[mitreid-connect] Custom AuthenticationProvider
Luiz Omori
luiz.omori at duke.edu
Wed Jun 7 09:14:49 EDT 2017
It seems to be failing silently for the logging point of view. How did you go about tracking down problems like that? I don't see anything logged at info level. Debug shows too much but even then I couldn't find anything that useful.
Regards,
Luiz
From: Justin Richer <jricher at mit.edu>
Date: Tuesday, June 6, 2017 at 6:21 PM
To: Luiz Omori <luiz.omori at duke.edu>
Cc: "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Custom AuthenticationProvider
I’ve found the method-not-allowed message from Spring to be misleading. That’s likely due to missing a CSRF on the login form, but the LDAP overlay shouldn’t have any customizations there.
— Justin
On Jun 6, 2017, at 5:52 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:
The problem is that our LDAP server requires a little bit of customization so it’s a little bit more elaborate, but I just tried and it didn’t work. Ran into another weird issue: I get a 405 when the login page does a POST.
1. Request URL:
http://localhost:8080/patient-openid-connect/login<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_patient-2Dopenid-2Dconnect_login&d=DwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=hT3D-q0AZ3etA5akTPy-izMHP2P14AeZX9v6ygW-X48&s=GwZjoA_eKh1hnkL_essEjBzLN2ILGb_eVLVwCDNlzO8&e=>
1. Request Method:
POST
1. Status Code:
405 Method Not Allowed
1. Remote Address:
[::1]:8080
1. Referrer Policy:
no-referrer-when-downgrade
Here is my security:http (straight from the link you sent):
<security:http disable-url-rewriting="true" use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:logout logout-url="/logout" />
<security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:headers>
<security:frame-options policy="DENY" />
</security:headers>
<security:csrf />
</security:http>
<text removed to avoid “message too large” error>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170607/d9f454a6/attachment-0001.html
More information about the mitreid-connect
mailing list