SWORD v1 login failure on DSpace 9.2

[Joshua Kim]

Hello,

We have installed DSpace 9.2 (upgraded from 7.6). It has SWORD v1. We use Shibboleth and Orcid for authentication. They are working. But if I try to log in to the SWORD service document page, even though I set a user account to the admin and submitter groups for collections under assign roles and enter the correct email and password, the login fails.

https://xxxxxx.udel.edu/server/sword/servicedocument 

In the DSpace log file,   it prints as follows:

INFO  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.sword.SWORDAuthenticator @ anonymous:session_id=0:ip_addr=10.7.36.158:sword_authenticate:username=xx...@udel.edu,on_behalf_of=null
2026-04-10 21:01:34,316 WARN  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.authenticate.ShibAuthentication @ Unable to authenticate using Shibboleth because the request object is null.
2026-04-10 21:01:34,316 WARN  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.authenticate.OrcidAuthenticationBean @ Unable to authenticate using ORCID because the request object is null.
2026-04-10 21:01:34,316 INFO  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.sword.SWORDAuthenticator @ anonymous:session_id=0:ip_addr=10.7.36.158:sword_unable_to_set_on_behalf_of:username=xxxx...@udel.edu,on_behalf_of=null

ALSO, when I try to use curl, I have an error of "HTTP/1.1 401 401" 

curl -i --data-binary "@/home/joshkim/download/example.zip" -H "Content-Disposition:filename=example.zip" -H "Content-Type:application/zip" -H "X-Packaging:http://purl.org/net/sword-types/METSDSpaceSIP" -u lib-ne...@udel.edu:[mypassword] https://XXXXXXXXXXXudel.edu/server/sword/deposit/123456789/359

HTTP/1.1 401 401
Date: Sat, 11 Apr 2026 00:46:11 GMT

Can someone please help us out? Thank you so much in advance.

 

[Toni Prieto]

Hi Joshua,

I remember running into a similar issue in earlier versions. It might be a bug related to checking whether special groups should be added depending on the authentication method being used.

During the SWORD request, the request object comes through as null, which causes one of these checks to fail. Looking at the recent changes, it’s possible the issue is triggered in the isUsed function of the ORCID and Shibboleth methods you have configured, which are involved in this recent change:
https://github.com/DSpace/DSpace/pull/11633

Modifying the function so that it returns false when request is null could fix the problem.

If you can see the stack trace, it should give you a better idea of exactly where it’s happening.

Regards,

Toni

El 11/4/26 a las 5:22, Joshua Kim escribió:

--
All messages to this mailing list should adhere to the Code of Conduct: https://lyrasis.org/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/9f32811d-b68d-4125-a2ac-6fab25726c02n%40googlegroups.com.

-- 

Toni Prieto
Universitat Politècnica de Catalunya

[Joshua Kim]

Thank you, Toni. 

Do I need to modify the Java source code in DSpace 9.2? I am not quite sure what you suggested to me, though I read https://github.com/DSpace/DSpace/pull/11633. Would you explain me in detail?