nuxeo-shibboleth-invitation : "Une erreur s'est produite."

After shib authenticate, I get the message “Une erreur s'est produite” with the exception :

2019-04-11 17:51:37,602 ERROR [ajp-bio-0.0.0.0-9550-exec-7] [nuxeo-error-log] java.lang.IllegalArgumentException: value already present: username
        at com.google.common.collect.HashBiMap.put(HashBiMap.java:238)
        at com.google.common.collect.HashBiMap.put(HashBiMap.java:215)
        at java.util.AbstractMap.putAll(AbstractMap.java:281)
        at org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationServiceImpl.getUserMetadata(ShibbolethAuthenticationServiceImpl.java:136)
        at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:82)
        at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:69)
        at org.nuxeo.ecm.platform.shibboleth.auth.ShibbolethAuthenticationPlugin.handleRetrieveIdentity(ShibbolethAuthenticationPlugin.java:128)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:1050)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:522)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:51)
        at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:122)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
        at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:82)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:411)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

My installation : Nuxeo home: …/nuxeo-server-tomcat-8.10-HF35 My local packages: addon started nuxeo-platform-user-registration (id: nuxeo-platform-user-registration-1.7.3) addon started nuxeo-shibboleth-invitation (id: nuxeo-shibboleth-invitation-1.2.3) addon started shibboleth-authentication (id: shibboleth-authentication-2.4.3)

My Shib configuration (extract) :

<component name="rennes1.shibboleth.config">
        <require>authentication.shibboleth.invitation.config</require>
        <require>org.nuxeo.ecm.platform.ui.web.auth.defaultConfig</require>
        <!--  require>org.nuxeo.opensocial.OAuthFilter</require -->
        <require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
        <require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
                <extension
                        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
                        point="chain">
                <authenticationChain>
                        <plugins>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>SHIB_AUTH</plugin>
                                <plugin>ANONYMOUS_AUTH</plugin>
                        </plugins>
                </authenticationChain>
        </extension>
        <extension
                target="org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService"
                point="config">
                <config>
                        <uidHeaders>
                                <!-- possibilitée préser quel attribut servira d'identifiant suivant
                                        l'idp, ici on prend l'uid pour notre idp local -->
                                <uidHeader idpUrl="https://ident-shib.univ-rennes1.fr/idp/shibboleth">uid</uidHeader>
                                <!-- pour tous les autres idp, on utilise l'eppn -->
                                <default>eppn</default>
                        </uidHeaders>

                        <fieldMapping header="eppn">username</fieldMapping>
                        <fieldMapping header="uid">username</fieldMapping>
                        <fieldMapping header="mail">email</fieldMapping>
                        <fieldMapping header="givenName">firstName</fieldMapping>
                        <fieldMapping header="sn">lastName</fieldMapping>
                        <fieldMapping header="supannOrganisme">company</fieldMapping>
                </config>
        </extension>


</component>

If i have one “username” entry, like this:

<fieldMapping header="uid">username</fieldMapping>

i get the exception:

2019-04-11 17:46:58,530 ERROR [ajp-bio-0.0.0.0-9550-exec-2] [nuxeo-error-log] org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a transaction
        at org.nuxeo.ecm.core.api.local.LocalSession.<init>(LocalSession.java:75)
        at org.nuxeo.ecm.core.api.CoreSessionServiceImpl.createCoreSession(CoreSessionServiceImpl.java:43)
        at org.nuxeo.ecm.core.api.CoreInstance.openCoreSession(CoreInstance.java:171)
        at org.nuxeo.ecm.core.api.CoreInstance.openCoreSession(CoreInstance.java:71)
        at org.nuxeo.ecm.core.api.UnrestrictedSessionRunner.runUnrestricted(UnrestrictedSessionRunner.java:129)
        at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.updateACP(ShibbolethUserMapper.java:163)
        at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:102)
        at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:69)
        at org.nuxeo.ecm.platform.shibboleth.auth.ShibbolethAuthenticationPlugin.handleRetrieveIdentity(ShibbolethAuthenticationPlugin.java:128)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:1050)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:522)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:51)
        at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:122)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
        at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:82)
        at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
        at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:411)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsCsrfFilter.doFilter(NuxeoCorsCsrfFilter.java:134)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:77)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:75)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
        at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

Any idea ?

Regards , Henri

0 votes

2 answers

213 views

ANSWER



It seems that the package nuxeo-shibboleth-invitation version=1.3.3 works fine over LTS2016 platforms. Henri

0 votes



This was fixed in Nuxeo 9.10 as part of NXP-23488. However this was not backported to older releases.

FYI the change in question is: https://github.com/nuxeo/nuxeo/commit/b8e473ca8d94a7f8f8bfbd871ee0b1d48c9363d1#diff-d8159ffd950a40bcf558505fae147510L102

0 votes