Questions Tagged With ssohttps://answers.axonivy.com/tags/sso/?type=rss&user=qtdan93questions tagged <span class="tag">sso</span>enMon, 13 Jun 2016 13:03:28 -0400Issue when apply SSO with IIS 8 and Ivy Serverhttps://answers.axonivy.com/questions/1801/issue-when-apply-sso-with-iis-8-and-ivy-server<p>Hi all, Our project requires SSO as an authentication method. I have integrated it with IIS 8 and Ivy Server. But I have 1 issues, when the user accesses our application and his/her account is not in the LDAP directory which I have configured on Ivy Admin, the exception occurs. It seems like the authentication process occurs at IIS layer, then the authorization process occurs later, so the user able to access the "index.jsp" page, but not other page(which require user must be in the LDAP directory) . So my questions are :</p> <ol> <li>How does IIS authenticate user? Which LDAP directory it uses to authenticate user?</li> <li>If those things above is true, (authentication first authorization later) how can I handle when account (which does not exist in the LDAP directory of our app ) access my app? For example, redirect to custom error page.</li> </ol> <p>This is the stack traces when the exception occurs: </p> <pre><code>ch.ivyteam.ivy.persistence.PersistencyException: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=hcmc-4axonivy,OU=AAVN_HCM,DC=aavn,DC=local' at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.executeWithCachedContext(JndiSecuritySystem.java:641) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.synchronizeUser(JndiSecuritySystem.java:1053) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.findUser(JndiSecuritySystem.java:519) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.findUser(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.SecurityContext$7.execute(SecurityContext.java:439) at ch.ivyteam.ivy.security.internal.SecurityContext$7.execute(SecurityContext.java:1) at ch.ivyteam.ivy.persistence.base.AbstractPersistencyService.execute(AbstractPersistencyService.java:169) at ch.ivyteam.ivy.persistence.base.ClassPersistencyService.execute(ClassPersistencyService.java:648) at ch.ivyteam.ivy.persistence.client.PersistentClientObjectChildren.execute(PersistentClientObjectChildren.java:543) at ch.ivyteam.ivy.security.internal.SecurityContext.execute(SecurityContext.java:1331) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser_aroundBody14(SecurityContext.java:433) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser_aroundBody15$advice(SecurityContext.java:34) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser(SecurityContext.java:1) at ch.ivyteam.ivy.security.internal.WebContainerApprovedUserAuthenticator.findUser(WebContainerApprovedUserAuthenticator.java:83) at ch.ivyteam.ivy.security.internal.WebContainerApprovedUserAuthenticator.authenticate(WebContainerApprovedUserAuthenticator.java:46) at ch.ivyteam.ivy.security.internal.Session.authenticateWebContainerApprovedUser(Session.java:1193) at ch.ivyteam.ivy.webserver.internal.IvySession.authenticateSessionUser(IvySession.java:228) at ch.ivyteam.ivy.webserver.internal.IvySession.getSecuritySession(IvySession.java:142) at ch.ivyteam.ivy.webserver.internal.IvySession.getSession(IvySession.java:127) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.setSession(AbstractServlet.java:489) at ch.ivyteam.ivy.webserver.internal.process.IvyProcessServlet.doRespondAsSystem(IvyProcessServlet.java:51) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.prepareRespondAsSystem(AbstractServlet.java:231) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.access$3(AbstractServlet.java:213) at ch.ivyteam.ivy.webserver.internal.AbstractServlet$2.call(AbstractServlet.java:191) at ch.ivyteam.ivy.security.internal.SecurityManager.executeAsSystem(SecurityManager.java:1467) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.doService(AbstractServlet.java:185) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.doGet(AbstractServlet.java:169) at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:297) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.exception.IvyExceptionFilter.doFilter(IvyExceptionFilter.java:49) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.IvyFilter.doFilterInternal(IvyFilter.java:267) at ch.ivyteam.ivy.webserver.internal.IvyFilter.doFilter(IvyFilter.java:172) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter$1.call(IvyExecuteAsSystemFilter.java:45) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter$1.call(IvyExecuteAsSystemFilter.java:1) at ch.ivyteam.ivy.security.internal.SecurityManager.executeAsSystem(SecurityManager.java:1467) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter.doFilter(IvyExecuteAsSystemFilter.java:39) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.duplicate.IvyDuplicateRequestFilter.doFilter(IvyDuplicateRequestFilter.java:74) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at ch.ivyteam.ivy.webserver.internal.PerformanceLogValve.invoke(PerformanceLogValve.java:55) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=hcmc-4axonivy,OU=AAVN_HCM,DC=aavn,DC=local' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276) at ch.ivyteam.ivy.security.internal.jndi.dircontext.LazyBindingDirContextAccess.search(LazyBindingDirContextAccess.java:47) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1063) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.execute(JndiSecuritySystem.java:613) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1058) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.executeWithCachedContext(JndiSecuritySystem.java:637) </code></pre>qtdan93Mon, 13 Jun 2016 13:03:28 -0400https://answers.axonivy.com/questions/1801/issue-when-apply-sso-with-iis-8-and-ivy-serversso