OAuth Login in DSpace CRIS 5.5.0
415 views
Skip to first unread message
Oliver Goldschmidt
Apr 25, 2016, 10:12:23 AM4/25/16
to DSpace Technical Support
Again Hello, DSpace CRIS fellows,
another problem occurs on my DSpace CRIS instance: when I try to login using Orcid, I get an exception indicating a 403 error. I do not see, where this exception comes from, neither I understand it, as our test server should be available for any other computer...
This is the exception, that I can see trying to login:
TIA again, best
- Oliver
another problem occurs on my DSpace CRIS instance: when I try to login using Orcid, I get an exception indicating a 403 error. I do not see, where this exception comes from, neither I understand it, as our test server should be available for any other computer...
This is the exception, that I can see trying to login:
-- URL Was: https://my-dspace-host/oauth-login?code=FFFFFF -- Method: GET -- Parameters were: -- code: "FFFFFF" Exception: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:987) at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:799) at org.glassfish.jersey.client.JerseyInvocation.access$500(JerseyInvocation.java:91) at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:687) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:228) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444) at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:683) at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:411) at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:307) at org.dspace.authority.orcid.OrcidService.getProfile(OrcidService.java:185) at org.dspace.authenticate.OAuthAuthenticationMethod.authenticate(OAuthAuthenticationMethod.java:93) at org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:162) at org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:99) at org.dspace.app.webui.servlet.OAuthAuthenticationServlet.doDSPost(OAuthAuthenticationServlet.java:179) at org.dspace.app.webui.servlet.OAuthAuthenticationServlet.doDSGet(OAuthAuthenticationServlet.java:72) at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:119) at org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:67) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.RequestFilter.process(RequestFilter.java:205) at org.apache.catalina.filters.RemoteAddrFilter.doFilter(RemoteAddrFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.dspace.utils.servlet.DSpaceWebappServletFilter.doFilter(DSpaceWebappServletFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:193) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745)Any ideas, where this is coming from?
TIA again, best
- Oliver
Oliver Goldschmidt
Apr 25, 2016, 10:47:47 AM4/25/16
to DSpace Technical Support
One addition: we are using the public API. As far as I understood that, this kind of API access is enough for OAuth. But I guess this is a detail I should have mentioned.
wcl...@widernet.org
Apr 25, 2016, 11:48:38 AM4/25/16
to DSpace Technical Support
I have been having the same problem for the past several weeks and I can't find an answer anywhere...
-Whitney
Andrea Bollini
Apr 26, 2016, 4:04:24 AM4/26/16
to wcl...@widernet.org, DSpace Technical Support, o.gold...@tu-harburg.de
Have you configured your free public
API KEY during the build?
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L206
are you using the production ORCID environment or the sandbox?
if you are using the sandbox you need to change these properties
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L201
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L202
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L203
Andrea
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L206
are you using the production ORCID environment or the sandbox?
if you are using the sandbox you need to change these properties
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L201
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L202
https://github.com/Cineca/DSpace/blob/dspace-5_x_x-cris/build.properties#L203
Andrea
-- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com. To post to this group, send email to dspac...@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
-- Andrea Bollini International Business Development, Deputy Leader Open Source & Open Standards Strategy, Head Cineca Via dei Tizii, 6 00185 Roma, Italy tel. +39 06 44 486 087 - mob. +39 348 82 77 525 http://www.cineca.it
Pascarelli Luigi Andrea
Apr 26, 2016, 10:18:25 AM4/26/16
to wcl...@widernet.org, Oliver Goldschmidt, DSpace Technical Support
Yes, you are right. I checked the authentication with Public API and
I got the error.
I just push to github the fix https://github.com/Cineca/DSpace/commit/6fcb1ca2fb7f106e2914f27d41502e7b9501de10
Please, upgrade your code with this patch and try again.
Thank you very much.
Regards,
Luigi Andrea
I just push to github the fix https://github.com/Cineca/DSpace/commit/6fcb1ca2fb7f106e2914f27d41502e7b9501de10
Please, upgrade your code with this patch and try again.
Thank you very much.
Regards,
Luigi Andrea
-- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com. To post to this group, send email to dspac...@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
Oliver Goldschmidt
Apr 27, 2016, 3:50:29 AM4/27/16
to DSpace Technical Support, wcl...@widernet.org, o.gold...@tu-harburg.de, l.pasc...@cineca.it
Thank you, Luigi Andrea, I can confirm that your fix is working fine for me. I now can login via public API (I tried it on the Orcid Sandbox, but I guess it will work also for the real Orcid system).
Thank you again very much,
Oliver
Thank you again very much,
Oliver
codefest...@gmail.com
May 27, 2016, 6:25:57 AM5/27/16
to DSpace Technical Support, wcl...@widernet.org, o.gold...@tu-harburg.de, l.pasc...@cineca.it
Dear team,
I have problems with ORCID integration in DSPACE-CRIS, in the redirection to DSPACE-CRIS from ORCID is not working. Then, I'm not sure if I have configured the ORCID in the good way. Could you help me? Is there any information about to do it?
Thank you very much.
authentication-oauth.orcid-api-url = http://api.sandbox.orcid.org/v1.2
authentication-oauth.application-token-url = https://api.sandbox.orcid.org/oauth/token
authentication-oauth.application-authorize-url = https://sandbox.orcid.org/oauth/authorize
# register for free on ORCID to use an institutional Public API
# IMPORTANT!! Please fill authentication-oauth.application-client-name with name of client registered into orcid registries (need by the putcode flow retrieve)
authentication-oauth.application-client-name = myname
authentication-oauth.application-client-id = myid
authentication-oauth.application-client-secret = mysecret
authentication-oauth.application-client-redirect = ${dspace.baseUrl}/oauth-login
# PUBLIC API
#authentication-oauth.application-client-scope =/authenticate
# MEMBER API
authentication-oauth.application-client-scope =/authenticate /orcid-profile/read-limited /orcid-bio/update /orcid-works/create /orcid-works/update /funding/create /funding/update
I have problems with ORCID integration in DSPACE-CRIS, in the redirection to DSPACE-CRIS from ORCID is not working. Then, I'm not sure if I have configured the ORCID in the good way. Could you help me? Is there any information about to do it?
Thank you very much.
authentication-oauth.orcid-api-url = http://api.sandbox.orcid.org/v1.2
authentication-oauth.application-token-url = https://api.sandbox.orcid.org/oauth/token
authentication-oauth.application-authorize-url = https://sandbox.orcid.org/oauth/authorize
# register for free on ORCID to use an institutional Public API
# IMPORTANT!! Please fill authentication-oauth.application-client-name with name of client registered into orcid registries (need by the putcode flow retrieve)
authentication-oauth.application-client-name = myname
authentication-oauth.application-client-id = myid
authentication-oauth.application-client-secret = mysecret
authentication-oauth.application-client-redirect = ${dspace.baseUrl}/oauth-login
# PUBLIC API
#authentication-oauth.application-client-scope =/authenticate
# MEMBER API
authentication-oauth.application-client-scope =/authenticate /orcid-profile/read-limited /orcid-bio/update /orcid-works/create /orcid-works/update /funding/create /funding/update
Andrea Bollini
May 27, 2016, 8:25:11 AM5/27/16
to codefest...@gmail.com, DSpace Technical Support, wcl...@widernet.org, o.gold...@tu-harburg.de, l.pasc...@cineca.it
Hi,
when you have applied for the ORCID API KEY you have provided the allowed redirect URLs, see the last paragraph here
http://support.orcid.org/knowledgebase/articles/116739-register-a-client-application
The dspace.url need to be included in such list.
Hope this help,
Andrea
when you have applied for the ORCID API KEY you have provided the allowed redirect URLs, see the last paragraph here
http://support.orcid.org/knowledgebase/articles/116739-register-a-client-application
The dspace.url need to be included in such list.
Hope this help,
Andrea
-- Andrea Bollini International Business Development, Deputy Leader Open Source & Open Standards Strategy, Head Cineca Via dei Tizii, 6 00185 Roma, Italy tel. +39 06 44 486 087 - mob. +39 348 82 77 525 http://www.cineca.it
dummies code fest
May 27, 2016, 8:39:56 AM5/27/16
to Andrea Bollini, DSpace Technical Support, wcl...@widernet.org, o.gold...@tu-harburg.de, l.pasc...@cineca.it
Dear Andrea,
I provided this redirect URL "http://mydomain:8080/oauth-login". But I am not sure if this URL is correct or for example it would be "http://mydomain:8080/jspui/oauth-login", or if is necessary configurate something more.
Thank you very much.
Andrea Bollini
May 27, 2016, 12:23:57 PM5/27/16
to dummies code fest, DSpace Technical Support, wcl...@widernet.org, o.gold...@tu-harburg.de, l.pasc...@cineca.it
It needs to match the dspace.url
parameter
If your repository home page is visible at "http://mydomain:8080/jspui/"
the redirect URL should be "http://mydomain:8080/jspui/oauth-login"
Using just http://mydomain:8080 as redirect URL should work as well but it is a bit more risky from the security point-of-view
Andrea
If your repository home page is visible at "http://mydomain:8080/jspui/"
the redirect URL should be "http://mydomain:8080/jspui/oauth-login"
Using just http://mydomain:8080 as redirect URL should work as well but it is a bit more risky from the security point-of-view
Andrea
dummies code fest
May 30, 2016, 6:44:06 PM5/30/16
to Andrea Bollini, DSpace Technical Support, wcl...@widernet.org, Oliver Marahrens, l.pasc...@cineca.it
Dear Andrea,
Yes, my repository is "http://mydomain:8080/jspui/" then:
1) I configured in the ORCID sandbox the following redirection: http://mydomain:8080/jspui/
2) In the build.properties I have configured:
authentication-oauth.application-client-redirect = ${dspace.baseUrl}/oauth-login
then It means that will be "http://mydomain:8080/oauth-login"
Is it correct?
