Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25187

Fix OpenID module authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 9.10, 10.1, 10.2-SNAPSHOT
    • Fix Version/s: 9.10-HF27, 10.10
    • Component/s: OAuth, Open Id

      Description

      Prepare a working configuration 8.10-HF30 OpenID as a login mechanism.
      check you have set nuxeo.oauth.auth.create.user=true and login with an unknown user
      This works in 8.10 but fails in 9.10 up to HF10, in 10.1 and in master.

      The 3 last versions will fail when an unknown login happens and gets created with the exception (see attached server.log)

      DirectorySecurityException:User null does not have Write permission
... (BaseSession.java:149) or (BaseSession.java:143) depending on version

      nuxeo.bind.address=...
nuxeo.url=https://openid101.nuxeo.com/nuxeo
nuxeo.server.https.port=443
nuxeo.server.https.keystoreFile=...
nuxeo.server.https.keystorePass=...

nuxeo.openid.google.client.id=...
nuxeo.openid.google.client.secret=...
nuxeo.oauth.auth.create.user=true

nuxeo.templates=default,openid

      Suggestion:
      In class `UserResolver`

      userDoc = userManager.createUser(userDoc);

      ==>

      userDoc = Framework.doPrivileged(() -> userManager.createUser(userDoc));

      Attaching server.log gotten in master

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-24961 OpenID module authentication cannot read user directory

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is required by

          Improvement - An improvement or enhancement to an existing feature or task. NBM-945 allow oauth registration/login

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 10 minutes
                  2h 10m