shibboleth-dev - Re: [Shib-Dev] derefAliases broken in 2.2.x
Subject: Shibboleth Developers
List archive
- From: Dan McLaughlin <>
- To:
- Subject: Re: [Shib-Dev] derefAliases broken in 2.2.x
- Date: Wed, 8 Jun 2011 21:58:41 -0500
Here are the results with 3.3.2...
As long as I comment out the searchResultsHandlers you had me add,
then 3.3.2 works fine.
edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient
ldapUrl="ldap://ldap01:636";
ssl="true"
baseDn="T=MYBASEDN"
subtreeSearch="true"
derefAliases="never"
userFilter="(&(cn={0})(objectclass=person))";
//
searchResultHandlers="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler{{removeUrls=false}}";
21:52:44.258 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:133]
- Redirecting to login page /login.jsp
21:52:52.066 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:108]
- Attempting to retrieve IdP session cookie.
21:52:52.066 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:114]
- Found IdP session cookie.
21:52:52.066 - DEBUG
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:159]
- No session associated with session ID
NTUzNGEwY2RlYTA2ODY1YjZjOTMzNDU4ZmM5YTBkZTU5ZTljNThkYWQxMTlkNjEwMTYyMWJiMWY2Yzc1MmQ1Nw==
- session must have timed out
21:52:52.068 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:153]
- Attempting to authenticate user JDOE-C
21:52:52.078 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:138]
- Begin initialize
21:52:52.079 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:172]
- useFirstPass = false
21:52:52.079 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:173]
- tryFirstPass = false
21:52:52.079 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:174]
- storePass = false
21:52:52.079 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:175]
- setLdapPrincipal = true
21:52:52.079 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:176]
- setLdapDnPrincipal = false
21:52:52.080 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:177]
- setLdapCredential = true
21:52:52.080 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:178]
- defaultRole = []
21:52:52.080 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:179]
- principalGroupName = null
21:52:52.080 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:180]
- roleGroupName = null
21:52:52.080 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:77]
- userRoleAttribute = []
21:52:52.086 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: ONELEVEL
21:52:52.088 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:427] - setting
subtreeSearch: true
21:52:52.089 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: SUBTREE
21:52:52.089 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1370] - setting
baseDn: T=MYBASEDN
21:52:52.089 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1834] - setting ssl:
true
21:52:52.089 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1168] - setting
ldapUrl: ldap://ldap01:636
21:52:52.090 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1651] - setting
derefAliases: never
21:52:52.090 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:290] - setting
userFilter: (&(cn={0})(objectclass=person))
21:52:52.092 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83]
- Created authenticator:
edu.vt.middleware.ldap.auth.AuthenticatorConfig@19286893::env={java.naming.provider.url=ldap://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:52:52.093 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:368]
- Begin getCredentials
21:52:52.093 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:369]
- useFistPass = false
21:52:52.093 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:370]
- tryFistPass = false
21:52:52.093 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:371]
- useCallback = false
21:52:52.093 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:372]
- callbackhandler class =
javax.security.auth.login.LoginContext$SecureCallbackHandler
21:52:52.094 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:375]
- name callback class = javax.security.auth.callback.NameCallback
21:52:52.094 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:377]
- password callback class =
javax.security.auth.callback.PasswordCallback
21:52:52.095 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:102] - Looking up DN
using userFilter
21:52:52.096 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:193] - Search with the
following parameters:
21:52:52.096 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:194] - dn = T=MYBASEDN
21:52:52.096 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:195] - filter =
(&(cn={0})(objectclass=person))
21:52:52.097 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:196] - filterArgs =
[JDOE-C]
21:52:52.097 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:197] - searchControls
=
javax.naming.directory.SearchControls@1380be8
21:52:52.097 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:198] - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@95ec91]
21:52:52.097 - TRACE
[edu.vt.middleware.ldap.auth.SearchDnResolver:200] - config =
{java.naming.provider.url=ldap://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:52:52.098 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFAULT
21:52:52.098 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
setting connectionRetryExceptions: [class
javax.naming.NamingException]
21:52:52.098 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {0}
Attempting connection to ldap://ldap01:636 for strategy DEFAULT
21:52:52.098 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
with the following parameters:
21:52:52.099 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
21:52:52.099 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
null
21:52:52.099 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
21:52:52.099 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://ldap01:636,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:52:52.346 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFAULT
21:52:52.346 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
setting connectionRetryExceptions: [class
javax.naming.NamingException]
21:52:52.347 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {1}
Attempting connection to ldap://ldap01:636 for strategy DEFAULT
21:52:52.347 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
with the following parameters:
21:52:52.347 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
21:52:52.347 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
cn=JDOE-C,ou=FOO,ou=BAR,o=DIV
21:52:52.348 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
21:52:52.348 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://ldap01:636,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:52:52.572 - INFO
