AnsweredAssumed Answered

Portal 3.5 - SAML SSO - timeout after token validation for groups "registeredUser" and "organizationAdmin"

Question asked by glejo03 Employee on Feb 29, 2016
Latest reply on Apr 7, 2016 by glejo03

Hello Colleagues,

 

I have enabled on portal 3.5 saml sso authentication (not for CMS). For token creation, I am using demo service on gateway, which is behaving as an IDP – returning the saml token back.

 

Role mapping on SAML plugin I left default.

 

 

While having demo service(idp) returned token having group “admin”,”businessManager” or ‘ApiOwner” – I am logged in successfully – with correct access to dashboard or cms.

While having demo service(idp) returned token having group “registeredUser” or “organizationAdmin”– I get timeout, but the timeout is after the validation of SAML token is done and the xml is sent back to portal.
So the problem is on Portal side. (and I am not logged in ~ still the user in cms I see is updated/created)

 

In Gateway there is no log for that.

In Portal catalina.out log there is (that is all):

 

Feb 29, 2016 2:29:55 PM com.l7tech.ldap.RequestUtil
  processRequest

INFO: Response Status Code:200   (--------------------this line shows
  that gateway validated the token and sent the xml response to
  portal---------------------)

02/29 14:30:58.851 ERROR (http-37080-12:) - [JForumIntegration general] -- java.net.ConnectException:
  Connection timed out

        at
  java.net.PlainSocketImpl.socketConnect(Native Method)

        at
  java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)

        at
  java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

        at
  java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

        at
  java.net.Socket.connect(Socket.java:589)

        at
  java.net.Socket.connect(Socket.java:538)

        at
  sun.net.NetworkClient.doConnect(NetworkClient.java:180)

        at
  sun.net.www.http.HttpClient.openServer(HttpClient.java:432)

        at
  sun.net.www.http.HttpClient.openServer(HttpClient.java:527)

        at
  sun.net.www.http.HttpClient.<init>(HttpClient.java:211)

        at
  sun.net.www.http.HttpClient.New(HttpClient.java:308)

        at
  sun.net.www.http.HttpClient.New(HttpClient.java:326)

        at
  sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1168)

        at
  sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1104)

        at
  sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:998)

        at
  sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:932)

        at
  sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

        at
  sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

        at
  java.net.URLConnection.getContent(URLConnection.java:739)

        at
  java.net.URL.getContent(URL.java:1052)

        at
  com.thelevel.lrs.jforum.JForumIntegration.reloadSecurity(JForumIntegration.java:66)

        at
  com.l7tech.ldap.ResourceManager.updateJForumGroupMembership(Unknown Source)

       at
  com.l7tech.sso.SAMLSSOAuthenticationPlugin.b(Unknown Source)

        at com.l7tech.sso.SAMLSSOAuthenticationPlugin.authenticate(Unknown
  Source)

        at
  com.l7tech.sso.SAMLTokenAuthenticator.authenticateUser(Unknown Source)

        at
  com.l7tech.sso.SAMLCredentialCollector.authenticateUser(Unknown Source)

        at com.l7tech.sso.SAMLCredentialCollector.authenticate(Unknown
  Source)

        at
  com.l7tech.sso.SAMLSSOAuthFilter.doFilter(Unknown Source)

        at
  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at
  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

        at
  org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at
  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at
  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at
  org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at
  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

        at
  org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

        at
  org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

        at
  org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

        at
  java.lang.Thread.run(Thread.java:745)

 

 

 

Responses from gateway to portal are identical, they always are different only in value of group(memberOf).

 

 

Is there a chance someone could have experienced that before?

 

Thank you for all suggestions,

 

Josef G.

Outcomes