nuxeo-shibboleth-invitation : "Une erreur s'est produite."
After shib authenticate, I get the message “Une erreur s'est produite” with the exception :
2019-04-11 17:51:37,602 ERROR [ajp-bio-0.0.0.0-9550-exec-7] [nuxeo-error-log] java.lang.IllegalArgumentException: value already present: username
at com.google.common.collect.HashBiMap.put(HashBiMap.java:238)
at com.google.common.collect.HashBiMap.put(HashBiMap.java:215)
at java.util.AbstractMap.putAll(AbstractMap.java:281)
at org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationServiceImpl.getUserMetadata(ShibbolethAuthenticationServiceImpl.java:136)
at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:82)
at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:69)
at org.nuxeo.ecm.platform.shibboleth.auth.ShibbolethAuthenticationPlugin.handleRetrieveIdentity(ShibbolethAuthenticationPlugin.java:128)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:1050)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:522)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:51)
at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:122)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:82)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
My installation : Nuxeo home: …/nuxeo-server-tomcat-8.10-HF35 My local packages: addon started nuxeo-platform-user-registration (id: nuxeo-platform-user-registration-1.7.3) addon started nuxeo-shibboleth-invitation (id: nuxeo-shibboleth-invitation-1.2.3) addon started shibboleth-authentication (id: shibboleth-authentication-2.4.3)
My Shib configuration (extract) :
<component name="rennes1.shibboleth.config">
<require>authentication.shibboleth.invitation.config</require>
<require>org.nuxeo.ecm.platform.ui.web.auth.defaultConfig</require>
<!-- require>org.nuxeo.opensocial.OAuthFilter</require -->
<require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
<require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<plugins>
<plugin>BASIC_AUTH</plugin>
<plugin>SHIB_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
<extension
target="org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService"
point="config">
<config>
<uidHeaders>
<!-- possibilitée préser quel attribut servira d'identifiant suivant
l'idp, ici on prend l'uid pour notre idp local -->
<uidHeader idpUrl="https://ident-shib.univ-rennes1.fr/idp/shibboleth">uid</uidHeader>
<!-- pour tous les autres idp, on utilise l'eppn -->
<default>eppn</default>
</uidHeaders>
<fieldMapping header="eppn">username</fieldMapping>
<fieldMapping header="uid">username</fieldMapping>
<fieldMapping header="mail">email</fieldMapping>
<fieldMapping header="givenName">firstName</fieldMapping>
<fieldMapping header="sn">lastName</fieldMapping>
<fieldMapping header="supannOrganisme">company</fieldMapping>
</config>
</extension>
</component>
If i have one “username” entry, like this:
<fieldMapping header="uid">username</fieldMapping>
i get the exception:
2019-04-11 17:46:58,530 ERROR [ajp-bio-0.0.0.0-9550-exec-2] [nuxeo-error-log] org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a transaction
at org.nuxeo.ecm.core.api.local.LocalSession.<init>(LocalSession.java:75)
at org.nuxeo.ecm.core.api.CoreSessionServiceImpl.createCoreSession(CoreSessionServiceImpl.java:43)
at org.nuxeo.ecm.core.api.CoreInstance.openCoreSession(CoreInstance.java:171)
at org.nuxeo.ecm.core.api.CoreInstance.openCoreSession(CoreInstance.java:71)
at org.nuxeo.ecm.core.api.UnrestrictedSessionRunner.runUnrestricted(UnrestrictedSessionRunner.java:129)
at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.updateACP(ShibbolethUserMapper.java:163)
at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:102)
at org.nuxeo.shibboleth.invitation.ShibbolethUserMapper.getOrCreateAndUpdateNuxeoPrincipal(ShibbolethUserMapper.java:69)
at org.nuxeo.ecm.platform.shibboleth.auth.ShibbolethAuthenticationPlugin.handleRetrieveIdentity(ShibbolethAuthenticationPlugin.java:128)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:1050)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:522)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:51)
at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:122)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:82)
at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsCsrfFilter.doFilter(NuxeoCorsCsrfFilter.java:134)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Any idea ?
Regards , Henri
It seems that the package nuxeo-shibboleth-invitation version=1.3.3 works fine over LTS2016 platforms. Henri
This was fixed in Nuxeo 9.10 as part of NXP-23488. However this was not backported to older releases.
FYI the change in question is: https://github.com/nuxeo/nuxeo/commit/b8e473ca8d94a7f8f8bfbd871ee0b1d48c9363d1#diff-d8159ffd950a40bcf558505fae147510L102