SSO with Portal NUXEO LTS 2019

We implemented the authentication “SSO with Portal” as detailed in the documentation step by step but it is as if our configuration file is inconsiderate by the server however in the logs of the server when doing deploy in the same figure the file * -config.xml that we have created and also records appear where it says that the PORTAL_AUTH was registered and merged.

2019-06-17T13:40:13,788 DEBUG [main] [org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService] New authentication chain powered by service:org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig
2019-06-17T13:40:13,788 DEBUG [main] [org.nuxeo.runtime.model.ComponentManager] Component activated: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config
2019-06-17T13:40:13,788 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Register contributed extension: ExtensionImpl {target: service:org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService, point:authenticators, contributor:RegistrationInfo: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config}
2019-06-17T13:40:13,788 DEBUG [main] [org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService] merged AuthenticationPluginDescriptor: PORTAL_AUTH
```
2019-06-26T11:35:41,208 DEBUG [main] [org.nuxeo.runtime.model.ComponentManager] Component deactivated: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config
2019-06-26T11:43:17,272 INFO  [main] [org.nuxeo.osgi.BundleRegistry] Registering resolved bundle: org.nuxeo.ecm.platform.login.portal
2019-06-26T11:43:17,488 DEBUG [main] [org.nuxeo.runtime.model.impl.DefaultRuntimeContext] Deploying component from url file:/var/lib/nuxeo/server/nxserver/config/sso-portal-config.xml
2019-06-26T11:43:17,489 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Registering component: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config
2019-06-26T11:43:17,489 INFO  [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Registration delayed for component: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config. Waiting for: [service:org.nuxeo.ecm.platform.ui.web.auth.defaultConfig, service:org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig, service:org.nuxeo.ecm.platform.login.Portal]
2019-06-26T11:43:18,822 DEBUG [main] [org.nuxeo.runtime.osgi.OSGiComponentLoader] Install bundle: org.nuxeo.ecm.platform.login.portal [ACTIVE]
2019-06-26T11:43:18,822 DEBUG [main] [org.nuxeo.runtime.osgi.OSGiComponentLoader] Install bundle: org.nuxeo.ecm.platform.login.portal component list: OSGI-INF/Portal-authentication-contrib.xml
2019-06-26T11:43:18,824 DEBUG [main] [org.nuxeo.runtime.model.impl.DefaultRuntimeContext] Deploying component from url jar:file:/var/lib/nuxeo/server/nxserver/bundles/nuxeo-platform-login-portal-sso-10.10.jar!/OSGI-INF/Portal-authentication-contrib.xml
2019-06-26T11:43:25,803 DEBUG [main] [org.nuxeo.runtime.model.ComponentManager] Component activated: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config
2019-06-26T11:43:25,803 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Register contributed extension: ExtensionImpl {target: service:org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService, point:authenticators, contributor:RegistrationInfo: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config}
2019-06-26T11:43:25,803 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Register contributed extension: ExtensionImpl {target: service:org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService, point:chain, contributor:RegistrationInfo: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config}
2019-06-26T11:43:25,803 DEBUG [main] [org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService] New authentication chain powered by service:org.nuxeo.ecm.platform.authenticator.portal.sso.config
2019-06-26T11:43:25,804 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Register contributed extension: ExtensionImpl {target: service:org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService, point:startURL, contributor:RegistrationInfo: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config}
2019-06-26T11:43:25,804 DEBUG [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Register contributed extension: ExtensionImpl {target: service:org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService, point:specificChains, contributor:RegistrationInfo: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config}
2019-06-26T11:43:28,125 DEBUG [main] [org.nuxeo.runtime.model.ComponentManager] Component started: service:org.nuxeo.ecm.platform.authenticator.portal.sso.config

Our file is included in the logs

2019-06-17T13:40:05,750 INFO  [main] [org.nuxeo.runtime.model.impl.ComponentManagerImpl] Registration delayed for component: service:org.nuxeo.template.directory.sql. Waiting for: [service:org.nuxeo.ecm.directories]
2019-06-17T13:40:05,752 DEBUG [main] [org.nuxeo.runtime.model.impl.DefaultRuntimeContext] Deploying component from url file:/var/lib/nuxeo/server/nxserver/config/sso-portal-config.xml

When making the request either with calls directly using HTTP call (headers: “NX_RD”: - 1458172781, “NX_TS”: 1560777663821, “NX_TOKEN”: “woEzM173F6e11JOmeNHXxQ ==“, “NX_USER”: “Administrator”}) or by using any nuxeo client can see the following error log:

portalAuthenticator:{}
headers:{"NX_RD":1865652425,"NX_TS":1560781594172,"NX_TOKEN":"MnoIhJpbn05Qq1edniV5HA==","NX_USER":"Administrator"}
(node:21304) UnhandledPromiseRejectionWarning: Error: Unauthorized
    at doFetch.then (C:\Users\ariellan\Documents\GitHub\itaipu\nuxeo\nuxeo-sso-portal\node_modules\nuxeo\lib\nuxeo.js:157:27)
    at process._tickCallback (internal/process/next_tick.js:68:7)
(node:21304) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(
). (rejection id: 1)
(node:21304) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
```
==> /var/log/nuxeo/server.log <==
2019-06-17T14:27:22,460 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsCsrfFilter] No CSRF token check configured
2019-06-17T14:27:22,473 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsCsrfFilter] Method: GET, source: null, target: http://172.29.14.145/
2019-06-17T14:27:22,473 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsCsrfFilter] Safe method: allow
2019-06-17T14:27:22,480 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Entering Nuxeo Authentication Filter
2019-06-17T14:27:22,480 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Principal not found inside Request via getUserPrincipal
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Try getting authentication from cache
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin AUTOMATION_BASIC_AUTH
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin TOKEN_AUTH
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator] Found no 'X-Authentication-Token' header in the request.
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin OAUTH2_AUTH
2019-06-17T14:27:22,481 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin JWT_AUTH
2019-06-17T14:27:22,482 DEBUG [http-nio-127.0.0.1-8080-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] user/password not found in request, try into identity cache

As you can see, the PORTAL_AUTH authentication method is never listed.

We add the plugin nuxeo-platform-login-portal-sso plugin in the /var/lib/nuxeo/server/nxserver/bundles folder.
We add our configuration file called sso-portal-config.xml in the /var/lib/nuxeo/server/nxserver/config/ folder.

<component name="org.nuxeo.ecm.platform.authenticator.portal.sso.config">
    <require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
    <require>org.nuxeo.ecm.platform.login.Portal</require>
    <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
        <authenticationPlugin name="PORTAL_AUTH">
            <loginModulePlugin>Trusting_LM</loginModulePlugin>
            <parameters>
                <parameter name="secret">nuxeo5secretkey</parameter>
                <parameter name="maxAge">3600</parameter>
                <parameter name="digestAlgorithm">MD5</parameter>
            </parameters>
        </authenticationPlugin>
    </extension>
    <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="chain">
        <authenticationChain>
            <plugins>
                <plugin>BASIC_AUTH</plugin>
                <plugin>PORTAL_AUTH</plugin>
            </plugins>
        </authenticationChain>
    </extension>
</component>

Could someone please help us?    Best regards

0 votes

0 answers

164 views

ANSWER

This file is enclosed with `&lt;?xml version=&quot;1.0&quot;?&gt; &lt;component name=&quot;some.unique.name.you.chose&quot;&gt;and ``</component>``` right?
06/17/2019

Please update your webmail.pti.org.py links in the question, we can't read them.
06/17/2019

Florent Guillaume Do you have any suggestion?
06/25/2019