Skip to content

Instantly share code, notes, and snippets.

org.opensaml.common.SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:252) ~[spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) [spring-security-core-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87) [spring-security-saml2-core-1.0.2.RELEASE.jar:1.0.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-securit
WARNING: Failed to sync notifyUpdate user:sync
org.forgerock.openidm.sync.impl.SynchronizationException: Operation UPDATE failed with ConnectorException on system object: dummyUser1
at org.forgerock.openidm.sync.impl.SynchronizationService.syncAllMappings(SynchronizationService.java:270)
at org.forgerock.openidm.sync.impl.SynchronizationService.notifyUpdate(SynchronizationService.java:307)
at org.forgerock.openidm.sync.impl.SynchronizationService.actionInstance(SynchronizationService.java:383)
at org.forgerock.json.resource.Resources$SingletonHandler.handleAction(Resources.java:513)
at org.forgerock.json.resource.Router.handleAction(Router.java:208)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:52)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
May 23, 2018 10:10:32 AM org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService deactivate
INFO: OpenICF Provisioner Service component adTCUS is deactivated.
May 23, 2018 10:10:32 AM org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$1 addingConnectorInfo
SEVERE: OpenICF connector test of SystemIdentifier{ uri='system/adUS/'} failed!
org.identityconnectors.framework.common.exceptions.ConfigurationException: Bad Base Context(s) to Synchronize: [DC=TEST,DC=local]
at org.identityconnectors.ldap.LdapConnector.doTest(LdapConnector.java:354)
at org.identityconnectors.ldap.LdapConnector.test(LdapConnector.java:127)
at org.identityconnectors.framework.impl.api.local.operations.TestImpl.test(TestImpl.java:47)
at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
When you change the password,
SEVERE: Failed to connect to remote connector server {host=10.42.254.30, port=8759}
Jun 21, 2017 3:15:59 PM java.util.concurrent.Executors$RunnableAdapter call
SEVERE: Failed to update the ConnectorInfo from remote connector server
org.identityconnectors.framework.common.exceptions.InvalidCredentialException: Remote framework key is invalid
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$9.createException(CommonObjectHandlers.java:218)
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$9.createException(CommonObjectHandlers.java:215)
INFO: Found ScriptEngineFactory in org.activiti.engine
org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord handleException
SEVERE: Script compilation exception: 7CC3C6C188C67231F2DB6350648EB0BC
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
at org.forgerock.script.javascript.RhinoScriptEngine$3.newScriptCompilationException(RhinoScriptEngine.java:425)
at org.forgerock.script.javascript.RhinoScriptEngine.compileScript(RhinoScriptEngine.java:245)
at org.forgerock.script.javascript.RhinoScriptEngine.compileScript(RhinoScriptEngine.java:225)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.compile(ScriptRegistryImpl.java:407)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.setScriptEngine(ScriptRegistryImpl.java:371)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.access$1300(ScriptRegistryImpl.java:312)
@nervouswiggles
nervouswiggles / gist:bf3590eb5248ee4e8b618c16af3ccd4d
Created November 2, 2017 17:11
mfa-authn-config.xml example for Shibboleth/CAS/DUO integration
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
@nervouswiggles
nervouswiggles / gist:3522c6cf32350ee23f8efe72c088905a
Created November 2, 2017 17:11
mfa-authn-config.xml example for Shibboleth/CAS/DUO integration
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
@nervouswiggles
nervouswiggles / gist:bc0eb98a105941244ecd864443235e96
Created November 2, 2017 16:58
450 - Shibcas Shibboleth 3.3 Duo authentication error - java.lang.NullPointerException: null
INFO [net.shibboleth.idp.attribute:17] - First factor was enough though checking other stuff
ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception
java.lang.NullPointerException: null
at net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext.resolveAttributes(AttributeResolutionContext.java:234)
at jdk.nashorn.internal.scripts.Script$\^eval\_.:program(<eval>:28)
at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:637)
at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:418)
at jdk.nashorn.api.scripting.NashornScriptEngine.access$300(NashornScriptEngine.java:73)
INFO: Found ScriptEngineFactory in org.activiti.engine
org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord handleException
SEVERE: Script compilation exception: 7CC3C6C188C67231F2DB6350648EB0BC5A010D3B
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
at org.forgerock.script.javascript.RhinoScriptEngine$3.newScriptCompilationException(RhinoScriptEngine.java:425)
at org.forgerock.script.javascript.RhinoScriptEngine.compileScript(RhinoScriptEngine.java:245)
at org.forgerock.script.javascript.RhinoScriptEngine.compileScript(RhinoScriptEngine.java:225)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.compile(ScriptRegistryImpl.java:407)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.setScriptEngine(ScriptRegistryImpl.java:371)
at org.forgerock.script.registry.ScriptRegistryImpl$LibraryRecord.access$1300(ScriptRegistryImpl.java:312)
WARNING: Failed to create target object
org.forgerock.json.resource.BadRequestException: Target does not support attribute groups
at org.forgerock.openidm.provisioner.openicf.commons.ObjectClassInfoHelper.checkForInvalidAttributes(ObjectClassInfoHelper.java:276)
at org.forgerock.openidm.provisioner.openicf.commons.ObjectClassInfoHelper.getCreateAttributes(ObjectClassInfoHelper.java:213)
at org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$ObjectClassResourceProvider.createInstance(OpenICFProvisionerService.java:1325)
at org.forgerock.json.resource.Resources$CollectionHandler.handleCreate(Resources.java:232)
at org.forgerock.json.resource.Router.handleCreate(Router.java:222)
at org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$ObjectClassRequestHandler.handleCreate(OpenICFProvisionerService.java:1069)
at org.forgerock.json.resource.Router.handleCreate(Router.java:222)
at org.forgerock.json.resource.FilterChain$Cursor.handleCreate(FilterChain.java:67)