[edu.vt.middleware.ldap.jaas.JaasAuthenticator:176] - Authentication
succeeded for dn: cn=JDOE-C,ou=FOO,ou=BAR,o=DIV
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:102] - Looking up DN
using userFilter
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:193] - Search with the
following parameters:
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:194] - dn = T=MYBASEDN
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:195] - filter =
(&(cn={0})(objectclass=person))
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:196] - filterArgs =
[JDOE-C]
21:52:52.580 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:197] - searchControls
=
javax.naming.directory.SearchControls@1676b1e
21:52:52.581 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:198] - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@95ec91]
21:52:52.581 - TRACE
[edu.vt.middleware.ldap.auth.SearchDnResolver:200] - config =
{java.naming.provider.url=ldap://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:52:52.594 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:199]
- Begin commit
21:52:52.594 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:207]
- Committed the following principals: [JDOE-C[]]
21:52:52.594 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:213]
- Committed the following roles: []
21:52:52.595 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:161]
- Successfully authenticated user JDOE-C
21:52:52.597 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:143]
- Returning control to authentication engine
21:52:52.597 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
Looking up LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.597 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
Retrieved LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.597 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:201]
- Processing incoming request
21:52:52.598 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
Looking up LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.598 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
Retrieved LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.598 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:509]
- Completing user authentication process
21:52:52.598 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:576]
- Validating authentication was performed successfully
21:52:52.598 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:681]
- Updating session information for principal JDOE-C
21:52:52.598 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:685]
- Creating shibboleth session for principal JDOE-C
21:52:52.601 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl:97]
- Created session
93b138564b63f5786b7e0e0918ac065116310355028e9253b4728ff290eae1df
21:52:52.601 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:791]
- Adding IdP session cookie to HTTP response
21:52:52.602 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:700]
- Recording authentication and service information in Shibboleth
session for principal: JDOE-C
21:52:52.603 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl:172]
- Added index JDOE-C to session
93b138564b63f5786b7e0e0918ac065116310355028e9253b4728ff290eae1df
21:52:52.604 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:551]
- User JDOE-C authenticated with method
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
21:52:52.604 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:160]
- Returning control to profile handler
21:52:52.605 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
Looking up LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.605 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
Retrieved LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.605 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:169]
- Redirecting user to profile handler at
https://www.mydomain.com:443/idp/profile/SAML2/Redirect/SSO
21:52:52.780 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:108]
- Attempting to retrieve IdP session cookie.
21:52:52.781 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:114]
- Found IdP session cookie.
21:52:52.781 - TRACE
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:74]
- Updating IdP session activity time and adding session object to the
request
21:52:52.781 - INFO [Shibboleth-Access:73] -
20110609T025252Z|144.45.7.139|www.mydomain.com:443|/profile/SAML2/Redirect/SSO|
21:52:52.782 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:85]
- shibboleth.HandlerManager: Looking up profile handler for request
path: /SAML2/Redirect/SSO
21:52:52.782 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:96]
- shibboleth.HandlerManager: Located profile handler of the following
type for the request path:
edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
21:52:52.782 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
Looking up LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.782 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
Retrieved LoginContext with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc
from StorageService parition: loginContexts
21:52:52.782 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:162]
- Incoming request contains a login context, processing as second leg
of request
21:52:52.782 - DEBUG
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:571] -
Unbinding LoginContext
21:52:52.783 - DEBUG
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:597] -
Expiring LoginContext cookie
21:52:52.783 - DEBUG
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:606] -
Removing LoginContext, with key 82a67795-fd9c-4dd3-8ec4-c84bcbb544bc,
from StorageService partition loginContexts
21:52:52.783 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:126]
- Looking up relying party configuration for
https://www.mydomain.com/shibboleth
21:52:52.783 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:132]
- No custom relying party configuration found for
https://www.mydomain.com/shibboleth, looking up configuration based on
metadata groups.
21:52:52.784 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:155]
- No custom or group-based relying party configuration found for
https://www.mydomain.com/shibboleth. Using default relying party
configuration.
21:52:52.788 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:471]
- Resolving attributes for principal 'JDOE-C' for SAML request from
relying party 'https://www.mydomain.com/shibboleth'
21:52:52.791 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:118]
- shibboleth.AttributeResolver resolving attributes for principal
JDOE-C
21:52:52.791 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:274]
- Specific attributes for principal JDOE-C were not requested,
resolving all attributes.
