auth idp config
161 views
Skip to first unread message
benoit petithomme
Mar 15, 2024, 8:35:08 AM3/15/24
to inception-users
i'm trying to configure inception on my idp (it's not a keycloak)
I have to register as sp inception as sp "SPSSODescriptor", this is done via an idp level xml declaration and I need to indicate the binding to the idp as in the example below:
<md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://inception-preprod.u-paris.fr/realms/inception-client">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>cert de inception</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="url" index="0"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="url" index="0" isDefault="true"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>cert de inception</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="url" index="0"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="url" index="0" isDefault="true"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
where I can find this information and what are the attributes expected by inception
Richard Eckart de Castilho
Mar 15, 2024, 9:07:47 AM3/15/24
to incepti...@googlegroups.com
Hi,
> On 15. Mar 2024, at 13:33, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> i'm trying to configure inception on my idp (it's not a keycloak) I have to register as sp inception as sp "SPSSODescriptor", this is done via an idp level xml declaration and I need to indicate the binding to the idp as in the example below:
http://localhost:8080/saml2/service-provider-metadata/inception-client
Assuming INCEpTION is running on localhost:8080, that should give you the SAML metadata in the format you are looking for.
See also https://inception-project.github.io/releases/31.3/docs/admin-guide.html#sect_security_authentication_saml2
INCEpTION should only need the subject of the SAML2 assertion. Make sure that this subject is a stable identifier
using a limited set of characters. You could probably use either the persistent ID or the emailAddress.
-- Richard
> On 15. Mar 2024, at 13:33, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> i'm trying to configure inception on my idp (it's not a keycloak) I have to register as sp inception as sp "SPSSODescriptor", this is done via an idp level xml declaration and I need to indicate the binding to the idp as in the example below:
> where I can find this information and what are the attributes expected by inception
I think what you are looking for is this URL:
http://localhost:8080/saml2/service-provider-metadata/inception-client
Assuming INCEpTION is running on localhost:8080, that should give you the SAML metadata in the format you are looking for.
See also https://inception-project.github.io/releases/31.3/docs/admin-guide.html#sect_security_authentication_saml2
INCEpTION should only need the subject of the SAML2 assertion. Make sure that this subject is a stable identifier
using a limited set of characters. You could probably use either the persistent ID or the emailAddress.
-- Richard
benoit petithomme
Mar 15, 2024, 7:38:44 PM3/15/24
to inception-users
thank you very much for the response, the idp part is ok, they post what is needed (I am well authenticated at idp level, but I have the following error at app level:
