| Issue 1010: | Problems with openid registration in new gerrit | |
| 2 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.2.1 What steps will reproduce the problem? 1. We had gerrit version 2.1.6.1 and home openid server (crowd - atlassian.com). Autorization with OpenID 2. Upgrading to 2.1.7 and after upgrading to 2.2.1. 3. We have problem with registration new users. What is the expected output? What do you see instead? [2011-06-10 17:58:16,396] WARN / : Unexpected error during authentication org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed at org.openid4java.message.Message.getExtension(Message.java:495) at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.doAuth(OpenIdServiceImpl.java:320) at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doPost(OpenIdLoginServlet.java:50) at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doGet(OpenIdLoginServlet.java:40) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:54) at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:921) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114) at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:59) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114) at org.eclipse.jetty.server.Server.handle(Server.java:352) at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596) at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1052) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:590) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:212) at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450) at java.lang.Thread.run(Thread.java:662)
Jun 10, 2011
#1
denyastr...@gmail.com
Jun 10, 2011
Help me, please...=(((
Jun 11, 2011
I have the same issue. When I use delegate authentication.
Jun 13, 2011
>[2011-06-10 17:58:16,396] WARN / : Unexpected error during authentication > org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed This is most likely an error in your OpenID server. The standard strongly encourages servers to sign attributes, to prevent them from being forged. I would take this up with your OpenID vendor. Gerrit 2.1.7 and later upgraded to a newer version of the openid4java client to fix a major security flaw in the openid4java's validation of a user's information. The new code is stricter to the standard, because the old way permitted forging of user identity data in some pretty nasty ways. Your vendor should already be testing their server product against openid4java, as its one of the most popular clients available for the Java platform. They may already a patched version of their server product available that fixes this issue.
Status:
WontFix
Jun 13, 2011
Thank you very much
May 28, 2015
Hi Team, This is regarding apache2, Crowd OpenID authentication with Delegated Directory based LDAP issue with Git/Gerrit. My Environment details: Operating system: Ubuntu 12.4 LTS – 64 bit. Apache2 Version Server version: Apache/2.2.22 (Ubuntu) Server built: Mar 5 2015 18:10:14 Crowd Version - Atlassian Crowd Version: 2.8.2 Problem description:- I have configured Crowd OpenID authentication with Delegated directory type Microsoft Active Directory with our LDAP settings and provided necessary permissions to crowd-openid-server settings and to our git/gerrit server. Currently my (gerrit.config) file has below settings to access our git/gerrit portal. [auth] type = OPENID_SSO openIdSsoUrl = http://100.101.102.103:8095/openidserver/ logoutUrl = http:// 100.101.102.103:8095/gerrit_logout.html But when tried access my gerrit portal, front end shows sign in button once I clicked that the authentication not forwarding to crowd page to enter my login-id and password. It remains on local host itself(means remains in gerrit portal itself). Note: we have two servers: one for Git/Gerrit & another one for Crowd. So kindly advise me to fix the same. Thanks, Mohan |
|
| ► Sign in to add a comment |