually try to put your hbase-site.xml directly in the SPARK_CONF directory of your edge node (should be something like /etc/spark/conf or /etc/spark2/conf).
you can use loginUserFromKeytabAndReturnUGI, and uig.doAs
or you could put you hbase classpath to SPARK_DIST_CLASSPATH.
I am using wso2esb-4.8.1 with java web client.
I wish to do SSL mutual authentication in wso2esb.My client web as well as android app so i followed http://pathberiya.blogspot.in/2012/08/enable-mutual-ssl-for-proxy-services-in.html above blog so i created .jks file and replaced with wso2carbon.jks its working.
But how to do mutual authentication with back end server .It has its own certificate .Can i export that certificate into my wso2esb security folder.In that way is it work or not.Else i need to use same certificate with back end also help me for this.
client------------>proxy-------------->Backend
getting this error in esb starting level only
[ESB] [2014-05-29 18:56:19,653] ERROR {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Error while updating wso2carbon-sts in STSDeploymentInterceptor {org.wso2.carbon.core.deployment.DeploymentInterceptor}
java.lang.NullPointerException
at org.wso2.carbon.core.util.KeyStoreUtil.getKeyStoreFileName(KeyStoreUtil.java:57)
after that one more error is
ERROR {org.wso2.carbon.tenant.mgt.internal.TenantMgtServiceComponent} - ******* Tenant Config bundle failed activating **** {org.wso2.carbon.tenant.mgt.internal.TenantMgtServiceComponent}
java.lang.NullPointerException
at java.util.Hashtable.put(Hashtable.java:514
This is about the https transport
FATAL {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent} - Cannot start transports {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Thanks in Advance.
Mutual authentication is not currently supported for proxy -> backend communication. See JIRA issue here.
What you need is to enable custom SSL profiles in the axis configuration. For a specific endpoint, you can specify which keystone and which truststore to use. See this post: http://nadeeshaan.blogspot.nl/2014/03/enabling-custom-ssl-in-wso2-esb-4.html