Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3795

OpenIDServer fails to service requests after upgrading Crowd

    XMLWordPrintable

Details

    • Bug
    • Resolution: Support Request
    • Low
    • None
    • 2.7.1
    • Authentication / Security
    • None

    Description

      After recently upgrading our Crowd server (due to a duplicate key issue on authentication tokens, unrelated to this issue) the openidserver fails to service any requests.

      We use the openidserver to authenticate our local developers for access to the CMS backends the company is building.

      After the upgrade, the end-user who's trying to authenticate's browser is presented with a download of "application/xrds+xml" file "op", presumably the server's Yadis doc ( located at https://crowd.ourcompany.com/openidserver/op ) which AFAIK shouldn't be served to the user anyway.

      After some debugging we tried the shipped openidclient, which fails all calls as well, stating:

      Authentication Failed: Could not recieve authentication response from your OpenID provider. Contact your OpenID server's administrator.

      The logs reveal why this is failing:

      2014-02-10 17:29:31,170 http-bio-8095-exec-19 WARN [org.openid4java.consumer.ConsumerManager] Association failed; using first entry: http://crowd.ourcompany.com/openidserver/op
2014-02-10 17:29:31,200 http-bio-8095-exec-19 INFO [openid.server.provider.OpenID4JavaProvider] Servicing OpenID request, mode = checkid_setup
2014-02-10 17:29:31,204 http-bio-8095-exec-19 WARN [org.openid4java.server.RealmVerifier] RP discovery / realm validation disabled; this option SHOULD be enabled for OPs
2014-02-10 17:29:31,628 http-bio-8095-exec-19 WARN [org.openid4java.server.RealmVerifier] RP discovery / realm validation disabled; this option SHOULD be enabled for OPs
2014-02-10 17:29:31,685 http-bio-8095-exec-19 ERROR [openid.client.action.Login] OpenIDAuthResponse reports authentication error
com.atlassian.crowd.openid.client.consumer.OpenIDAuthResponseException: org.openid4java.message.MessageException: 0x100: Invalid Key-Value form, colon missing: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        at com.atlassian.crowd.openid.client.consumer.OpenID4JavaConsumer.verifyResponse(OpenID4JavaConsumer.java:252)
        at com.atlassian.crowd.openid.client.servlet.OpenIDClientServlet.doPost(OpenIDClientServlet.java:151)
        at com.atlassian.crowd.openid.client.servlet.OpenIDClientServlet.doGet(OpenIDClientServlet.java:94)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:119)
        at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:55)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: org.openid4java.message.MessageException: 0x100: Invalid Key-Value form, colon missing: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        at org.openid4java.message.ParameterList.createFromKeyValueForm(ParameterList.java:209)
        at org.openid4java.consumer.ConsumerManager.call(ConsumerManager.java:618)
        at org.openid4java.consumer.ConsumerManager.verifySignature(ConsumerManager.java:1807)
        at org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1173)
        at com.atlassian.crowd.openid.client.consumer.OpenID4JavaConsumer.verifyResponse(OpenID4JavaConsumer.java:217)
        ... 29 more
2014-02-10 17:39:11,621 http-bio-8095-exec-1 INFO [openid.server.provider.OpenID4JavaProvider] Servicing OpenID request, mode = checkid_setup

      After some searching the CWD JIRA the issue seemed related to https://jira.atlassian.com/browse/CWD-1376, so i've tried to change the settings mentioned there. No go, openidserver will not start anymore:

      2014-02-10 17:11:33,471 localhost-startStop-1 WARN [org.openid4java.server.RealmVerifier] RP discovery / realm validation disabled;
2014-02-10 17:11:33,479 localhost-startStop-1 ERROR [springframework.web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'crowdProvider' defined in class path resource [applicationContext-OpenIDServer.xml]: Cannot resolve reference to bean 'serverManager' while setting bean property 'serverManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serverManager' defined in class path resource [applicationContext-OpenIDServer.xml]: Cannot create inner bean 'org.openid4java.server.RealmVerifier#7336193e' of type [org.openid4java.server.RealmVerifier] while setting bean property 'realmVerifier'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.openid4java.server.RealmVerifier#7336193e' defined in class path resource [applicationContext-OpenIDServer.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.openid4java.server.RealmVerifier]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.openid4java.server.RealmVerifier.<init>()
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1387)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1128)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:628)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4939)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5434)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:656)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1635)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)

      I also tried to revert the crowd-openidserver-webapp directory to the version provided in 2.7.0, but this also didn't work (same errors), so this problem might not be in the openidserver itself but perhaps in Crowd itself.

      (And by the way, JIRA related: I'm seeing a LOT of fields while creating this issue that I don't think I should be able to see...)

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              e2d9b4164efe MaxServ
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: