Hi all, Related not being able to login without userstore name, with further debugging, identified that below exception is thrown at [1]
> java.security.PrivilegedActionException: > org.wso2.carbon.user.core.UserStoreException: Error when handling event : > PRE_AUTHENTICATION > at java.security.AccessController.doPrivileged(Native Method) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:463) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.run(AbstractUserStoreManager.java:451) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.run(AbstractUserStoreManager.java:442) > at java.security.AccessController.doPrivileged(Native Method) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:442) > at > org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator.processAuthenticationResponse(BasicAuthenticator.java:269) > at > org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:69) > at > org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator.process(BasicAuthenticator.java:82) > at > org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:465) > at > org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(DefaultStepHandler.java:439) > at > org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:143) > at > org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:173) > at > org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:122) > at > org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:138) > at > org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46) > at > org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.sendRequestToFramework(SAMLSSOProviderServlet.java:995) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:159) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doPost(SAMLSSOProviderServlet.java:107) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.wso2.carbon.user.core.UserStoreException: Error when > handling event : PRE_AUTHENTICATION > at > org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:612) > at > org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:548) > at > org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPreAuthenticate(IdentityMgtEventListener.java:84) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticateInternal(AbstractUserStoreManager.java:505) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.access$100(AbstractUserStoreManager.java:71) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.run(AbstractUserStoreManager.java:466) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.run(AbstractUserStoreManager.java:463) > ... 65 more > Caused by: org.wso2.carbon.identity.event.IdentityEventException: Error > while retrieving account lock claim value > at > org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler.handleEvent(AccountConfirmationValidationHandler.java:80) > at > org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56) > at > org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:599) > ... 71 more > Caused by: org.wso2.carbon.user.core.UserStoreException: UserNotFound: > User pushdoes not exist in: PRIMARY > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:168) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:580) > at > org.wso2.carbon.identity.recovery.handler.AccountConfirmationValidationHandler.handleEvent(AccountConfirmationValidationHandler.java:78) > ... 73 more > Caused by: java.security.PrivilegedActionException: > java.lang.reflect.InvocationTargetException > at java.security.AccessController.doPrivileged(Native Method) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:158) > ... 75 more > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:161) > ... 77 more > Caused by: org.wso2.carbon.user.core.UserStoreException: UserNotFound: > User pushdoes not exist in: PRIMARY > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:594) > ... 82 more > - AccountConfirmationValidationHandler[2] tries to verify whether the user-account is locked when handling PRE_AUTHENTICATION.When trying to retrieve account lock claim an exception is thrown and it terminates the authentication flow. User is only searched within PRIMARY user store. - When AccountConfirmationValidationHandler is disabled I am able to login to dashboard without userstore domain name. - The other concern is checking for account lock claim of a particular user before authenticate will block users with same name in secondary users stores getting authenticated What is the best way to handle this scenarios? [1] https://github.com/wso2/carbon-kernel/blob/release-4.4.9/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L476 [2] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/handler/AccountConfirmationValidationHandler.java#L72 Thanks! -Ayesha On Mon, Oct 31, 2016 at 1:55 PM, Ayesha Dissanayaka <aye...@wso2.com> wrote: > > On Fri, Oct 28, 2016 at 6:02 PM, Darshana Gunawardana <darsh...@wso2.com> > wrote: > >> >> This should be possible. Are you getting any errors in UI or in console? >> If not can you enable debug logs in user.core and see any error getting >> printed? >> > > No errors in the backend. > > In the UI it shows below error message. > > "Login failed! Please recheck the username and password and try again." > > When I try "TEST/ayesha" as username, I can login. > > I have enabled debug logs for user core and below are the logs in two > cases. > > *without userstore name, username only "ayesha"* > >> [2016-10-31 13:35:22,837] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Searching for user ayesha003 >> [2016-10-31 13:35:22,844] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Searching for user with SearchFilter: >> (&(objectClass=person)(uid=ayesha003)) >> in SearchBase: >> [2016-10-31 13:35:22,855] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Name in space for ayesha003 is null >> [2016-10-31 13:35:22,856] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - User: ayesha003 exist: false >> [2016-10-31 13:35:22,863] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Searching for user ayesha003 >> [2016-10-31 13:35:22,866] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Searching for user with SearchFilter: >> (&(objectClass=person)(uid=ayesha003)) >> in SearchBase: >> [2016-10-31 13:35:22,870] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - Name in space for ayesha003 is null >> [2016-10-31 13:35:22,870] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} >> - User: ayesha003 exist: false >> > > > *with userstore name "TEST2/ayesha"* >> >> *[2016-10-31 13:36:10,657] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >> for user ayesha003* >> *[2016-10-31 13:36:10,663] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >> for user with SearchFilter: (&(objectClass=person)(uid=ayesha003)) in >> SearchBase: * >> *[2016-10-31 13:36:10,666] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - *Name >> in space for ayesha003 is uid=ayesha003,ou=Users,dc=wso2,dc=org >> *[2016-10-31 13:36:10,666] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >> ayesha003 exist: true* >> *[2016-10-31 13:36:10,666] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >> for user ayesha003* >> *[2016-10-31 13:36:10,667] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value >> after escaping special characters in ayesha003 : ayesha003* >> *[2016-10-31 13:36:10,667] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >> ayesha003 exist: true* >> *[2016-10-31 13:36:10,684] DEBUG >> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >> for user with SearchFilter: (&(objectClass=person)(uid=ayesha003)) in >> SearchBase:* > > > Created https://wso2.org/jira/browse/IDENTITY-5291 to track this. > > Thanks! > -Ayesha > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: aye...@wso2.com <ayshsa...@gmail.com> > -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