21:52:52.791 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:313]
- Resolving attribute email for principal JDOE-C
21:52:52.792 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:353]
- Resolving data connector NOVELLEDIR for principal JDOE-C
21:52:52.793 - TRACE
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine:113]
- Populating velocity context
21:52:52.796 - TRACE
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine:87]
- Populating the following shibboleth.resolver.dc.NOVELLEDIR template
21:52:52.812 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:307]
- Search filter: (&(cn=JDOE-C)(objectclass=person))
21:52:52.812 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:362]
- LDAP data connector NOVELLEDIR - Retrieving attributes from LDAP
21:52:52.812 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: ACTIVE_PASSIVE
21:52:52.812 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
setting connectionRetryExceptions: [class
javax.naming.NamingException]
21:52:52.812 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {1}
Attempting connection to ldaps://ldap01:636 for strategy
ACTIVE_PASSIVE
21:52:52.813 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
with the following parameters:
21:52:52.813 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
21:52:52.813 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
null
21:52:52.813 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
21:52:52.813 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldaps://ldap01:636,
java.naming.ldap.derefAliases=never,
java.naming.ldap.attributes.binary=GUID}
21:52:53.033 - DEBUG [edu.vt.middleware.ldap.Ldap:193] - Search with
the following parameters:
21:52:53.034 - DEBUG [edu.vt.middleware.ldap.Ldap:194] - dn = T=MYBASEDN
21:52:53.034 - DEBUG [edu.vt.middleware.ldap.Ldap:195] - filter =
(&(cn=JDOE-C)(objectclass=person))
21:52:53.034 - DEBUG [edu.vt.middleware.ldap.Ldap:196] - filterArgs = []
21:52:53.034 - DEBUG [edu.vt.middleware.ldap.Ldap:197] -
searchControls =
javax.naming.directory.SearchControls@189f687
21:52:53.034 - DEBUG [edu.vt.middleware.ldap.Ldap:198] - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@47efe7,
edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler@d7373f,
edu.vt.middleware.ldap.handler.BinarySearchResultHandler@16c3396]
21:52:53.034 - TRACE [edu.vt.middleware.ldap.Ldap:200] - config =
{java.naming.provider.url=ldaps://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.ldap.attributes.binary=GUID}
21:52:53.052 - TRACE
[edu.vt.middleware.ldap.pool.DefaultLdapFactory:123] - destroyed ldap
object:
edu.vt.middleware.ldap.Ldap@22015903::config=edu.vt.middleware.ldap.LdapConfig@27723935::env={java.naming.provider.url=ldaps://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.ldap.attributes.binary=GUID}
But 3.3.2 with the searchResultHandlers setting fails the same as it
did on 3.3.3...
edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient
ldapUrl="ldap://ldap01:636";
ssl="true"
baseDn="T=MYBASEDN"
subtreeSearch="true"
derefAliases="never"
userFilter="(&(cn={0})(objectclass=person))"
searchResultHandlers="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler{{removeUrls=false}}";
21:47:05.687 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:138]
- Begin initialize
21:47:05.687 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:172]
- useFirstPass = false
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:173]
- tryFirstPass = false
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:174]
- storePass = false
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:175]
- setLdapPrincipal = true
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:176]
- setLdapDnPrincipal = false
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:177]
- setLdapCredential = true
21:47:05.688 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:178]
- defaultRole = []
21:47:05.689 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:179]
- principalGroupName = null
21:47:05.689 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:180]
- roleGroupName = null
21:47:05.689 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:77]
- userRoleAttribute = []
21:47:05.694 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: ONELEVEL
21:47:05.699 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1683] - setting
searchResultsHandlers:
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@1f18776]
21:47:05.699 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:427] - setting
subtreeSearch: true
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
searchScope: SUBTREE
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1370] - setting
baseDn: T=MYBASEDN
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1834] - setting ssl:
true
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1168] - setting
ldapUrl: ldap://ldap01:636
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:1651] - setting
derefAliases: never
21:47:05.700 - TRACE
[edu.vt.middleware.ldap.auth.AuthenticatorConfig:290] - setting
userFilter: (&(cn={0})(objectclass=person))
21:47:05.702 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83]
- Created authenticator:
edu.vt.middleware.ldap.auth.AuthenticatorConfig@28985299::env={java.naming.provider.url=ldap://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:47:05.702 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:368]
- Begin getCredentials
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:369]
- useFistPass = false
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:370]
- tryFistPass = false
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:371]
- useCallback = false
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:372]
- callbackhandler class =
javax.security.auth.login.LoginContext$SecureCallbackHandler
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:375]
- name callback class = javax.security.auth.callback.NameCallback
21:47:05.703 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:377]
- password callback class =
javax.security.auth.callback.PasswordCallback
21:47:05.704 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:102] - Looking up DN
using userFilter
21:47:05.705 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:193] - Search with the
following parameters:
21:47:05.705 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:194] - dn = T=MYBASEDN
21:47:05.705 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:195] - filter =
(&(cn={0})(objectclass=person))
21:47:05.705 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:196] - filterArgs =
[jdoe-c]
21:47:05.705 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:197] - searchControls
=
javax.naming.directory.SearchControls@8aedb7
21:47:05.706 - DEBUG
[edu.vt.middleware.ldap.auth.SearchDnResolver:198] - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@1f18776]
21:47:05.706 - TRACE
[edu.vt.middleware.ldap.auth.SearchDnResolver:200] - config =
{java.naming.provider.url=ldap://ldap01:636,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:47:05.706 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFAULT
21:47:05.706 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
setting connectionRetryExceptions: [class
javax.naming.NamingException]
21:47:05.706 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {0}
Attempting connection to ldap://ldap01:636 for strategy DEFAULT
21:47:05.707 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
with the following parameters:
21:47:05.707 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
21:47:05.707 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
null
21:47:05.707 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
21:47:05.707 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://ldap01:636,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:47:05.964 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
connectionStrategy: DEFAULT
21:47:05.965 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
setting connectionRetryExceptions: [class
javax.naming.NamingException]
21:47:05.966 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {1}
Attempting connection to ldap://ldap01:636 for strategy DEFAULT
21:47:05.966 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
with the following parameters:
21:47:05.966 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
authtype = simple
21:47:05.966 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
ldap://ldap01:636/cn=jdoe-c,ou=FOO,ou=BAR,o=DIV
21:47:05.966 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
credential = <suppressed>
21:47:05.966 - TRACE
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://ldap01:636,
java.naming.ldap.derefAliases=never,
java.naming.security.protocol=ssl}
21:47:06.193 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:163] - Error
connecting to LDAP URL: ldap://ldap01:636
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2982)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703) ~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) ~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
~[na:1.6.0_24]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
~[na:1.6.0_24]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
~[na:1.6.0_24]
at javax.naming.InitialContext.init(InitialContext.java:223)
~[na:1.6.0_24]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
~[na:1.6.0_24]
at
edu.vt.middleware.ldap.handler.DefaultConnectionHandler.connectInternal(DefaultConnectionHandler.java:102)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.handler.BindAuthenticationHandler.authenticate(BindAuthenticationHandler.java:53)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthorize(AbstractAuthenticator.java:174)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
[vt-ldap-3.3.2.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.6.0_24]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
~[na:1.6.0_24]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
~[na:1.6.0_24]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
[na:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
[na:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method)
[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[na:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
[na:1.6.0_24]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
[shibboleth-identityprovider-2.3.0.jar:na]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
[shibboleth-identityprovider-2.3.0.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
[shibboleth-common-1.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[catalina.jar:6.0.32]
at
com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
[tomcat60adaptor-2.2.1.jar:2.2.1]
at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:6.0.32]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
[catalina.jar:6.0.32]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
[catalina.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
[tomcat-coyote.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
[tomcat-coyote.jar:6.0.32]
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
[tomcat-coyote.jar:6.0.32]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
21:47:06.194 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164]
- Error occured attempting authentication
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2982)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703) ~[na:1.6.0_24]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) ~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
~[na:1.6.0_24]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
~[na:1.6.0_24]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
~[na:1.6.0_24]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
~[na:1.6.0_24]
at javax.naming.InitialContext.init(InitialContext.java:223)
~[na:1.6.0_24]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
~[na:1.6.0_24]
at
edu.vt.middleware.ldap.handler.DefaultConnectionHandler.connectInternal(DefaultConnectionHandler.java:102)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.handler.BindAuthenticationHandler.authenticate(BindAuthenticationHandler.java:53)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthorize(AbstractAuthenticator.java:174)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
~[vt-ldap-3.3.2.jar:na]
at
edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
~[vt-ldap-3.3.2.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.6.0_24]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
~[na:1.6.0_24]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
~[na:1.6.0_24]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
[na:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
[na:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method)
[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[na:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
[na:1.6.0_24]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
[shibboleth-identityprovider-2.3.0.jar:na]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
[shibboleth-identityprovider-2.3.0.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
[shibboleth-common-1.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[catalina.jar:6.0.32]
at
com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
[tomcat60adaptor-2.2.1.jar:2.2.1]
at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:6.0.32]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
[catalina.jar:6.0.32]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
[catalina.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
[tomcat-coyote.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
[tomcat-coyote.jar:6.0.32]
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
[tomcat-coyote.jar:6.0.32]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
21:47:06.195 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:248]
- Begin abort
21:47:06.195 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:260]
- Begin logout
21:47:06.200 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:176]
- User authentication for jdoe-c failed
javax.security.auth.login.LoginException: [LDAP: error code 34 -
Invalid DN Syntax]
at
edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:167)
~[vt-ldap-3.3.2.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.6.0_24]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
~[na:1.6.0_24]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
~[na:1.6.0_24]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
~[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
~[na:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
~[na:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method)
~[na:1.6.0_24]
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
~[na:1.6.0_24]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
[shibboleth-identityprovider-2.3.0.jar:na]
at
edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
[shibboleth-identityprovider-2.3.0.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
[shibboleth-identityprovider-2.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
[shibboleth-common-1.3.0.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[catalina.jar:6.0.32]
at
com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
[tomcat60adaptor-2.2.1.jar:2.2.1]
at
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
[catalina-ha.jar:6.0.32]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:6.0.32]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:6.0.32]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
[catalina.jar:6.0.32]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
[catalina.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
[tomcat-coyote.jar:6.0.32]
at
org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
[tomcat-coyote.jar:6.0.32]
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
[tomcat-coyote.jar:6.0.32]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
21:47:06.200 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
Looking up LoginContext with key a9a51bed-e5da-46ba-a7ce-b354a0891611
from StorageService parition: loginContexts
21:47:06.200 - TRACE
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
Retrieved LoginContext with key a9a51bed-e5da-46ba-a7ce-b354a0891611
from StorageService parition: loginContexts
21:47:06.201 - DEBUG
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:133]
- Redirecting to login page /login.jsp
--
Thanks,
Dan McLaughlin
NOTICE: This e-mail message and all attachments transmitted with it
are for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is strictly prohibited. The contents of
this e-mail are confidential and may be subject to work product
privileges. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
On Wed, Jun 8, 2011 at 8:56 PM, Daniel Fisher
<>
wrote:
>
> Hmmm....ok now now use the same jaas config with vt-ldap 3.3.2.
