Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1851

Errors Authentication when using Authn Tree and Java Agents

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.1, 5.5.0.0
    • Fix Version/s: 5.5.0.0
    • Component/s: J2EE Agents
    • Labels:
    • Environment:
      Am 6.0.0.3
      Agent 5.0.1
      Authn Tree
    • Target Version/s:
    • Sprint:
      2018.9 The Sphinx, 2018.11 - Fire
    • Support Ticket IDs:

      Description

      Bug description

      When using   tree-based auth with the Java Agents, it will give a401 error when trying to authenticate

      How to reproduce the issue

       

      1. Have the tree node with the following settings
      2. Then change Authentication->setting->administrator authentication configuration->tree authentication
      3. Save the changes
      4. Try authenticating
      Expected behaviour
      {..}
      
      Current behaviour
      In the browser, you will see the following error:                                401 Unauthorized HTTP/1.1More info about HTTP status codes
      
      In the debug logs we see this:                                                   
        >2018-08-08 10:10:57:545 AM EDT: http-nio-9090-exec-4/5/main:[abf97f20-ea5d-4b58-be4f-cf8274ab6416]
      ERROR: Caught policy exception while getting a policy decision for demo from the server:
      com.sun.identity.policy.PolicyException(1):Caught exception evaluating policy decision, Policy set iPlanetAMWebAgentService Realm /myrealm
      com.google.common.util.concurrent.UncheckedExecutionException(2):org.forgerock.sdk.com.google.inject.ProvisionException: Unable to provision, see the following errors:
      
      1) Error in custom provider, org.forgerock.openam.sdk.http.HttpException: Unable to authenticate: 401 Unauthorized: Login failure
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        while locating org.forgerock.openam.sdk.http.HttpSession
          for parameter 0 at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        while locating org.forgerock.openam.sdk.crest.CrestResourceProvider<org.forgerock.openam.sdk.domain.model.Policy> annotated with @org.forgerock.sdk.com.google.inject.name.Named(value=policyProvider)
          for parameter 0 at org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider.<init>(Unknown Source)
        while locating org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider
      
      1 error
      com.google.common.util.concurrent.UncheckedExecutionException: org.forgerock.sdk.com.google.inject.ProvisionException: Unable to provision, see the following errors:
      
      1) Error in custom provider, org.forgerock.openam.sdk.http.HttpException: Unable to authenticate: 401 Unauthorized: Login failure
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        while locating org.forgerock.openam.sdk.http.HttpSession
          for parameter 0 at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        while locating org.forgerock.openam.sdk.crest.CrestResourceProvider<org.forgerock.openam.sdk.domain.model.Policy> annotated with @org.forgerock.sdk.com.google.inject.name.Named(value=policyProvider)
          for parameter 0 at org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider.<init>(Unknown Source)
        while locating org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider
      
      1 error
              at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2217)
              at com.google.common.cache.LocalCache.get(LocalCache.java:4154)
              at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:5060)
              at org.forgerock.openam.agents.SDKCache.getRealmFor(SDKCache.java:62)
              at org.forgerock.openam.agents.PolicyDecisionDelegator.getResultsFromServerViaSDK(PolicyDecisionDelegator.java:385)
              at org.forgerock.openam.agents.PolicyDecisionDelegator.getPolicyDecisionFromServer(PolicyDecisionDelegator.java:169)
              at org.forgerock.openam.agents.PolicyDecisionDelegator.getPolicyDecision(PolicyDecisionDelegator.java:109)
              at com.sun.identity.agents.policy.AmWebPolicy.checkPolicyForResource(AmWebPolicy.java:164)
              at com.sun.identity.agents.filter.URLPolicyTaskHandler.process(URLPolicyTaskHandler.java:109)
              at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:193)
              at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:165)
              at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:77)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
              at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395)
              at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:177)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:748)
      Caused by: org.forgerock.sdk.com.google.inject.ProvisionException: Unable to provision, see the following errors:
      1) Error in custom provider, org.forgerock.openam.sdk.http.HttpException: Unable to authenticate: 401 Unauthorized: Login failure
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(Unknown Source)
        while locating org.forgerock.openam.sdk.http.HttpSession
          for parameter 0 at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        at org.forgerock.openam.sdk.controller.SDKGuiceModule.getCrestResourceProviderForPolicy(Unknown Source)
        while locating org.forgerock.openam.sdk.crest.CrestResourceProvider<org.forgerock.openam.sdk.domain.model.Policy> annotated with @org.forgerock.sdk.com.google.inject.name.Named(value=policyProvider)
          for parameter 0 at org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider.<init>(Unknown Source)
        while locating org.forgerock.openam.sdk.policy.operations.PolicyOperationsProvider
      
