Hi There,
I've an add-on that needs to load images from JIRA Issues.
I've the image's URL but I'm having some problem related with authentication.
I've tested 2 scenarions:
I'm creating a HTTP get to load the image data and I pass the cookies from the user.
Someone knows what's the root of the problem? Any suggestion?
Cheers,
Rui Rodrigues.
When you generate the SSO cookie with User / Pass, you must specify the IP address :
POST: API/session
->body('{"username":"' . $user . '","password":"' . $pass . '","validation-factors":{"validationFactors": [{"name": "remote_address","value": "'.$_SERVER['SERVER_ADDR'].'"}]}}')
POST: API/session/$token
->body('{"validationFactors": [{"name": "remote_address", "value": "'.$_SERVER['SERVER_ADDR'].'"}]}')
Hi Rui,
Which cookies are you passing? (you should pass JSESSIONID along with crowd.token_key and atlassian.xsrf.token)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
Thank you for your reply.
I'm passing all cookies from user.
Should I pass only those cookies you've mentioned?
Thank you.
Cheers,
Rui Rodrigues
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, you might give it a try but no I don't think so. As long as these three ones are there, that should work.
Maybe you should try to set the log level of the com.atlassian.crowd package to DEBUG in Jira's administration UI (Administration > Logging and profiling > Default Loggers > Configure logging level for another package). My guess is that there might be something wrong with the Crowd SSO cookie if it is ever sent.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
I've enabled the Debug level for crow package. And the following log was written:
2017-06-27 09:47:04,620 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.rest.service.RestExecutor] Constructed http://localhost:8095/crowd/rest/usermanagement/1/config/cookie 2017-06-27 09:47:04,620 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.rest.service.RestExecutor] Cache response for GET http://localhost:8095/crowd/rest/usermanagement/1/config/cookie was CACHE_HIT 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Checking for a SSO token that will need to be verified by Crowd. 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] No request attribute token could be found, now checking the browser submitted cookies. 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: atlassian.xsrf.token / BDGX-YF4H-C5YM-KFUZ|466099069612a44f0bd687303876eff41f154092|lin 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: JSESSIONID / 217594868635F307A39271A02C9D1302 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: crowd.token_key / Gq2uNoWAhA0FSW0jsFBRhw00 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Accepting the SSO cookie value: Gq2uNoWAhA0FSW0jsFBRhw00 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.http.util.CrowdHttpTokenHelperImpl] Existing token value yet to be verified by Crowd: Gq2uNoWAhA0FSW0jsFBRhw00 2017-06-27 09:47:04,644 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.rest.service.RestExecutor] Constructed http://localhost:8095/crowd/rest/usermanagement/1/session/Gq2uNoWAhA0FSW0jsFBRhw00 2017-06-27 09:47:04,649 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.i.rest.service.RestExecutor] Cache response for POST http://localhost:8095/crowd/rest/usermanagement/1/session/Gq2uNoWAhA0FSW0jsFBRhw00 was CACHE_MISS 2017-06-27 09:47:04,653 http-nio-8080-exec-10 DEBUG anonymous 587x766x2 13ad8rg 127.0.0.1 /activity [c.a.c.integration.http.CrowdHttpAuthenticator] Token doesn't match the existing token. com.atlassian.crowd.exception.InvalidTokenException: Token doesn't match the existing token. at com.atlassian.crowd.integration.rest.service.RestCrowdClient.handleInvalidSsoToken(RestCrowdClient.java:1517) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.validateSSOAuthenticationAndGetSession(RestCrowdClient.java:1150) at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.checkAuthenticated(CrowdHttpAuthenticatorImpl.java:155) at com.atlassian.crowd.integration.http.CacheAwareCrowdHttpAuthenticator.checkAuthenticated(CacheAwareCrowdHttpAuthenticator.java:82) at com.atlassian.crowd.integration.seraph.CrowdAuthenticator.checkAuthenticated(CrowdAuthenticator.java:271) at com.atlassian.crowd.integration.seraph.CrowdAuthenticator.getUser(CrowdAuthenticator.java:429) at com.atlassian.jira.security.login.SSOSeraphAuthenticator.getUser(SSOSeraphAuthenticator.java:63) at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:139) at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:148) at com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:77) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:39) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:56) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:70) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:39) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.lambda$invokeFilterChain$0(CustomerContextSettingFilter.java:181) at com.atlassian.servicedesk.internal.utils.context.ReentrantThreadLocalBasedCodeContext.rteInvoke(ReentrantThreadLocalBasedCodeContext.java:134) at com.atlassian.servicedesk.internal.utils.context.ReentrantThreadLocalBasedCodeContext.runOutOfContext(ReentrantThreadLocalBasedCodeContext.java:87) at com.atlassian.servicedesk.internal.utils.context.CustomerContextServiceImpl.runOutOfCustomerContext(CustomerContextServiceImpl.java:64) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.outOfCustomerContext(CustomerContextSettingFilter.java:174) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilterImpl(CustomerContextSettingFilter.java:130) at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilter(CustomerContextSettingFilter.java:121) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.analytics.client.filter.JiraAnalyticsFilter.doFilter(JiraAnalyticsFilter.java:42) at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:58) at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:56) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:64) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:70) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:31) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:39) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:41) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.web.filters.MultipartBoundaryCheckFilter.doFilter(MultipartBoundaryCheckFilter.java:36) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:74) at com.atlassian.jira.web.filters.JiraFirstFilter.doFilter(JiraFirstFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:121) at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:92) at com.atlassian.jira.web.filters.gzip.JiraGzipFilter.doFilter(JiraGzipFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.atlassian.jira.web.filters.InstantUpgradeHoldingFilter.doFilter(InstantUpgradeHoldingFilter.java:99) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
I've modified the code to send the 3 cokkkies suggedted by you.
I think there is a problem authenticating the user.
What's your opinion?
Cheers,
Rui Rodrigues
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
It work's if the user check the remember me option.
It should work with the 3 cokkies mentioned by you, I think so.
Thanks.
Cheers,
Rui Rodrigues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rui,
Are you doing your HTTP request from another IP address than the one that initially obtained the Crowd SSO cookie? Remote IP address (and X-Forwarded-For header if you send your request through a proxy or reverse-proxy) is actually a validation factor for Crowd SSO cookies.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
I'm doing the HTTP request from JIRA add-on.
JIRA is running behind a reverse-proxy.
Should I send something else on headers?
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What's sending the HTTP request? Some JavaScript code in your browser? Or some Java code running server-side? (in which case you must add your server IP address to the list of trusted proxy servers: https://confluence.atlassian.com/crowd/configuring-trusted-proxy-servers-158107219.html)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
The HTTP request is being made from Java code (add-on).
So, do I need to add the host ip to the Trust Proxy Servers?
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's right. So far your Crowd cookie is not validated because the component that is sending it (your server) has not the same IP adress as the one that initially obtained it (your browser).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
I've configured the Trust Proxy but without success.
JIRA and Crowd are running in the same machine, in this case, in my local machine.
Do you have more sugestions?
Cheers,
Rui Rodrigues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Go to Crowd administration console > Logging & profiling and set the log level of com.atlassian.crowd.manager.token to ALL
You'll get details in Crowd's logs about the validation factors used to validate your token and hopefully why it fails, e.g.
2017-06-28 14:14:35,652 http-bio-8095-exec-4 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: bruno.vincent 2017-06-28 14:14:35,653 http-bio-8095-exec-4 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.211.55.2 2017-06-28 14:14:35,653 http-bio-8095-exec-4 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=532896644233653654]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Log messages:
7-06-28 19:57:29,787 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] Current Validation Factors: 2017-06-28 19:57:29,787 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] comparing existing token Token{identifierHash='u489Iq0t0xJ3DKsvkNdMcQ00', lastAccessedTime=1498676249749, createdDate=2017-06-28 19:57:03.64, duration=60, name='crowd', directoryId=-1} with a validation token Token{identifierHash='u489Iq0t0xJ3DKsvkNdMcQ00', lastAccessedTime=1498676249787, createdDate=Wed Jun 28 19:57:29 WEST 2017, duration=60, name='crowd', directoryId=-1} 2017-06-28 19:57:29,787 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] returning validated token, with updated last accessed time 2017-06-28 19:57:29,789 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] validateUserToken: dH2Q2BlR9Er3tAH1fQR1YA00 2017-06-28 19:57:29,789 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] genericValidateToken 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] checking if the token is expired: 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] now: Wed Jun 28 19:57:29 WEST 2017 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] last accessed: Wed Jun 28 19:57:29 WEST 2017 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] expiry time: Wed Jun 28 20:27:29 WEST 2017 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] allowed session time (seconds): 1800 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: rmbr 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 0:0:0:0:0:0:0:1 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: rmbr 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 0:0:0:0:0:0:0:1 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=3773613000060299932] 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] Current Validation Factors: ValidationFactor[remote_address=0:0:0:0:0:0:0:1] 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] comparing existing token Token{identifierHash='RmdmWH3GfPX43a90OVdMPw00', lastAccessedTime=1498676249698, createdDate=2017-06-28 19:52:45.278, duration=null, name='rmbr', directoryId=98305} with a validation token Token{identifierHash='RmdmWH3GfPX43a90OVdMPw00', lastAccessedTime=1498676249790, createdDate=Wed Jun 28 19:57:29 WEST 2017, duration=null, name='rmbr', directoryId=98305} 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] returning validated token, with updated last accessed time 2017-06-28 19:57:29,790 http-bio-8095-exec-18 DEBUG [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] user has access to the application <crowd>
My username: rmbr.
IP 127.0.0.1 is configured on Trusted proxy servers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you add the IPv6 address to Trusted proxy servers as well (0:0:0:0:0:0:0:1)?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
Sorry for the late reply.
See my trusted servers below.
It's being hard to figure out the problem.
Many thank you for your help.
Cheers,
Rui Rodrigues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rui,
What if you uncheck 'Require Consistent Client IP address' in Crowd? https://confluence.atlassian.com/crowd/session-configuration-17956967.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
It's works.
This means that the ip I've defined does not match with the correct ip, rigth?
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, thinking about it again, adding your server IP address to the trusted proxy servers won't change anything. Sorry for the false track.
In the end, from Crowd's perspective the Crowd SSO cookie was initially created with your browser's IP address as a validation factor. Since your plugin uses your server IP address, the cookie validation will always fail unless you uncheck the 'Require Consistent Client IP address' option in Crowd.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.