> Thanks for indulging me on all these tests.
>
> --Daniel Fisher
>
> On Wed, Jun 8, 2011 at 9:41 PM, Dan McLaughlin
> <>
> wrote:
> > 20:35:36.857 - TRACE
> > [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:108]
> > - Attempting to retrieve IdP session cookie.
> > 20:35:36.858 - DEBUG
> > [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:153]
> > - Attempting to authenticate user jdoe-c
> > 20:35:36.858 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:144]
> > - Begin initialize
> > 20:35:36.858 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:180]
> > - useFirstPass = false
> > 20:35:36.858 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:181]
> > - tryFirstPass = false
> > 20:35:36.858 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:182]
> > - storePass = false
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:183]
> > - clearPass = false
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:184]
> > - setLdapPrincipal = true
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:185]
> > - setLdapDnPrincipal = false
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:186]
> > - setLdapCredential = true
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:187]
> > - defaultRole = []
> > 20:35:36.859 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:188]
> > - principalGroupName = null
> > 20:35:36.860 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:189]
> > - roleGroupName = null
> > 20:35:36.860 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:77]
> > - userRoleAttribute = []
> > 20:35:36.860 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
> > searchScope: ONELEVEL
> > 20:35:36.861 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1683] - setting
> > searchResultsHandlers:
> > [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@74f334]
> > 20:35:36.861 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:427] - setting
> > subtreeSearch: true
> > 20:35:36.861 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1385] - setting
> > searchScope: SUBTREE
> > 20:35:36.861 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1370] - setting
> > baseDn: T=MAYBASEDN
> > 20:35:36.862 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1834] - setting ssl:
> > true
> > 20:35:36.862 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1168] - setting
> > ldapUrl: ldap://ldap01:636
> > 20:35:36.862 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1651] - setting
> > derefAliases: never
> > 20:35:36.862 - TRACE
> > [edu.vt.middleware.ldap.auth.AuthenticatorConfig:290] - setting
> > userFilter: (&(cn={0})(objectclass=person))
> > 20:35:36.862 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:83]
> > - Created authenticator:
> > edu.vt.middleware.ldap.auth.AuthenticatorConfig@718554::env={java.naming.provider.url=ldap://ldap01:636,
> > java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> > java.naming.ldap.derefAliases=never,
> > java.naming.security.protocol=ssl}
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:412]
> > - Begin getCredentials
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:413]
> > - useFistPass = false
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:414]
> > - tryFistPass = false
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:415]
> > - useCallback = false
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:416]
> > - callbackhandler class =
> > javax.security.auth.login.LoginContext$SecureCallbackHandler
> > 20:35:36.863 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:419]
> > - name callback class = javax.security.auth.callback.NameCallback
> > 20:35:36.864 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:421]
> > - password callback class =
> > javax.security.auth.callback.PasswordCallback
> > 20:35:36.864 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:102] - Looking up DN
> > using userFilter
> > 20:35:36.864 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:193] - Search with the
> > following parameters:
> > 20:35:36.864 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:194] - dn =
> > T=MAYBASEDN
> > 20:35:36.864 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:195] - filter =
> > (&(cn={0})(objectclass=person))
> > 20:35:36.865 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:196] - filterArgs =
> > [jdoe-c]
> > 20:35:36.865 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:197] - searchControls
> > =
> > javax.naming.directory.SearchControls@1d47ef4
> > 20:35:36.865 - DEBUG
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:198] - handler =
> > [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@74f334]
> > 20:35:36.865 - TRACE
> > [edu.vt.middleware.ldap.auth.SearchDnResolver:200] - config =
> > {java.naming.provider.url=ldap://ldap01:636,
> > java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> > java.naming.ldap.derefAliases=never,
> > java.naming.security.protocol=ssl}
> > 20:35:36.865 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
> > connectionStrategy: DEFAULT
> > 20:35:36.865 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
> > setting connectionRetryExceptions: [class
> > javax.naming.NamingException]
> > 20:35:36.866 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {0}
> > Attempting connection to ldap://ldap01:636 for strategy DEFAULT
> > 20:35:36.866 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
> > with the following parameters:
> > 20:35:36.866 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
> > authtype = simple
> > 20:35:36.866 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
> > null
> > 20:35:36.866 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
> > credential = <suppressed>
> > 20:35:36.867 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
> > {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> > java.naming.provider.url=ldap://ldap01:636,
> > java.naming.ldap.derefAliases=never,
> > java.naming.security.protocol=ssl}
> > 20:35:37.120 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:93] - setting
> > connectionStrategy: DEFAULT
> > 20:35:37.121 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:110] -
> > setting connectionRetryExceptions: [class
> > javax.naming.NamingException]
> > 20:35:37.121 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:152] - {1}
> > Attempting connection to ldap://ldap01:636 for strategy DEFAULT
> > 20:35:37.121 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind
> > with the following parameters:
> > 20:35:37.122 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -
> > authtype = simple
> > 20:35:37.122 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - dn =
> > ldap:
> > 20:35:37.122 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -
> > credential = <suppressed>
> > 20:35:37.122 - TRACE
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] - env =
> > {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> > java.naming.provider.url=ldap://ldap01:636,
> > java.naming.ldap.derefAliases=never,
> > java.naming.security.protocol=ssl}
> >
> > 20:35:37.339 - DEBUG
> > [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:163] - Error
> > connecting to LDAP URL: ldap://ldap01:636
> > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN
> > Syntax]
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2982)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> > ~[na:1.6.0_24]
> > at javax.naming.InitialContext.init(InitialContext.java:223)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
> > ~[na:1.6.0_24]
> > at
> > edu.vt.middleware.ldap.handler.DefaultConnectionHandler.connectInternal(DefaultConnectionHandler.java:102)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.handler.BindAuthenticationHandler.authenticate(BindAuthenticationHandler.java:53)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthorize(AbstractAuthenticator.java:174)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
> > [vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
> > [vt-ldap-3.3.3.jar:na]
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > ~[na:1.6.0_24]
> > at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> > [na:1.6.0_24]
> > at java.security.AccessController.doPrivileged(Native Method)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> > [na:1.6.0_24]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> > [servlet-api.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
> > [shibboleth-common-1.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > [catalina.jar:6.0.32]
> > at
> > com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
> > [tomcat60adaptor-2.2.1.jar:2.2.1]
> > at
> > org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
> > [tomcat-coyote.jar:6.0.32]
> > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
> > 20:35:37.340 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164]
> > - Error occured attempting authentication
> > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN
> > Syntax]
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2982)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
> > ~[na:1.6.0_24]
> > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> > ~[na:1.6.0_24]
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> > ~[na:1.6.0_24]
> > at javax.naming.InitialContext.init(InitialContext.java:223)
> > ~[na:1.6.0_24]
> > at
> > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
> > ~[na:1.6.0_24]
> > at
> > edu.vt.middleware.ldap.handler.DefaultConnectionHandler.connectInternal(DefaultConnectionHandler.java:102)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:156)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.handler.BindAuthenticationHandler.authenticate(BindAuthenticationHandler.java:53)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthorize(AbstractAuthenticator.java:174)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
> > ~[vt-ldap-3.3.3.jar:na]
> > at
> > edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
> > ~[vt-ldap-3.3.3.jar:na]
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > ~[na:1.6.0_24]
> > at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> > [na:1.6.0_24]
> > at java.security.AccessController.doPrivileged(Native Method)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> > [na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> > [na:1.6.0_24]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> > [servlet-api.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
> > [shibboleth-common-1.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > [catalina.jar:6.0.32]
> > at
> > com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
> > [tomcat60adaptor-2.2.1.jar:2.2.1]
> > at
> > org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
> > [tomcat-coyote.jar:6.0.32]
> > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
> > 20:35:37.341 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:264]
> > - Begin abort
> > 20:35:37.342 - DEBUG
> > [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:176]
> > - User authentication for jdoe-c failed
> > javax.security.auth.login.LoginException: [LDAP: error code 34 -
> > Invalid DN Syntax]
> > at
> > edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:167)
> > ~[vt-ldap-3.3.3.jar:na]
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > ~[na:1.6.0_24]
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > ~[na:1.6.0_24]
> > at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> > ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> > ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> > ~[na:1.6.0_24]
> > at java.security.AccessController.doPrivileged(Native Method)
> > ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> > ~[na:1.6.0_24]
> > at
> > javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> > ~[na:1.6.0_24]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> > [servlet-api.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
> > [shibboleth-identityprovider-2.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
> > [shibboleth-common-1.3.0.jar:na]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > [catalina.jar:6.0.32]
> > at
> > com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
> > [tomcat60adaptor-2.2.1.jar:2.2.1]
> > at
> > org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
> > [catalina-ha.jar:6.0.32]
> > at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> > [catalina.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
> > [tomcat-coyote.jar:6.0.32]
> > at
> > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
> > [tomcat-coyote.jar:6.0.32]
> > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
> > 20:35:37.344 - TRACE
> > [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
> > Looking up LoginContext with key c9f9399e-104b-4ede-a584-e22b60591e5d
> > from StorageService parition: loginContexts
> > 20:35:37.344 - TRACE
> > [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
> > Retrieved LoginContext with key c9f9399e-104b-4ede-a584-e22b60591e5d
> > from StorageService parition: loginContexts
> > 20:35:37.344 - DEBUG
> > [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:133]
> > - Redirecting to login page /login.jsp
> >
> >
> > --
> >
> > Thanks,
> >
> > Dan McLaughlin
> >
> >
> > NOTICE: This e-mail message and all attachments transmitted with it
> > are for the sole use of the intended recipient(s) and may contain
> > confidential and privileged information. Any unauthorized review, use,
> > disclosure or distribution is strictly prohibited. The contents of
> > this e-mail are confidential and may be subject to work product
> > privileges. If you are not the intended recipient, please contact the
> > sender by reply e-mail and destroy all copies of the original message.
> >
> >
> >
> >
> > On Wed, Jun 8, 2011 at 8:21 PM, Daniel Fisher
> > <>
> > wrote:
> >> Try adding this to your jaas config:
> >>
> >> searchResultHandlers="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler{{removeUrls=false}}"
> >>
> >> and then post your logs.
> >>
> >> --Daniel Fisher
> >>
> >> On Wed, Jun 8, 2011 at 8:31 PM, Dan McLaughlin
> >> <>
> >> wrote:
> >>> After enabling DEBUG for shibboleth I'm seeing another exception that
> >>> only shows up if DEBUG logging is enabled... I've been stepping
> >>> through the code with a debugger and I keep seeing it loop through
> >>> readCompositeName multiple times returning the string "ldap:" for name
> >>> (line 109) over and over again. This code is all new to me, so I'm
> >>> still trying to make since of what's going on. Does any of this make
> >>> since to you?
> >>>
> >>> 19:19:30.237 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:264]
> >>> - Begin abort
> >>> 19:19:30.301 - DEBUG
> >>> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:176]
> >>> - User authentication for joe-c failed
> >>> javax.security.auth.login.LoginException:
> >>> java.lang.IllegalArgumentException
> >>> at java.net.URI.create(URI.java:842)
> >>> at
> >>> edu.vt.middleware.ldap.handler.FqdnSearchResultHandler.processDn(FqdnSearchResultHandler.java:80)
> >>> at
> >>> edu.vt.middleware.ldap.handler.CopySearchResultHandler.processResult(CopySearchResultHandler.java:64)
> >>> at
> >>> edu.vt.middleware.ldap.handler.CopySearchResultHandler.processResult(CopySearchResultHandler.java:27)
> >>> at
> >>> edu.vt.middleware.ldap.handler.AbstractResultHandler.process(AbstractResultHandler.java:84)
> >>> at
> >>> edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:231)
> >>> at
> >>> edu.vt.middleware.ldap.auth.SearchDnResolver.resolve(SearchDnResolver.java:139)
> >>> at
> >>> edu.vt.middleware.ldap.auth.Authenticator.getDn(Authenticator.java:106)
> >>> at
> >>> edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
> >>> at
> >>> edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
> >>> at
> >>> edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
> >>> at
> >>> edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
> >>> at
> >>> edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>> at
> >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> >>> at
> >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> >>> at java.lang.reflect.Method.invoke(Method.java:597)
> >>> at
> >>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> >>> at
> >>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> >>> at
> >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> >>> at java.security.AccessController.doPrivileged(Native Method)
> >>> at
> >>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> >>> at
> >>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
> >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>> edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> >>> at
> >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> >>> at
> >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >>> at
> >>> com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
> >>> at
> >>> org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
> >>> at
> >>> org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
> >>> at
> >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >>> at
> >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >>> at
> >>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
> >>> at
> >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> >>> at
> >>> org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
> >>> at
> >>> org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
> >>> at
> >>> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
> >>> at java.lang.Thread.run(Thread.java:662)
> >>> Caused by: java.net.URISyntaxException: Expected scheme-specific part
> >>> at index 5: ldap:
> >>> at java.net.URI$Parser.fail(URI.java:2809)
> >>> at java.net.URI$Parser.failExpecting(URI.java:2815)
> >>> at java.net.URI$Parser.parse(URI.java:3018)
> >>> at java.net.URI.<init>(URI.java:578)
> >>> at java.net.URI.create(URI.java:840)
> >>> ... 50 more
> >>>
> >>> at
> >>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
> >>> ~[na:1.6.0_24]
> >>> at
> >>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> >>> ~[na:1.6.0_24]
> >>> at
> >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> >>> ~[na:1.6.0_24]
> >>> at java.security.AccessController.doPrivileged(Native Method)
> >>> ~[na:1.6.0_24]
> >>> at
> >>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> >>> ~[na:1.6.0_24]
> >>> at
> >>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> >>> ~[na:1.6.0_24]
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:160)
> >>> [shibboleth-identityprovider-2.3.0.jar:na]
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:106)
> >>> [shibboleth-identityprovider-2.3.0.jar:na]
> >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> >>> [servlet-api.jar:na]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49)
> >>> [shibboleth-identityprovider-2.3.0.jar:na]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80)
> >>> [shibboleth-identityprovider-2.3.0.jar:na]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