My result is that the return from sandbox to CRIS it gets blank page with the following adress "http://mydomain:8080/oauth-login?code=P3jix2"
Is it correct?
My result is that the return from sandbox to CRIS it gets blank page with the following adress "http://mydomain:8080/oauth-login?code=P3jix2"
I don't know that I could check.
Thank you very much. I am really apreciate.
Thank you very much. I am really apreciate.
Andrea Bollini
May 31, 2016, 10:04:25 AM5/31/16
to dummies code fest, DSpace Technical Support, wcl...@widernet.org, Oliver Marahrens, l.pasc...@cineca.it
Hi,
2) In the build.properties I have configured:
authentication-oauth.application-client-redirect = ${dspace.baseUrl}/oauth-login
then It means that will be "http://mydomain:8080/oauth-login"
Is it correct?
No, it should be
authentication-oauth.application-client-redirect = ${dspace.url}/oauth-login
i.e. http://mydomain:8080/jspui/oauth-login
Andrea
authentication-oauth.application-client-redirect = ${dspace.url}/oauth-login
i.e. http://mydomain:8080/jspui/oauth-login
Andrea
dummies code fest
May 31, 2016, 6:05:17 PM5/31/16
to Andrea Bollini, DSpace Technical Support, wcl...@widernet.org, Oliver Marahrens, l.pasc...@cineca.it
Dear Andrea,
Now, with this configuration I have the follow error HTTP500. Could you know what is the problem?
Thank you very much.
2016-05-31 23:52:56,131 WARN org.dspace.app.webui.servlet.InternalErrorServlet @ :session_id=BEF4B119F44023FD30F93432E67C333B:internal_error:-- URL Was: http://mydomain.com:8080/jspui/oauth-login?code=abctGh
-- Method: GET
-- Parameters were:
-- code: "abctGh"
javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:1002)
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:1002)
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:799)
at org.glassfish.jersey.client.JerseyInvocation.access$500(JerseyInvocation.java:91)
at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:687)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:683)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:411)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:307)
at org.dspace.authority.orcid.OrcidService.getProfile(OrcidService.java:191)
at org.dspace.authenticate.OAuthAuthenticationMethod.authenticate(OAuthAuthenticationMethod.java:94)
at org.dspace.authenticate.OAuthAuthenticationMethod.authenticate(OAuthAuthenticationMethod.java:94)
at org.dspace.authenticate.AuthenticationManager.authenticateInternal(AuthenticationManager.java:162)
at org.dspace.authenticate.AuthenticationManager.authenticate(AuthenticationManager.java:99)
at org.dspace.app.webui.servlet.OAuthAuthenticationServlet.doDSPost(OAuthAuthenticationServlet.java:179)
at org.dspace.app.webui.servlet.OAuthAuthenticationServlet.doDSGet(OAuthAuthenticationServlet.java:72)
at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:119)
at org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.dspace.utils.servlet.DSpaceWebappServletFilter.doFilter(DSpaceWebappServletFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
at java.lang.Thread.run(Thread.java:745)
dummies code fest
Jun 8, 2016, 6:45:54 AM6/8/16
to Andrea Bollini, DSpace Technical Support, wcl...@widernet.org, Oliver Marahrens, l.pasc...@cineca.it
Dear all,
I redirected tomcat to port #80, and I have installed the DSPACE-CRIS how: http://mydomain.com/jspui. Then I put a ROOT symlink in webapps to redirect to jspui folder, in order to not use /jspui in url. Then I am not sure if the redirection to connect with ORCID API would be:
http://mydomain.com/jspui/oauth-login
http://mydomain.com/oauth-login
dummies code fest
Jun 10, 2016, 5:03:33 AM6/10/16
to Andrea Bollini, DSpace Technical Support, wcl...@widernet.org, Oliver Marahrens, l.pasc...@cineca.it
Dear team,
When I configure the ORCID settings with the public API it works, but it is not working when I configure sandbox and production member settings (changing the credentials). Could you know if there are other configurations or the URLs of ORCID services have been changed?
Thank you very much in advance.
#PUBLIC API
#authentication-oauth.orcid-api-url = http://pub.orcid.org/v1.2
#authentication-oauth.application-token-url = https://pub.orcid.org/oauth/token
#authentication-oauth.application-authorize-url = https://orcid.org/oauth/authorize
#SANDBOX MEMBER API
#authentication-oauth.orcid-api-url = http://api.sandbox.orcid.org/v1.2
#authentication-oauth.application-token-url = https://api.sandbox.orcid.org/oauth/token
#authentication-oauth.application-authorize-url = https://sandbox.orcid.org/oauth/authorize
#PRODUCTION MEMBER API
authentication-oauth.orcid-api-url = http://api.orcid.org/v1.2
authentication-oauth.application-token-url = https://api.orcid.org/oauth/token
authentication-oauth.application-authorize-url = https://orcid.org/oauth/authorize
Reply all
Reply to author
Forward
0 new messages