Select a revision to compare with:
Side by side diff
Entering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\n[ShibbolethAuthenticationPlugin] Failed to get or create user entry\n ... java.lang.NullPointerException ...\nUser/Password found as parameter of the request\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filte\n\n
server.xml for tomcat so that host=nuxeo.example.orgRequestHeader append nuxeo-virtual-host \"https://myDomainName/\" and turn ProxyPreserveHost OnI'm not sure what to try next. Could the DNS issue be a red herring? What could account for this different behaviour?
" }, { "id" : "e71025fd-4a65-4cca-bce6-0d9382fbe278", "label" : "2", "active" : false, "author" : { "uid" : "519f374f-4d66-4029-b516-93136731cfa2", "name" : "519f374f-4d66-4029-b516-93136731cfa2", "email" : "brian.tingle.cdlib.org@gmail.com", "firstName" : "Brian", "lastName" : "T", "title" : "Member", "score" : 541, "disabled" : false, "virtual" : false, "badgeCount" : null, "notifications" : { "email" : { "name" : "email", "address" : "brian.tingle.cdlib.org@gmail.com", "notifs" : [ "EditMyAnswer", "CommentMyAnswer", "NewQuestionComment", "EditMyQuestion", "AnswerMyQuestion", "WeeklyDigest", "VoteMyQuestion", "BadgeAwarded", "VoteMyAnswer", "TagMyQuestion", "CommentMyQuestion", "NewQuestion", "NewAnswerComment", "NewAnswer" ] }, "phone" : null }, "badges" : [ "lonesome", "commentator", "puzzler", "notableq", "revival", "hope", "popular" ], "loginCount" : 2, "lastLogin" : 1443387165925, "avatarUrl" : "//www.gravatar.com/avatar/ac586d3c78591ab86f470c9a39230db7?d=mm&s=%s" }, "created" : "2013-10-15T06:26:44.00Z", "createdAt" : "10/15/2013", "title" : "shibboleth problem on one host", "content" : "I have 3 hosts where I'm trying to set up shibboleth and nuxeo; -dev, -stg, and production.\n\nIt works on -dev and -stg, it does not work on production. On production, it looks like it is doing something similar to [a report last October](http://answers.nuxeo.com/questions/4149/shibboleth-configuration) where nuxeo is not able to pick up the shibboleth information from the request and end up in an endless loop.\n\n#DNS difference between -dev/-stg and production\n\n`nuxeo-dev.example.org` and `nuxeo-stg.example.org` are DNS `A` records to the IP address of the VM.\n\n`nuxeo.example.org`, my production VM, is a DNS `CNAME` to `xyz-nuxeo-p01.example.edu`. This is the only difference I can see between production and the other environments. Production is run by a different group, and getting them to change the DNS setup to match -dev/-stg is not an option.\n\n#when it fails\n\nIf I turn up `log4j.xml` org.nuxeo.ecm.platform.ui.web.auth to TRACE; on production I see:\n\n2013-10-14 20:25:50,610 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Entering Nuxeo Authentication Filter\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Principal not found inside Request via getUserPrincipal\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Try getting authentication from cache\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin SHIB_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin BASIC_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] user/password not found in request, try into identity cache\n\nor\n
\nEntering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\nTrying to retrieve userIdentification using plugin BASIC_AUTHuser/password not found in request, try into identity cache\n\n\n#when it works\n\nWhen it works (tar'ing up the same exact files onto -dev or -stg) the [TRACE logs](https://gist.github.com/tingletech/6986346) show something like this:\n
Entering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\n[ShibbolethAuthenticationPlugin] Failed to get or create user entry\n ... java.lang.NullPointerException ...\nUser/Password found as parameter of the request\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filte\n\n\n#what I've tried\n\n * I've tried to edit the `server.xml` for tomcat so that host=nuxeo.example.org\n * I've tried to set nuxeo.url=http://nuxeo.example.org:8080/nuxeo\n * tested on 5.6, 5.7.2, and 5.7.3\n\n#what next?\nI'm not sure what to try next. Could the DNS issue be a red herring? What could account for this different behaviour?", "htmlContent" : "
I have 3 hosts where I'm trying to set up shibboleth and nuxeo; -dev, -stg, and production.
\nIt works on -dev and -stg, it does not work on production. On production, it looks like it is doing something similar to a report last October where nuxeo is not able to pick up the shibboleth information from the request and end up in an endless loop.
\nnuxeo-dev.example.org and nuxeo-stg.example.org are DNS A records to the IP address of the VM.
nuxeo.example.org, my production VM, is a DNS CNAME to xyz-nuxeo-p01.example.edu. This is the only difference I can see between production and the other environments. Production is run by a different group, and getting them to change the DNS setup to match -dev/-stg is not an option.
If I turn up log4j.xml org.nuxeo.ecm.platform.ui.web.auth to TRACE; on production I see:
\n2013-10-14 20:25:50,610 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Entering Nuxeo Authentication Filter\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Principal not found inside Request via getUserPrincipal\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Try getting authentication from cache\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin SHIB_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin BASIC_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] user/password not found in request, try into identity cache\n\n
or
\n\nEntering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\nTrying to retrieve userIdentification using plugin BASIC_AUTHuser/password not found in request, try into identity cache\n\n
When it works (tar'ing up the same exact files onto -dev or -stg) the \n
Entering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\n[ShibbolethAuthenticationPlugin] Failed to get or create user entry\n ... java.lang.NullPointerException ...\nUser/Password found as parameter of the request\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filte\n\n
server.xml for tomcat so that host=nuxeo.example.orgI'm not sure what to try next. Could the DNS issue be a red herring? What could account for this different behaviour?
