My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1010: Problems with openid registration in new gerrit
2 people starred this issue and may be notified of changes. Back to list
Status:  WontFix
Owner:  ----
Closed:  Jun 2011


Sign in to add a comment
 
Reported by denyastr...@gmail.com, Jun 10, 2011
Affected Version: 2.2.1

What steps will reproduce the problem?
1. We had gerrit version 2.1.6.1 and home openid server (crowd - atlassian.com). Autorization with OpenID
2. Upgrading to 2.1.7 and after upgrading to 2.2.1.
3. We have problem with registration new users.

What is the expected output? What do you see instead?

[2011-06-10 17:58:16,396] WARN  / : Unexpected error during authentication
org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed
        at org.openid4java.message.Message.getExtension(Message.java:495)
        at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.doAuth(OpenIdServiceImpl.java:320)
        at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doPost(OpenIdLoginServlet.java:50)
        at com.google.gerrit.httpd.auth.openid.OpenIdLoginServlet.doGet(OpenIdLoginServlet.java:40)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216)
        at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141)
        at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:54)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:921)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
        at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:59)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
        at org.eclipse.jetty.server.Server.handle(Server.java:352)
        at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596)
        at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1052)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:590)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:212)
        at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450)
        at java.lang.Thread.run(Thread.java:662)



Jun 10, 2011
#1 denyastr...@gmail.com
Openid - local service in business network.
If i register in browser - we have 500 Problem accessing /OpenID. Reason: server error
Jun 10, 2011
#2 denyastr...@gmail.com
Help me, please...=(((
Jun 11, 2011
#3 rol...@rschulz.eu
I have the same issue. When I use delegate authentication.
Jun 13, 2011
#4 sop@google.com
>[2011-06-10 17:58:16,396] WARN  / : Unexpected error during authentication
> org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed

This is most likely an error in your OpenID server. The standard strongly encourages servers to sign attributes, to prevent them from being forged. I would take this up with your OpenID vendor.

Gerrit 2.1.7 and later upgraded to a newer version of the openid4java client to fix a major security flaw in the openid4java's validation of a user's information. The new code is stricter to the standard, because the old way permitted forging of user identity data in some pretty nasty ways.

Your vendor should already be testing their server product against openid4java, as its one of the most popular clients available for the Java platform. They may already a patched version of their server product available that fixes this issue.
Status: WontFix
Jun 13, 2011
#5 denyastr...@gmail.com
Thank you very much
May 28, 2015
#6 mohans...@gmail.com
Hi Team,

This is regarding apache2, Crowd OpenID authentication with Delegated Directory based LDAP issue with Git/Gerrit.

My Environment details:

Operating system: Ubuntu 12.4 LTS – 64 bit.
Apache2 Version
Server version: Apache/2.2.22 (Ubuntu)
Server built:   Mar  5 2015 18:10:14
Crowd Version - Atlassian Crowd Version: 2.8.2

Problem description:-

I have configured Crowd OpenID authentication with Delegated directory type Microsoft Active Directory with our LDAP settings and provided necessary permissions to crowd-openid-server settings and to our git/gerrit server.

Currently my (gerrit.config) file has below settings to access our git/gerrit portal.

 [auth]
  type = OPENID_SSO
  openIdSsoUrl = http://100.101.102.103:8095/openidserver/
  logoutUrl = http:// 100.101.102.103:8095/gerrit_logout.html


But when tried access my gerrit portal, front end shows sign in button once I clicked that the authentication not forwarding to crowd page to enter my login-id and password. It remains on local host itself(means remains in gerrit portal itself).

Note: we have two servers: one for Git/Gerrit & another one for Crowd.

So kindly advise me to fix the same.


Thanks,
Mohan
Sign in to add a comment

Powered by Google Project Hosting