I'm adding Mathuriga and Nadeeshani to this thread as similar issue is reported in the non-federated flow as well.
On Mon, Apr 16, 2018 at 3:13 PM Omindu Rathnaweera <[email protected]> wrote: > On Mon, Apr 16, 2018 at 5:45 AM, Darshana Gunawardana <[email protected]> > wrote: > >> AFAIR, this seems to be an issue with handling email type usernames >> without enabling email usernames.. >> >> Anyhow we have discussed to fix this from the sso consent >> implementation.. @Omindu: Do we have any git issue related to this? >> > > During SSO, we perform all the consent API related invocations after > starting a tenant flow and setting the authenticated username the carbon > context. I guess we can set the username accordingly based on whether the > email username is enabled or not when setting the user to the context. > > Created https://github.com/wso2/product-is/issues/3079 to track this. > > >> Thanks, >> >> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana < >> [email protected]> wrote: >> >>> >>> Hi Tharindu, >>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe < >>> [email protected]> wrote: >>> >>>> Hi Gayan, >>>> >>>> It seems the error is coming form the consent management feature. If >>>> you don't require this feature, you can simply turn it off from the >>>> following property in identity.xml file. >>>> >>>> <Consent> >>>> <!--Specify whether consent management should be enable during >>>> SSO.--> >>>> <EnableSSOConsentManagement>*false* >>>> </EnableSSOConsentManagement> >>>> </Consent> >>>> >>>> Alternatively you can turn off the following listener from identity.xml >>>> file too for getting rid of the issue. >>>> >>>> <EventListener >>>> type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" >>>> name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler" >>>> orderId="110" *enable*="*false*" /> >>>> >>> >>>> I could reproduce the same behavior and by setting any of the above >>>> configs, I could avoid the error and successfully authenticate the SP app >>>> (travelocity) with FB IDP. >>>> >>> Thanks for the explanation. I have already disabled consent management >>> to get it work. I suppose globally disabling consent management feature or >>> disabling the listener would not be a good solution. >>> >>>> >>>> @IAM Team - If we keep using the consent management feature, do we need >>>> any additional configuration? May be claim configuration to map the >>>> particular user claims which should require obtaining user consent? >>>> >>> >>>> Thanks, >>>> TharinduE >>>> >>>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I have configured travelocity.com sample application as SAML inbound >>>>> and Facebook as federated authenticator for IS-5.5.0. After adding >>>>> Facebook >>>>> credentials, got below UI. >>>>> >>>>> >>>>> ​After enabling debug logs found below exception. Is there any further >>>>> configuration I have to do to get it work ? >>>>> >>>>> [2018-04-14 20:25:49,655] ERROR >>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - >>>>> Error >>>>> occurred while accessing Java Security Manager Privilege Block >>>>> [2018-04-14 20:25:49,658] ERROR >>>>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>>> - Error occurred while evaluating post authentication >>>>> org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException: >>>>> Error occurred while retrieving consent data of user: >>>>> [email protected] for service provider: CafeLebens-Sample in >>>>> tenant domain: carbon.super. >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handlePreConsent(ConsentMgtPostAuthnHandler.java:201) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(ConsentMgtPostAuthnHandler.java:106) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.executePostAuthnHandler(PostAuthenticationMgtService.java:109) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.handlePostAuthentication(PostAuthenticationMgtService.java:78) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:134) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:157) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53) >>>>> at >>>>> org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:43) >>>>> >>>>> Thanks, >>>>> Gayan >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> Tharindu Edirisinghe >>>> Senior Software Engineer | WSO2 Inc >>>> Platform Security Team >>>> Blog : http://tharindue.blogspot.com >>>> mobile : +94 775181586 >>>> >>> >>> >>> >>> -- >>> Gayan >>> >> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: [email protected] <[email protected]>* >> *Mobile: +94718566859*Lean . Enterprise . Middleware >> > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