> >>> [shibboleth-common-1.3.0.jar:na]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
> >>> [tomcat60adaptor-2.2.1.jar:2.2.1]
> >>> at
> >>> org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227)
> >>> [catalina-ha.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
> >>> [catalina-ha.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:647)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> >>> [catalina.jar:6.0.32]
> >>> at
> >>> org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:429)
> >>> [tomcat-coyote.jar:6.0.32]
> >>> at
> >>> org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
> >>> [tomcat-coyote.jar:6.0.32]
> >>> at
> >>> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665)
> >>> [tomcat-coyote.jar:6.0.32]
> >>> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
> >>> 19:19:30.302 - TRACE
> >>> [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:332] -
> >>> Looking up LoginContext with key 31608d9c-762f-4830-a836-2555b6e24cc9
> >>> from StorageService parition: loginContexts
> >>> 19:19:30.302 - TRACE
> >>> [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:338] -
> >>> Retrieved LoginContext with key 31608d9c-762f-4830-a836-2555b6e24cc9
> >>> from StorageService parition: loginContexts
> >>> 19:19:30.303 - DEBUG
> >>> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:133]
> >>> - Redirecting to login page /login.jsp
> >>> 19:21:45.381 - TRACE [edu.vt.middleware.ldap.jaas.LdapLoginModule:264]
> >>> - Begin abort
> >>>
> >>>
> >>> --
> >>>
> >>> Thanks,
> >>>
> >>> Dan McLaughlin
> >>>
> >>> NOTICE: This e-mail message and all attachments transmitted with it
> >>> are for the sole use of the intended recipient(s) and may contain
> >>> confidential and privileged information. Any unauthorized review, use,
> >>> disclosure or distribution is strictly prohibited. The contents of
> >>> this e-mail are confidential and may be subject to work product
> >>> privileges. If you are not the intended recipient, please contact the
> >>> sender by reply e-mail and destroy all copies of the original message.
> >>>
> >>>
> >>>
> >>> On Wed, Jun 8, 2011 at 5:41 PM, Dan McLaughlin
> >>> <>
> >>> wrote:
> >>>> You are correct that FqdnSearchResultHandler.java should have nothing
> >>>> to do with the credential exception. Unless there is an exception
> >>>> being swallowed somewhere. My theory until I have a second to step
> >>>> through it with the debugger is that there is some other exception
> >>>> that occurs in FqdnSearchResultHandler.java when it is trying to read
> >>>> the composite name that is eating an exception and things eventually
> >>>> bubble up as a missing credential exception.
> >>>>
> >>>> --
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Dan McLaughlin
> >>>>
> >>>>
> >>>> NOTICE: This e-mail message and all attachments transmitted with it
> >>>> are for the sole use of the intended recipient(s) and may contain
> >>>> confidential and privileged information. Any unauthorized review, use,
> >>>> disclosure or distribution is strictly prohibited. The contents of
> >>>> this e-mail are confidential and may be subject to work product
> >>>> privileges. If you are not the intended recipient, please contact the
> >>>> sender by reply e-mail and destroy all copies of the original message.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Wed, Jun 8, 2011 at 11:11 AM, Daniel Fisher
> >>>> <>
> >>>> wrote:
> >>>>> On Wed, Jun 8, 2011 at 2:07 AM, Dan McLaughlin
> >>>>> <>
> >>>>> wrote:
> >>>>>> Hi Daniel,
> >>>>>>
> >>>>>> What allowed me to get past the invalid credential error in vt-ldap
> >>>>>> 3.3.3 was to revert...
> >>>>>>
> >>>>>
> >>>>> This change has nothing to do with the credential (password). If
> >>>>> you're seeing that error the password is either null or empty.
> >>>>>
> >>>>>> "1877 4/5/11 9:42 AM 4 dfisher SearchResult#getName()
> >>>>>> returns a string
> >>>>>> representing a composite name, not necessarily an LDAP DN. Use a
> >>>>>> CompositeName to parse it correctly. Add test case for entries with
> >>>>>> special characters. Fixes vt-ldap 109."
> >>>>>>
> >>>>>> There was a problem parsing the fqdn url and then things died from
> >>>>>> there... I didn't spend too much time trying to figure out why b/c I
> >>>>>> have to get IdP 2.3.0 up and running by the morning.
> >>>>>
> >>>>> Died how? Was there an exception? Post the trace log and I'll try to
> >>>>> decipher it.
> >>>>>
> >>>>> --Daniel Fisher
> >>>>>
> >>>>
> >>>
> >>
> >
- Re: [Shib-Dev] derefAliases broken in 2.2.x, (continued)
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/07/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/07/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/07/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/07/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/08/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/09/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/09/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Dan McLaughlin, 06/09/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/09/2011
- Re: [Shib-Dev] derefAliases broken in 2.2.x, Daniel Fisher, 06/21/2011
Archive powered by MHonArc 2.6.16.