      1 error
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1025)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1051)
              at org.forgerock.openam.sdk.controller.AbstractRealm.<init>(AbstractRealm.java:44)
              at org.forgerock.openam.sdk.controller.Realm.<init>(Realm.java:618)
              at org.forgerock.openam.sdk.controller.SDK.getRealm(SDK.java:49)
              at org.forgerock.openam.agents.SDKCache.lambda$getRealmFor$0(SDKCache.java:72)
              at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:5065)
              at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3716)
              at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2424)
              at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2298)
              at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2211)
              ... 33 more
      Caused by: org.forgerock.openam.sdk.http.HttpException: Unable to authenticate: 401 Unauthorized: Login failure
              at org.forgerock.openam.sdk.http.AuthenticationErrorHandler.fail(AuthenticationErrorHandler.java:51)
              at org.forgerock.openam.sdk.http.AuthenticationErrorHandler.onClientError(AuthenticationErrorHandler.java:36)
              at org.forgerock.openam.sdk.http.HttpSessionImpl.handleUnsuccessfulResponse(HttpSessionImpl.java:271)
              at org.forgerock.openam.sdk.http.HttpSessionImpl.send(HttpSessionImpl.java:167)
              at org.forgerock.openam.sdk.http.RequestBuilder.post(RequestBuilder.java:196)
              at org.forgerock.openam.sdk.http.AuthenticatingCredentials.obtainSsoTokenId(AuthenticatingCredentials.java:31)
              at org.forgerock.openam.sdk.http.HttpSessionImpl.authenticate(HttpSessionImpl.java:107)
              at org.forgerock.openam.sdk.http.HttpSessionImpl.authenticate(HttpSessionImpl.java:96)
              at org.forgerock.openam.sdk.http.HttpSessionManager.getSession(HttpSessionManager.java:77)
              at org.forgerock.openam.sdk.controller.SDKGuiceModule.getHttpSession(SDKGuiceModule.java:102)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.forgerock.sdk.com.google.inject.internal.ProviderMethod$ReflectionProviderMethod.doProvision(ProviderMethod.java:299)
              at org.forgerock.sdk.com.google.inject.internal.ProviderMethod.get(ProviderMethod.java:172)
              at org.forgerock.sdk.com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:81)
              at org.forgerock.sdk.com.google.inject.internal.InternalFactoryToInitializableAdapter.provision(InternalFactoryToInitializableAdapter.java:53)
              at org.forgerock.sdk.com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:61)
              at org.forgerock.sdk.com.google.inject.internal.InternalFactoryToInitializableAdapter.get(InternalFactoryToInitializableAdapter.java:45)
              at org.forgerock.sdk.com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
              at org.forgerock.sdk.com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
              at org.forgerock.sdk.com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)
              at org.forgerock.sdk.com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
              at org.forgerock.sdk.com.google.inject.spi.ProviderLookup$1.get(ProviderLookup.java:104)
              at org.forgerock.sdk.com.google.inject.internal.ProviderMethod.get(ProviderMethod.java:167)
              at org.forgerock.sdk.com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:81)
              at org.forgerock.sdk.com.google.inject.internal.InternalFactoryToInitializableAdapter.provision(InternalFactoryToInitializableAdapter.java:53)
              at org.forgerock.sdk.com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:61)
              at org.forgerock.sdk.com.google.inject.internal.InternalFactoryToInitializableAdapter.get(InternalFactoryToInitializableAdapter.java:45)
              at org.forgerock.sdk.com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
              at org.forgerock.sdk.com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
              at org.forgerock.sdk.com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:104)
              at org.forgerock.sdk.com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85)
              at org.forgerock.sdk.com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
              at org.forgerock.sdk.com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
              ... 43 more
      
      >2018-08-08 10:10:57:546 AM EDT: http-nio-9090-exec-4/5/main:[abf97f20-ea5d-4b58-be4f-cf8274ab6416] 
      

      Work around

      None as of now

      C

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tony.bamford Tony Bamford
              Reporter:
              jobby.thomas Jobby Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: