[mitreid-connect] Custom AuthenticationProvider

Luiz Omori luiz.omori at duke.edu
Wed Jun 7 09:14:49 EDT 2017


It seems to be failing silently for the logging point of view. How did you go about tracking down problems like that? I don't see anything logged at info level. Debug shows too much but even then I couldn't find anything that useful.

Regards,
Luiz

From: Justin Richer <jricher at mit.edu>
Date: Tuesday, June 6, 2017 at 6:21 PM
To: Luiz Omori <luiz.omori at duke.edu>
Cc: "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Custom AuthenticationProvider

I’ve found the method-not-allowed message from Spring to be misleading.  That’s likely due to missing a CSRF on the login form, but the LDAP overlay shouldn’t have any customizations there.

 — Justin

On Jun 6, 2017, at 5:52 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:

The problem is that our LDAP server requires a little bit of customization so it’s a little bit more elaborate, but I just tried and it didn’t work. Ran into another weird issue: I get a 405 when the login page does a POST.


  1.  Request URL:
http://localhost:8080/patient-openid-connect/login<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_patient-2Dopenid-2Dconnect_login&d=DwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=hT3D-q0AZ3etA5akTPy-izMHP2P14AeZX9v6ygW-X48&s=GwZjoA_eKh1hnkL_essEjBzLN2ILGb_eVLVwCDNlzO8&e=>

  1.  Request Method:
POST

  1.  Status Code:
405 Method Not Allowed

  1.  Remote Address:
[::1]:8080

  1.  Referrer Policy:
no-referrer-when-downgrade

Here is my security:http (straight from the link you sent):

                <security:http disable-url-rewriting="true" use-expressions="true">
                                <security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
                                <security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
                                <security:intercept-url pattern="/**" access="permitAll" />
                                <security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
                                <security:logout logout-url="/logout" />
                                <security:anonymous />
                                <security:expression-handler ref="oauthWebExpressionHandler" />
                                <security:headers>
                                                <security:frame-options policy="DENY" />
                                </security:headers>
                                <security:csrf />
                </security:http>

<text removed to avoid “message too large” error>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170607/d9f454a6/attachment-0001.html


More information about the mitreid-connect mailing list