" }, { "id" : "a94d82e0-f54f-4b67-ae9d-eb1340d13c5b", "label" : "1", "active" : false, "author" : { "uid" : "519f374f-4d66-4029-b516-93136731cfa2", "name" : "519f374f-4d66-4029-b516-93136731cfa2", "email" : "brian.tingle.cdlib.org@gmail.com", "firstName" : "Brian", "lastName" : "T", "title" : "Member", "score" : 541, "disabled" : false, "virtual" : false, "badgeCount" : null, "notifications" : { "email" : { "name" : "email", "address" : "brian.tingle.cdlib.org@gmail.com", "notifs" : [ "EditMyAnswer", "CommentMyAnswer", "NewQuestionComment", "EditMyQuestion", "AnswerMyQuestion", "WeeklyDigest", "VoteMyQuestion", "BadgeAwarded", "VoteMyAnswer", "TagMyQuestion", "CommentMyQuestion", "NewQuestion", "NewAnswerComment", "NewAnswer" ] }, "phone" : null }, "badges" : [ "lonesome", "commentator", "puzzler", "notableq", "revival", "hope", "popular" ], "loginCount" : 2, "lastLogin" : 1443387165925, "avatarUrl" : "//www.gravatar.com/avatar/ac586d3c78591ab86f470c9a39230db7?d=mm&s=%s" }, "created" : "2013-10-15T06:24:31.00Z", "createdAt" : "10/15/2013", "title" : "shibboleth problem on one host", "content" : "I have 3 hosts where I'm trying to set up shibboleth and nuxeo; -dev, -stg, and production.\n\nIt works on -dev and -stg, it does not work on production. On production, it looks like it is doing something similar to [a report last October](http://answers.nuxeo.com/questions/4149/shibboleth-configuration) where nuxeo is not able to pick up the shibboleth information from the request and end up in an endless loop.\n\n#DNS difference between -dev/-stg and production\n\n`nuxeo-dev.example.org` and `nuxeo-stg.example.org` are DNS `A` records to the IP address of the VM.\n\n`nuxeo.example.org`, my production VM, is a DNS `CNAME` to `xyz-nuxeo-p01.example.edu`. This is the only difference I can see between production and the other environments. Production is run by a different group, and getting them to change the DNS setup to match -dev/-stg is not an option.\n\n#when it fails\n\nIf I turn up `log4j.xml` org.nuxeo.ecm.platform.ui.web.auth to TRACE; on production I see:\n\n2013-10-14 20:25:50,610 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Entering Nuxeo Authentication Filter\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Principal not found inside Request via getUserPrincipal\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Try getting authentication from cache\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin SHIB_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin BASIC_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] user/password not found in request, try into identity cache\n\nor\n
\nEntering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\nTrying to retrieve userIdentification using plugin BASIC_AUTHuser/password not found in request, try into identity cache\n\n\n#when it works\n\nWhen it works (tar'ing up the same exact files onto -dev or -stg) the [TRACE logs](https://gist.github.com/tingletech/6986346) show something like this:\n
Entering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\n[ShibbolethAuthenticationPlugin] Failed to get or create user entry\n ... java.lang.NullPointerException ...\nUser/Password found as parameter of the request\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filte\n\n\n#what I've tried\n\n * I've tried to edit the `server.xml` for tomcat so that host=nuxeo.example.org\n * I've tried to set nuxeo.url=http://nuxeo.example.org:8080/nuxeo\n\n#what next?\nI'm not sure what to try next. Could the DNS issue be a red herring? What could account for this different behaviour?", "htmlContent" : "
I have 3 hosts where I'm trying to set up shibboleth and nuxeo; -dev, -stg, and production.
\nIt works on -dev and -stg, it does not work on production. On production, it looks like it is doing something similar to a report last October where nuxeo is not able to pick up the shibboleth information from the request and end up in an endless loop.
\nnuxeo-dev.example.org and nuxeo-stg.example.org are DNS A records to the IP address of the VM.
nuxeo.example.org, my production VM, is a DNS CNAME to xyz-nuxeo-p01.example.edu. This is the only difference I can see between production and the other environments. Production is run by a different group, and getting them to change the DNS setup to match -dev/-stg is not an option.
If I turn up log4j.xml org.nuxeo.ecm.platform.ui.web.auth to TRACE; on production I see:
\n2013-10-14 20:25:50,610 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Entering Nuxeo Authentication Filter\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Principal not found inside Request via getUserPrincipal\n2013-10-14 20:25:50,611 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Try getting authentication from cache\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin SHIB_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] Trying to retrieve userIdentification using plugin BASIC_AUTH\n2013-10-14 20:25:50,612 DEBUG [ajp-bio-0.0.0.0-8009-exec-1] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] user/password not found in request, try into identity cache\n\n
or
\n\nEntering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\nTrying to retrieve userIdentification using plugin BASIC_AUTHuser/password not found in request, try into identity cache\n\n
When it works (tar'ing up the same exact files onto -dev or -stg) the \n
Entering Nuxeo Authentication Filter\nPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cache\nTrying to retrieve userIdentification using plugin SHIB_AUTH\n[ShibbolethAuthenticationPlugin] Failed to get or create user entry\n ... java.lang.NullPointerException ...\nUser/Password found as parameter of the request\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filter\nEntering Nuxeo Authentication FilterPrincipal not found inside Request via getUserPrincipal\nTry getting authentication from cacheuserIdent found in cache, get the Principal from it without reloggin\nPrincipal = Brian.T@example.org\nExit Nuxeo Authentication filte\n\n
server.xml for tomcat so that host=nuxeo.example.orgI'm not sure what to try next. Could the DNS issue be a red herring? What could account for this different behaviour?
" } ] }; Versioning.getActiveVersion = function() { var versions = this.versions; for (var i=0,len=versions.length;i