Agate - Mica Connection

34 views
Skip to first unread message

Sönke Wehner

unread,
Aug 6, 2021, 10:54:05 AM8/6/21
to obiba-users

Hi obiba users,

I'm currently trying to set up Mica2 with agate for the User directories provided by agate.
I can make an account in agate and sign in there. The account has access to the application mica, which I've configured already.
If I try to sign into the mica server mica has these error messages:

ERROR org.obiba.mica.user.UserProfileService - Agate connection failure: 403 Forbidden
WARN  org.obiba.shiro.web.filter.AbstractAuthenticationExecutor - Login failed for user $User
INFO  org.obiba.mica.web.rest.security.SessionsResource - Authentication failure of user $User at ip: $unknownIP*: No account information found for authentication token [org.apache.shiro.authc.UsernamePasswordToken -  $User , rememberMe=false] by this Authenticator instance.  Please check that it is configured correctly.

It is obvious that something isn't configured correctly but I don't know what the problem in the configuration is since I couldn't find anything regarding this.
For the Application Settings I have https://IP:Port/ and also have tried with /auth/callback in the end.
What isn't obvious for me is why the info states an IP address I haven't set in any settings and that doesn't have a Server or anything at that address. Is there a different configuration setting then the 2 existing application.yml config files in /etc/mica2 and /usr/share/mica2/conf
Also is the variable agate.application.name in the config file for the name or the id of the application?

Each application is running on its own debian 10 machine.

With kind regards
Sönke Wehner

Yannick Marcon

unread,
Aug 6, 2021, 11:08:56 AM8/6/21
to obiba...@googlegroups.com
Hi,

Mica needs to be registered as an Agate's application:
1. in the Agate's administration interface, select the Application page and an application: you need to provide a name and a key.
2. in Mica's application.yml configuration file, set the same name and key

Regards
Yannick


--
You received this message because you are subscribed to the Google Groups "obiba-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obiba-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/obiba-users/362f5b40-b0a1-4e48-993e-1aed01357914n%40googlegroups.com.

Sönke Wehner

unread,
Aug 10, 2021, 8:38:58 AM8/10/21
to obiba-users
hi,

Name and key are provided and are the same in mica.
Do I need the Redirect URI for the Mica application? If yes what should it be (not having one and having is be the address of the site doesn't help)
The problem from the agate side:
"org.glassfish.jersey.servlet.WebComponent - A servlet request to the URI %ADDRESS%/ws/tickets?rememberMe=false contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected."

with kind regards,
Sönke

Sönke Wehner

unread,
Aug 10, 2021, 9:30:04 AM8/10/21
to obiba-users
Update:
I've deleted my testuser, generated a new key, used that key in mica and made a new user after that and gave it access to the mica application and groups.
Still doesn't work and getting these in the agate log:
2021-08-10 15:20:24,311 WARN  org.glassfish.jersey.servlet.WebComponent - A servlet request to the URI %agate%/ws/tickets?rememberMe=false contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
2021-08-10 15:20:24,346 INFO  org.obiba.agate.web.rest.security.AuthorizationValidator - Application 'Mica' not allowed for user 'testuser' at ip: '%mica%'
What am I missing?

Yannick Marcon

unread,
Aug 11, 2021, 2:00:11 AM8/11/21
to obiba...@googlegroups.com
Is your testuser in "Active" state?

Sönke Wehner

unread,
Aug 11, 2021, 10:05:42 AM8/11/21
to obiba-users
ok I found the problem:
one uppercase letter should have been a lower case letter in the application name/id.

thanks for the help & time.

with kind regards
Sönke
Reply all
Reply to author
Forward
0 new messages