2024-03-15 23:15:42 ERROR [SYSTEM] Decrypter - SAML Decrypter encountered an error decrypting element content: Failed to decrypt EncryptedData
2024-03-15 23:15:42 ERROR [SYSTEM] ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again.
2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
the saml post from the idp to the app is as follows (the encryption and signature certificates are ok):
ID="_d27c7450e16683aac8c221cf29afd948"
InResponseTo="ARQ70b3209-51f2-4338-af9c-96262448ffe6"
IssueInstant="2024-03-15T23:21:47.049Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://xxxxx/idp/shibboleth</saml2:Issuer>
<ds:SignedInfo>
<ds:Reference URI="#_d27c7450e16683aac8c221cf29afd948">
<ds:Transforms>
</ds:Transforms>
<ds:DigestValue>/E/gtTOXfIwrGUn7MdPe55XvZ0A9JAcWz5ARI/4lhI0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>xxxx</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>xxxx</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_4ad1596632da170c2208a30262f9f048"
>
/>
<xenc:EncryptedKey Id="_69b1819a6249682f191a4b0aba9e298a"
>
>
/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>xxxxxxx</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherValue>GJuiI9yL6A2sebBTqtM24dtgy5Cwc5+QzLkFxMQ8hc+LSk3jBmijDChMdRjmBCJ+snVeV4IuNA9ptn0v7AvMDj1syrKlat81RPVQsvbrTt/vvb9plS3fdRYDlC0U0TX59Q8WPw4JwgNxmFtvkIMQmst92TnYJX7sHtzlkw9OPQ0wZlGriNwXnNJaP/GAnJUnHNiXcpnep5zTwym5RrfMspISRPYsJWs1Xzx7ksVNbkWlhlRd2G+HnSaiFvrh7bkSsLOUjgc7q19rgQIeqUkFNaNEZFzFg7AY35PSPHsJVIgcUiObNvfSM87v3QHrgL++bdBIv+5OXxhRkfkf8TKRqw==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherValue>EMW0ihCzUe0dEyrw6WVvda+rrQeHZMLV+AYr9SAmWB0Y1kMm9s9StqJoZyDVbGM2i6thH/Bhi/lPrs/qU2QoPW0GmAVfirNvnbyGQBvAR3FR4qmOXUY5OahW3Jnnduaj9fa7+D9ZtwVTXI2AHJPOMpVqwTAlQ+hQ8HKsEQCHfYlzelbe8/or4839QIAvFnO/tNA8JMiygkel6WkGUXOK6nz015UlKpUIDisw3Mq1vOt2Zph6oCb43NEJl3kE1R7uSMSHYY6pQ+fsYbt0RyJFXrE4yjBmjsStGTjibZwEVoI7JwOT0V0aBcJ10HYMGMmRuglBrgjqCFOwkQIvssvMOZ6WX4FdmMwIOU1hNxg0hSuGxPI+otvy8HZ0nFg/cMak36apYhRBul0YdpsXoO8PlQq2zsNu4Ab7hNXYeLuS3hz0KwIvhzByBzky7lgYQqeQqvp/7mJOf3TU0C8rZuhMnJgPjtr9JBi4tdrtbk7KHVMDJVc0/halLaojf2JS2618nkn2QVP2TyLOnf3FPPEOWn7avpKdb5HLVo10pyeExOICkObxiNM+Xh1a9RteQMEJvp4VmtMdPwBFg3z+cwx7pL1ZjsH0fnkKMgwAJCf9OpDybi56M0gll+R6zrLzsgAxtzRgQMmlm/i2dR0wO8cn599JARHh+Aln+GN8gdnNRsWDM7YkXJb1rcLfz1dp2gg6s2FZ4Z8plfkiwtGsmfCV2VORwdNUWHZ7FMogtrKATejbr0iJMeDcJdirwo/RgwNN4zykzSgwjHBemRRUinYloXLXWq0VyafPuZIX2/HAjx+aXZjdYb7qxlyJ4Oig3Rpdc4UX1P1v5BCkPeU/nqy7Sod67yTMuqVltgp+LSRO5T9jy9L/o/Pf7VLKzUgamPyOitRUwpJJpHcySe1YJPFltSmXBkXIyyTZAt6fkCLkv1yVhEaW0VzTIIRLXY7LS20J0st+r4jy+sy4RsE6pe6LX+t602Pu6fbzVUT2z2wwnQ2gFKPZ/hMOKqvIAva7EBC+YtiS0RYvQnYNCfn8MJPKdiZ3+nM7x0OAamh3a6+BdeO9H3S9zCx+IBAonah4x+YMDQr+4AsFjvqF2ohzPIUPCjsQJR5fBNK1pN+TKSWcopLCi5MbjcNCk7eAkFk1jG2I87BdnAa3kLmdAMOL8wowf89FCDUFfKoG3CRpx6zDFAIqWaz20HkwqqId31WnoF57NRCh3Wvj2tFTcM7AE7BqnUdwsj7ZoD9VqG4f6v0TfK/DHmP/n+T89KG/SvFBa4eQC0LLUB+L3zq2S1Ayt2pNGUGfrOO9JAj2JDFfXS+mTPww9fD4BKkmmg94mW7nEAoav8fYaMptfa2sHghwq9HZXeJjGKnS5G8JECQQ2S/mVBBYe2FFzkFeAH9tKaVjvt5uB2XfWaFV23dfdDSnJAlKtYYVHPAPW3d12SneegOmwAqoJRLzyNM/zEm3b/ViK5sDHxeZ6oV02rZVvWLU86tNEj1Sdfef33Kn2gQhrU9N4o1FDh0b5BKd8q9jSoWYnyuwK2hxiTpmHaDZ7GGImhjejCgeNX4hiCw7b5UCtaK6XzocoeEFz8LrGSofWLv7hu3t0NiAKBIU+5gSjvv6g0Z2ymLOejM3O24PdRBo2SOMEddKeou4UUqaCvBpirWmBODbsDk51CvxybKbLC4ZlMGvk3z+Gblnl25zAtLCunmswgy4K6fQLXpnTg3PGvKmaW1/YXuqGgnb/i4K2EkSin2oX67sPsRnXMiOeT/9ZQPMS3PgY4Zw0fpPoF37Ns2BqZYC8+oRNV4qJxE3/1f/er0sEsKl6XAHFupDr2oncUpYRFwyCfViyP3eyB1VJ46ssfgZrJ6kDsfayTnEqmm2C7X94/o4iHFnG6z3wS+QelXNXGd0YnjYK5J1L2HugWCcRnwDeYvsmEGDtcG15MGSbbg7bZWFP0D0m+jCZAmWLWclMCenY244CFLR7PerZex/z4vvvLwkDUuSyxNaU1bgbMGWWqR64THB4TM2vHucJZZbpcU2RJ4/w675+a8TK11SitlVQWPtxZ22/bnEMk8gil2AZdxRhi/FLuZtAZDfqriXwe9jStTyCXOcIvYNg9BDRL0fDdY2jW7iXaR3/p99B8qduHTNXitqpVPA93GaQilv0cPojfNFwKb1FJy3H1jfyezG6V665Urwe0Bso02ESTQ7z+2PK6Vmh1+jslnaBE3ZDH6l1NfAgabO+miSbYE1ZOEJhGwfKAcu+tM+5bF8EMrz3pcNGAbgrG8hXsA7DbXdahOGJPJpy6HIeA3sCw5DbPkZYIrBCh6pfHh2RTr01IVQ2m5oA28mLj0YyB8/Ku5WJf3sX/Tc2eiv8Ai3X7mGiRwrnupIgoDuE7/S49llcUwOurtB9RnPqztpDCRlWGqPtiAxzdxBnrw4dp/hHiMyyhiCHDSFz9maR2Wu3LkcoMEYXPjDQtINHLk5k6vHAU0T848CRtuo6IAHe7ni1zPi40ICIiHD/G263giqDMy7V9Bmz3bPSB2Lu8/w64t7McpPHTI49Y4lrHaEZ/IrO9S73h1pPwl8aYQS4ERgI8Ee32uMWFOMYwVMf0y9yeYv+SyvsOPkOVEyq5inkiBikjU4x8Ki/FiWyKzvhrxfnjlCfUW+9PyL5Qx8JqSuNIgmBy0n7meYgPFHrTH91aMxPfMUVFzEitJIjCPKdiKWPK26egN0yZG0dveQyf3JEhoRA1+JnsevQWA49UfMsAPwM4iVXJFymj/zBFTGR1XGHT0d2mE2l1PhzujFnlkV7XJbuDSGTAzs3nXIEreXfb6FGvGZP+31DAPc7tYUSLGqIpbmN4f/0Sbm1cdWgCUsKy6+5CYQfSQ0+JViEqlCLtVnCG/yQO6vU3mwlwmudmU4ufBqIaQZbZSJJhUqqQ8HHXXONR/cedH+ZjpQyXTNAhIa6fLdGPGuS7T6fhcETKUhpFQzeN2c2IK787NChwCkr1F89eVHESXHW0f+Yx7Nabu0ycaVJWN3McqJZaM53FK3dyFV/77jrQcCAfGZHNpcJ/w2JH8ARMyrPJfjjc2Jcpw7+nh1XdXtaA6uCScmvxzIDzVv/1D8B2lFAKjirqekmmX+exrj6rMJXMXX16ppO5X0oPmBosOae5pm6brysBzaYZVGY6qcceMOB8IT4cHaK1mDKQwWLWTQ5j3o0SEjSU7BsvVZUvzMa0ttkLjvJrd1Z82qfgn1K0ZazXvatbDgsqkz8qt1o8XkGxs5nwY6QecuRIQCZ99NX255X9kUhx/l88ePB4zJDuSOtz6t9CNjaG7BjFOEigOhWt7SeokQw8lPH77UpHoldxXnwoh/ZLSH4NFGMhpc6dwJtmeC59fx7/XEM9qP5zXIjx9f7k0X2SKSsSFzv6I+XjrK4z7Wf2upzsnKvHPZl1pERfdC2RrYA6Dm07c8PkjbrSgd03sYbhqmtMBjrjy8WhyhNMQnjhFuIPDGKIlb2iaM0hz8G339PNefyltFVZGy7ZCgQ/EwZ/vejEZBGHFEmXu7m8cM77C+xFoo0SrMf9+W5fAJsZnElVvlVea000T7j4nGdclIuXeUsJ1MdnrRnpYgJVedRn4Xhgosu64h5autzuMCC2D/z+kTJ8ygC0ZOxx5RjGrVduLti7cTT3YIo0Uudfl/pAN1lTmpPstnHdTlp1PFLTK7v/5nnIGsEu0wZxBDS/l5Y32Syhawzg3EpPSeFom9tbEVtGtVawM1GBt3yCzxtjydK7p3U/z7WMCb0+7Aji+O9Cj/iaVf/dzT1GfxVqt52GAcY6xv4sEd82vQuvl66qubMvIEji+C49cdyti3wrQESCeQOApmCxLqKakoQnw0avkTZ8X8CYUHtn7GGa9LUlgXiEijZUm2EjpssMkA9ILXW55XLorPePmzbV+PRiiGr6916EbqMpiS1lrp3Bj+2EEOtiKxd6ocF1GhT+j/vKBCunXXfDMNpn4/HdbcWJvyWQo5/gtUT7oGUIC42ox8o8YhPAmluD5Nhi9QaSxbJldOeHwewTdt9q5bcHVcC4W0L+GafuU5vr/9kRu7xbLx6mv+c5DesACWW1mXVCMXW5JQwSgArrFlLCO0CTZ8WEJp1GK9GOz1w6eah9GP8eGLGqQvqJGcwt67SN/mHKD6FdjMMZd8pDfriVyTURLMhJOFX82zCrJ8KGae3pqL/fwE7Vp2ZuvgXjBQIM/RQaMcMkye1xHnrnP2X4QkPuoC4eM/UD7agN7Ndf9tIqGvFSI5yyobHWyanPEL3wI3O7eZbxSMwHVn5ridb0h0iPx8d8cLiL7BVjms3NL9CqJ4g4RxhKsaGzoxYlbXikGcFZPw9EUBgWDHdUaCp26xPJTA3oMgs1EMwkXeQ5u1c1BCtzZgks7jlKr6Xm+6GkVpKivM9PQFU9mEda2SWIGc+jU7v3iIcVQtpKpRf+madC5Jct/wZ2THOJ8GsFqwFj4eQ/LwJ5VgXTyOGhN5urKZo3TFbP/oVqimEUY2QErx1OJG8Btb/Or70hvw/4cY4yCT3KLFk/6iaw05ct4K43wfopd3qzsLmPapL9FK4zpMiob+waNgupEskfjaZAH+B5tfqXvGhlBVBb7PVY8EL3oJjdBPMv/huxSUY6KEctPZUqq8VHJMtNCpXVKVnqkIIDtg0ABy7rd2i8T4CcRU4RNxIrmqHCAdq9C5RkkHV01TjjCmFMue3wiBmtuTpK7QiJHfCCjDny9nnxzgR8Ubxl5RJq7TzZYRngFm9lQxQWvTpbtXsl150YPUuAMhxSJRFe6jCh/DUki7V9AZTVV3Rlv0e4W1DfNN+9FBzqxJ/bKVbkrRDQGXnvpsg2ZW1neizTstPrdUOa3hYnm6mk7FtPzr4/RNfkyg/WLYO78b/0hlDrYa8tEvWkOv5iCxSw01JIt54HNqYyfNAhtudYJb2246PN9lXQuCO3q82NaZeF49owvowklYlb69xdiMEiqF7S2zAYFzjhjy/FxYYuLHtL0gFPzvwe5NIBMPU4ywMZ4PSZ2OyJCUUf8yjL3wbEU1tDTBtiwCbWzaMXt324TcfaI5k6TwE5kkHJ41PqrYBG+quLgWjBjf659A0gC4Ki3SPDzicCJqc3flYap/kl2IAStE/QQ9Ur69P4UXr+r96eXJ1JaI2IIpahsqooqoFgfLH/VA23eAXl0gB4pzRtX2Hh7FG/W1/L1J6p1z+IMzQ//CaxaCVM2FaQ01WNO893GPXBySFu37buLiEDS+xMZUt7hutPEaH39xLr81QaiIaLNtWsg8tEd3ljr8YdeJKtgq+MiYgcwfSvRsOYZ1t9Hh9e4wdWE2enDUIVjhWsEmhccVYIDyN4kPJcSvLx1Qe3feY6eRa7pdeFM9XtAL9RBgpSdRWmfDmK9oyiHWNU8UtSIIEyT0PQSf/PuQ84MR87pSSQH4P6Z9oP5WDWJufFhBrUlZT99nqQ3joRceWFRfrYbhnClA7Y0UfqOMgISEXbCMI9VRQg0FZAtrrhtX+IY5KHVyzK8YH48+k8WwEfqOkgWglJx34ylWx8mFfgW2Xb8M3c+Ttv9dkVdTVHJuLd1JLVjX7O92z1mUmj4RMRgtY1sJI/McXMizppEq5M3QWHt4egi3mfSnO+kKoHTWokRnH7yULVO2NNzgnUU8Lpb3+YgNghr8bpV+M95R0BvOweo6ZY6XIJnSrwtAbdpo6eyG7Y6j5+OwDTBWwrQUeFpsmgEAjtoo7QqFbWaN09VC8kH7dP4Jhql1VlGT+D5IXgZfhP+ojdcnqyvvORlK8wdSlzpj48fXaORtd1OGDTrjMhjfpdyd1ZbCZ3/Cew4AsZtAv2fTlsFNzsPF1zDth+ag+Nv72m4y4C0Eu5cVJJ619fMSMU467xWPg1wneU4XTYVryJqSLhEXc02kkpUew29FA5XHr+LOT98mBfmYN0WgJoYg2qDxjrHJWNLxGRJwmwZ2+jjKhDDg6UtD/LDHLWLEjTaFdqS0zH5itl90u4aylIwms6mNyhJvXpAxvpu56LyNLgX5tqYvI97BT+wXMCn8bevJg4GZFhtAJUmqdWy/YTdK0eg29/aVQbDd8rIVkKnxQEtPqy83SvqqwR+zfaQS8nxkNHQdW8maTtvGL2VUiOfpeidFwag3wTz9k6lHplaBxEOYxk+q9qTc1OZvNwwTlkBvbtCx6XipuzNoL41u16ceq+VNQt9MsaFqMjGODh+idfML9XS5qEjhlU9owBpNKw5znAuLe6EBRoSrguTEbdKmL3pcjpBYwn8yjZoeM5ryVznp7WPo/tJZ7GCaySncbrE97Yjg8m05w3xYQIpe1JGpQ4ZWfKW62ArH0lcL8yhNzljg6QahipsssD+AGwlgUl5wPbnqclX+qCuhwBxFsg9c5rNIRExLlykCjPb9lG0nlW56cQ6ML4AsDbdZCaisawFxaHxoDjqNRe5GZNts+GiDEWAewmMmULp8n0Gt3DHxntXkU8lPRhdn9n/o1PIF9kW2pJvL/8fVTDfWJ4jd/5eVCph1E8sFjPNBRwt/edTn6orjpZgHe3tF5JfqZEehqtjMbetIxXgA86BZr5FJcE3LdjF0Ahy/9o2vVUs8Im3CMfpQrU3q+b6SyPSpkrF9Twlwb8M7Zjc/GedVUKbTp8dHhk5QIMpvKgtpexCGnkhCTuSppPy1Im7CC2YpWvsvSdVMcMmp4xGAKFr7Mewd9ZEXH2Hy5d7+kVo6P7G2q5pH/KZAzNh7xfvCl6wnefU+mg6QUWmjlu4ocdR6t4x20z9HnH//aFQB4vt9eENZ9WHQ0Y3T91hAej+sKzABqq68ori9Spe+PSYQtLO/eXT+lZOIlivO4IUP4fxkQqXYyGAs9iVH5mpFh5eT9ZemuX1PTjz0VA/55ilmtB9ZzMH7KgELRu1LFWfa8N2eXDnFlYXjfjUmfx2dcW4QcNNKRh+0OfrKeDN7SdQN//tZvftzPQGM5t3EiHI81vGIn1TyCxOnrKLBkh+rGh0MPFX2eret/fEE3BAYzjvDM+zOHmKoMFX1qGKOCD4tlOEEQTXPIizqVFkoZ/rquNWgmDkdkzEIz89w/3A6Gu5MDYESBfB+SE5gDA8Xj8zjXdMkkU8oLStJ0JpNDtso+nz1lYZlpWoZYolEF7q511T816pBZ+PEYlOsFc2Rlin5ChObd2pW+iOPMkVkcmSkyDAWJiAxMrZt7ZY1v67Bv9NIin/4C/zL5lWNTZVvnw0ALTTco4qgVYHO+YiXCvykEFj0K6UHzIhUlc1HKbELsOz2NSIAFI5YoIQMY3CJp0Rot+LFwmlI5zqmhumfzsmCSku7uy2NUYNMs10JY7qam1O2o5XQIo6pSN6t5cA5Bpo6UXJqhGP+04B1jn/jqv/K6BcA7xNBJNl7Z6Q9skyENWt1l23uxpwNovAqVz88beFnjdFGLxL9KXFqbj5ECEaXWYEjrPm4xTmGLtHtHQosi5kJas6LOfAvNRNk/9Z+xJk0WPo5DfIqLEIEf1lpQ8xIDE0YQ7bnvZs8AW5y5rDSfoCrf9/Hp9W30Uom8AVwtV15kPGofS4p+PJ/jK/GVZA+eJWmcY72r6f91A8yqvsU7u0YB64+SBhUJhZ4I0Bc0qU9z5TzqBW9bc5BfZDRK90CEUl7zY5SthTcr8BSv4hp0+55NUG///G+AxDV9u86jW1j8UQVZR3Yc9XGZsPJtWo5m2GyHG0nr6V7zyNCK/v+IeVcmUrKr757eXYtH644rKlo7LwGl8Lkcy4PqrbLPu7ikYUSxwTePWjLT1aMyLzdVyikWZhLIbsadM5uPoFfej9QO59pZ44mgtq1xx6PEfGkSbj9QpZy1jBR0TS2jNWAdaxy08Snp+sdQ54570XREQ3XmEUYg90HhNJlwDLKwSwc8U0MlsjrwebKPZJa85zgW1ydn7FtI9xTs0KdqhMP9jc4T2OCymeUDTJXpa38XCEl51/PjCWH8c2SiDOU32ADCH3xa100RW/kM+R1YmS6kXgmG7y0M80L5UVAVVbNUo8Ucn3WU+/bYgVEuueMUL8oEe7INVazXZf1K8lXwztYTeaqfTTNndJ8b4Hb5MGU</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
Message has been deleted
benoit petithomme
Mar 16, 2024, 6:17:48 AM3/16/24
to incepti...@googlegroups.com
Good morning
this error also which is due to the fact that the id level conf concerns the sp does not have the inception logout url, what is this logout url that I must specify at idp level,SingleLogoutService ?
09:47:06.489 [http-nio-8080-exec-1] ERROR de.tudarmstadt.ukp.clarin.webanno.ui.core.page.ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again
inception is in a docker environment behind an nginx ssl reverse proxy (same key and crt as inception) inception build:29.4 (2023-10-03 21:41:54, build a9478471)
below my idp conf for the sp:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://xxxxx/saml2/service-provider-metadata/inception-client">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:X509Data>
<ds:X509Certificate>inception crt</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:X509Data>
<ds:X509Certificate>inception crt</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xxxx/login/saml2/sso/inception-client" index="1"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="???"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
thank you for your help--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/6743be01-c22a-413e-8bab-97d34df65e09n%40googlegroups.com.
Richard Eckart de Castilho
Mar 16, 2024, 6:31:19 AM3/16/24
to incepti...@googlegroups.com
Hi,
> On 16. Mar 2024, at 11:17, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> this error also which is due to the fact that the id level conf concerns the sp does not have the inception logout url, what is this logout url that I must specify at idp level,SingleLogoutService ?
> 09:47:06.489 [http-nio-8080-exec-1] ERROR de.tudarmstadt.ukp.clarin.webanno.ui.core.page.ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again
The message "Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again" is generated when the login to SSO failed. At the time, I was implementing this, it helped me to go to the IdP itself (in my case Keycloak), end the session there, and then come back to INCEpTION to reinitiate the session. So I added this suggestion to the error message. If it does not help you, you probably have a different problem than I had a the time.
I believe that specifying a single logout URL should not be mandatory. I am not even sure if specifying a logout URL in the SAML data works.
There is also a setting `auth.preauth.logoutUrl` that can be specified in the `settings.properties` file - I think that one probably works
(at least it seems to work on our SAML-based instance - but that one is not yet using the native SAML support in INCEpTION but rather
a reverse proxy SP).
```
auth.preauth.logoutUrl=https://my.host/Shibboleth.sso/Logout
```
If you want to know what the logout URL of your IdP ist, you need to check the documentation/configuration for your IdP.
Cheers,
-- Richard
> On 16. Mar 2024, at 11:17, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> this error also which is due to the fact that the id level conf concerns the sp does not have the inception logout url, what is this logout url that I must specify at idp level,SingleLogoutService ?
> 09:47:06.489 [http-nio-8080-exec-1] ERROR de.tudarmstadt.ukp.clarin.webanno.ui.core.page.ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again
I believe that specifying a single logout URL should not be mandatory. I am not even sure if specifying a logout URL in the SAML data works.
There is also a setting `auth.preauth.logoutUrl` that can be specified in the `settings.properties` file - I think that one probably works
(at least it seems to work on our SAML-based instance - but that one is not yet using the native SAML support in INCEpTION but rather
a reverse proxy SP).
```
auth.preauth.logoutUrl=https://my.host/Shibboleth.sso/Logout
```
If you want to know what the logout URL of your IdP ist, you need to check the documentation/configuration for your IdP.
Cheers,
-- Richard
Richard Eckart de Castilho
Mar 16, 2024, 6:37:27 AM3/16/24
to incepti...@googlegroups.com
Hi,
> On 16. Mar 2024, at 00:38, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> thank you very much for the response, the idp part is ok, they post what is needed (I am well authenticated at idp level, but I have the following error at app level:
> 2024-03-15 23:15:42 ERROR [SYSTEM] Decrypter - SAML Decrypter encountered an error decrypting element content: Failed to decrypt EncryptedData
> 2024-03-15 23:15:42 ERROR [SYSTEM] ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again.
> 2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
> 2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
To me it sounds like the certificates are not compatible with each other.
Maybe you can try increasing the log level of INCEpTION to get more information by adding these lines to your `settings.properties`:
logging.level.org.opensaml=TRACE
logging.level.org.springframework.security.saml2=TRACE
Restart INCEpTION for the settings to take effect.
Cheers,
-- Richard
> On 16. Mar 2024, at 00:38, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> thank you very much for the response, the idp part is ok, they post what is needed (I am well authenticated at idp level, but I have the following error at app level:
> 2024-03-15 23:15:42 ERROR [SYSTEM] Decrypter - SAML Decrypter encountered an error decrypting element content: Failed to decrypt EncryptedData
> 2024-03-15 23:15:42 ERROR [SYSTEM] ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again.
> 2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
> 2024-03-15 23:16:24 ERROR [SYSTEM] Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
Maybe you can try increasing the log level of INCEpTION to get more information by adding these lines to your `settings.properties`:
logging.level.org.opensaml=TRACE
logging.level.org.springframework.security.saml2=TRACE
Restart INCEpTION for the settings to take effect.
Cheers,
-- Richard
benoit petithomme
Mar 16, 2024, 8:07:16 AM3/16/24
to incepti...@googlegroups.com
here is the trace log
12:03:17.956 [http-nio-8080-exec-6] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
12:03:17.957 [http-nio-8080-exec-6] ERROR org.opensaml.xmlsec.encryption.support.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.xmlsec.encryption.support.Decrypter - Attempt to decrypt EncryptedData using key extracted from EncryptedKey failed:
org.opensaml.xmlsec.encryption.support.DecryptionException: Valid decryption key for EncryptedKey could not be resolved
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptKey(Decrypter.java:673) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:827) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptDataToDOM(Decrypter.java:554) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptDataToList(Decrypter.java:470) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptData(Decrypter.java:430) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.saml.saml2.encryption.Decrypter.decryptData(Decrypter.java:181) ~[opensaml-saml-api-4.3.0.jar!/:?]
at org.opensaml.saml.saml2.encryption.Decrypter.decrypt(Decrypter.java:109) ~[opensaml-saml-api-4.3.0.jar!/:?]
at org.springframework.security.saml2.provider.service.authentication.OpenSamlDecryptionUtils.decryptResponseElements(OpenSamlDecryptionUtils.java:62) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.lambda$createDefaultResponseElementsDecrypter$7(OpenSaml4AuthenticationProvider.java:611) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.process(OpenSaml4AuthenticationProvider.java:546) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.authenticate(OpenSaml4AuthenticationProvider.java:505) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) [spring-security-core-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter.attemptAuthentication(Saml2WebSsoAuthenticationFilter.java:110) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter.doFilterInternal(Saml2MetadataFilter.java:86) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter.doFilterInternal(Saml2WebSsoAuthenticationRequestFilter.java:186) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) [spring-boot-actuator-2.7.16.jar!/:2.7.16]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:765) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1790) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.80.jar!/:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver$ChainingIterator - Getting key iterator from next resolver: class org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver$ChainingIterator - Getting key iterator from next resolver: class org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver$ChainingIterator - No more resolvers available in the resolver chain
12:03:17.957 [http-nio-8080-exec-6] DEBUG org.opensaml.xmlsec.encryption.support.Decrypter - Failed to decrypt EncryptedData using EncryptedKeyResolver
12:03:17.957 [http-nio-8080-exec-6] ERROR org.opensaml.xmlsec.encryption.support.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
12:03:17.957 [http-nio-8080-exec-6] ERROR org.opensaml.saml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content: Failed to decrypt EncryptedData
12:03:17.959 [http-nio-8080-exec-6] TRACE org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter - Failed to process authentication request
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException: org.opensaml.xmlsec.encryption.support.DecryptionException: Failed to decrypt EncryptedData
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.createAuthenticationException(OpenSaml4AuthenticationProvider.java:714) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.lambda$createDefaultResponseElementsDecrypter$7(OpenSaml4AuthenticationProvider.java:614) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.process(OpenSaml4AuthenticationProvider.java:546) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.authenticate(OpenSaml4AuthenticationProvider.java:505) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter.attemptAuthentication(Saml2WebSsoAuthenticationFilter.java:110) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter.doFilterInternal(Saml2MetadataFilter.java:86) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter.doFilterInternal(Saml2WebSsoAuthenticationRequestFilter.java:186) [spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) [spring-security-web-5.8.7.jar!/:5.8.7]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) [spring-boot-actuator-2.7.16.jar!/:2.7.16]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.3.30.jar!/:5.3.30]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.30.jar!/:5.3.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:765) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1790) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.80.jar!/:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.80.jar!/:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: org.springframework.security.saml2.Saml2Exception: org.opensaml.xmlsec.encryption.support.DecryptionException: Failed to decrypt EncryptedData
at org.springframework.security.saml2.provider.service.authentication.OpenSamlDecryptionUtils.decryptResponseElements(OpenSamlDecryptionUtils.java:66) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.lambda$createDefaultResponseElementsDecrypter$7(OpenSaml4AuthenticationProvider.java:611) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
... 68 more
Caused by: org.opensaml.xmlsec.encryption.support.DecryptionException: Failed to decrypt EncryptedData
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptDataToDOM(Decrypter.java:564) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptDataToList(Decrypter.java:470) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.xmlsec.encryption.support.Decrypter.decryptData(Decrypter.java:430) ~[opensaml-xmlsec-api-4.3.0.jar!/:?]
at org.opensaml.saml.saml2.encryption.Decrypter.decryptData(Decrypter.java:181) ~[opensaml-saml-api-4.3.0.jar!/:?]
at org.opensaml.saml.saml2.encryption.Decrypter.decrypt(Decrypter.java:109) ~[opensaml-saml-api-4.3.0.jar!/:?]
at org.springframework.security.saml2.provider.service.authentication.OpenSamlDecryptionUtils.decryptResponseElements(OpenSamlDecryptionUtils.java:62) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.lambda$createDefaultResponseElementsDecrypter$7(OpenSaml4AuthenticationProvider.java:611) ~[spring-security-saml2-service-provider-5.8.7.jar!/:5.8.7]
... 68 more
12:03:17.959 [http-nio-8080-exec-6] TRACE org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter - Cleared SecurityContextHolder
12:03:17.959 [http-nio-8080-exec-6] TRACE org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter - Handling authentication failure
12:03:17.971 [http-nio-8080-exec-7] TRACE org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter - Did not match request to Ant [pattern='/login/saml2/sso/{registrationId}']
12:03:17.988 [http-nio-8080-exec-7] ERROR de.tudarmstadt.ukp.clarin.webanno.ui.core.page.ApplicationPageBase - anonymousUser: Login with SSO service failed. You might try logging out of your SSO service before trying to log in here again.
12:03:18.110 [http-nio-8080-exec-8] TRACE org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter - Did not match request to Ant [pattern='/login/saml2/sso/{registrationId}']
--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/7FA18949-6037-4993-87F9-30BDA904D01B%40gmail.com.
Richard Eckart de Castilho
Mar 16, 2024, 9:05:28 AM3/16/24
to incepti...@googlegroups.com
So this is far outside INCEpTION code inside the OpenSAML library.
... but what I gather from looking at the code of the library is that there is some message and set of keys and
the libraries tries to find a key that belongs to the recipient of the message and it doesn't find it.
> Attempt to decrypt EncryptedData using key extracted from EncryptedKey failed:
> org.opensaml.xmlsec.encryption.support.DecryptionException: Valid decryption key for EncryptedKey could not be resolved
So maybe your certificates do not match some identifier or there is some inconsistency between identifiers in the SAML
messages and the associated certificates?
Unfortunately, I am not an expert of the SAML protocol and diagnosing this without being able to step through the code
and inspecting what happens at which point is like fishing in dirty water.
-- Richard
... but what I gather from looking at the code of the library is that there is some message and set of keys and
the libraries tries to find a key that belongs to the recipient of the message and it doesn't find it.
> Attempt to decrypt EncryptedData using key extracted from EncryptedKey failed:
> org.opensaml.xmlsec.encryption.support.DecryptionException: Valid decryption key for EncryptedKey could not be resolved
messages and the associated certificates?
Unfortunately, I am not an expert of the SAML protocol and diagnosing this without being able to step through the code
and inspecting what happens at which point is like fishing in dirty water.
-- Richard
benoit petithomme
Mar 18, 2024, 7:40:59 AM3/18/24
to incepti...@googlegroups.com
hello on a new installation what do these warnings correspond to ?
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20181101-1::WebAnno Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-3::WebAnno Team' has not been run
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20181126-2::INCEpTION Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20190125-1a::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20190125-1b::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20190125-1c::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20100129-1::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20190528-1::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20190711-1::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20200216-1::WebAnno Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210109-1::WebAnno Team
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210109-1::WebAnno Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-2::WebAnno Team' has not been run
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210112-1::WebAnno Team
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210112-1::WebAnno Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-3::WebAnno Team' has not been run
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210218-1::INCEpTION Team
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210218-1::INCEpTION Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-11::WebAnno Team' has not been run
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210218-2::INCEpTION Team
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210218-2::INCEpTION Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-14::WebAnno Team' has not been run
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210514-01::INCEpTION Team
Running Changeset: de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210716-01::INCEpTION Team
WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20210716-01::INCEpTION Team despite precondition failure due to onFail='WARN':
1 preconditions failed
db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-11::WebAnno Team' has not been run
--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/5309B7F1-F636-49B7-9377-4D6F71D184D5%40gmail.com.
benoit petithomme
Mar 18, 2024, 8:08:30 AM3/18/24
to incepti...@googlegroups.com
and how to remove the warning that appears at the bottom right, thank you
Richard Eckart de Castilho
Mar 18, 2024, 8:17:35 AM3/18/24
to incepti...@googlegroups.com
> On 18. Mar 2024, at 13:08, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> and how to remove the warning that appears at the bottom right, thank you
-- Richard
benoit petithomme
Mar 18, 2024, 10:59:55 AM3/18/24
to incepti...@googlegroups.com
ok it's a firefox behavior, I don't have this problem under chrome--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/64CEEC85-C12B-408A-B790-5272912A7F39%40gmail.com.
Richard Eckart de Castilho
Mar 18, 2024, 1:57:47 PM3/18/24
to incepti...@googlegroups.com
Hi,
> On 18. Mar 2024, at 12:40, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> hello on a new installation what do these warnings correspond to ?
>
> WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20181101-1::WebAnno Team despite precondition failure due to onFail='WARN':
> 1 preconditions failed
> db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-3::WebAnno Team' has not been run
Sounds you have been trying to run INCEpTION on a database were you did remove the content of all tables, but not the tables themselves.
E.g. the changeset `1512223050574-3` was trying to create the table `annotation_type` but apparently failed probably because the table already existed.
When you want to deploy INCEpTION on a fresh database, make sure that it is completely empty - no tables.
Cheers,
-- Richard
> On 18. Mar 2024, at 12:40, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> hello on a new installation what do these warnings correspond to ?
>
> WARNING: Executing de/tudarmstadt/ukp/clarin/webanno/model/db-changelog.xml::20181101-1::WebAnno Team despite precondition failure due to onFail='WARN':
> 1 preconditions failed
> db/changelog/db.changelog-master.xml : Change Set 'db/changelog/db.changelog-master.xml::1512223050574-3::WebAnno Team' has not been run
E.g. the changeset `1512223050574-3` was trying to create the table `annotation_type` but apparently failed probably because the table already existed.
When you want to deploy INCEpTION on a fresh database, make sure that it is completely empty - no tables.
Cheers,
-- Richard
Richard Eckart de Castilho
Mar 18, 2024, 1:58:46 PM3/18/24
to incepti...@googlegroups.com
Considering the you have made it to the login screen and found the warning in the footer - have you resolved your SAML problems now?
-- Richard
-- Richard
benoit petithomme
Mar 18, 2024, 4:10:20 PM3/18/24
to incepti...@googlegroups.com
This is not the case here, I systematically download a snap of the vm from vmware before installation via play ansible
--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/A46457DF-4786-43C0-BCB6-F8B905BD80F8%40gmail.com.
Richard Eckart de Castilho
Mar 18, 2024, 5:48:13 PM3/18/24
to incepti...@googlegroups.com
> On 18. Mar 2024, at 21:10, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> This is not the case here, I systematically download a snap of the vm from vmware before installation via play ansible
The precondition for `1512223050574-3` is
>
> This is not the case here, I systematically download a snap of the vm from vmware before installation via play ansible
```
<preConditions onFail="MARK_RAN">
<not>
<tableExists tableName="annotation_type" />
</not>
</preConditions>
```
If that fails, it should mean the table already exists.
If you start with an empty DB, it cannot exist - sound strange.
Anyway, does the application boot up and run despite the warnings?
-- Richard
benoit petithomme
Mar 19, 2024, 6:18:47 AM3/19/24
to incepti...@googlegroups.com
yes the application starts, these warnings are present in the logs, can import the version of mariadb or inception, this also does it with the docker compose example available on the site and this by doing well before installation a:docker volume rm creation_app-data
docker volume rm inception_app-data--
You received this message because you are subscribed to the Google Groups "inception-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inception-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inception-users/C6CFAC69-3261-438E-BCE5-DB24F5B06B05%40gmail.com.
Richard Eckart de Castilho
Mar 19, 2024, 8:36:14 AM3/19/24
to incepti...@googlegroups.com
Hi
> On 19. Mar 2024, at 11:18, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> yes the application starts, these warnings are present in the logs, can import the version of mariadb or inception, this also does it with the docker compose example available on the site and this by doing well before installation a:docker volume rm creation_app-data
> docker volume rm inception_app-data
I am in the process of setting up automated integration testing for pycaprio and when I start the Docker image there, I see the same warnings.
So, I guess they are harmless, but I still wonder why we get them. So far, I don't know yet - and I agree it would be better if there were no warnings.
Cheers,
-- Richard
> On 19. Mar 2024, at 11:18, benoit petithomme <benoit.p...@gmail.com> wrote:
>
> yes the application starts, these warnings are present in the logs, can import the version of mariadb or inception, this also does it with the docker compose example available on the site and this by doing well before installation a:docker volume rm creation_app-data
> docker volume rm inception_app-data
So, I guess they are harmless, but I still wonder why we get them. So far, I don't know yet - and I agree it would be better if there were no warnings.
Cheers,
-- Richard
Reply all
Reply to author
Forward
0 new messages