Single Sign On with JOSSO2

Discussion in 'HOWTO-Related Questions' started by anaigini, Apr 12, 2020.

  1. anaigini

    anaigini New Member

    Hi,
    I have setup JOSSO2 Single Sign On using the Atricore Console, and am able to see the login page (Welcome! You're an anonymous user).
    However, the problem is creating the users. I have used "RDBMS Identity Source" as the Identity Source.
    My identity appliance consists of Identity Source (RDBMS) connected to Identity Provider (IdP). IdP connected to Service Provider (SP), SP connected to JOSSO1 resource (JOSSO1-RE), and JOSSO1-RE connected to Tomcat Execution Environment (SP1EE).
    The connections I have used are :
    RDBMS Identity Source is connected to IdP via Identity Lookup Connection.
    SP1 and AcmeIDP is wired with the Federated Connection.
    JOSSO1-RE is wired into SP1 with a Service Connection.
    JOSSO1-RE is connected into SP1EE by the Activation Connection.
    When I test the login, I get error "Invalid Authentication Information", and even after much troubleshooting, I am not able to figure out the problem.
    In the HOWTOPAGE "Adding Two-Factor Authentication", you explain that the Service Provider also has to be connected to an Identity Source? Do I have to do the same in my case? Isn't it enough to have only one Identity Source (In this case, my RDBMS) which is connected to the IdP, which will help the SP in authentication?
    Also, to add users for JOSSO, I read the article from the "Getting Started" page in josso.org, that I have to create a group "role1" and then create the users and put them in this group. Only then will the users will be created and be allowed to successfully login?
    This is the error I get in the atricore.log for the unsuccessful login (username used is "surentran") :
    Code:
    2020-04-08 17:23:14,835 | INFO  | qtp-347993098-40 | acmeidp                          | ng.builtin.LoggerAuditingHandler   33 | 117 - org.atricore.idbus.kernel.auditing.builtin - 1.4.4.SNAPSHOT | principal=surentran action=SSO outcome=FAILURE attempt=1 httpSession=id-5411b4d8-f00a-44bb-91f9-f97a8fe73afa.idbus-web-001 federatedProvider=http://192.168.121.72:8081/IDBUS/MYFIRSTIA/SP1/SAML2/MD provider=acmeidp authnCtx=urn:oasis:names:tc:SAML:2.0:ac:classes:Password remoteAddress=192.168.113.96
    Please help me resolve this ASAP, as I have hit a dead end, and not sure what to do to resolve this problem.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Time stamp in the failure message reads
    Is the date and time wrong on that host?
     
  3. anaigini

    anaigini New Member

    No, it's not wrong. The logs generated are at the time I try to login to the page.
    The system time is the same format as the time I click on login. (MYT).
     
  4. anaigini

    anaigini New Member

    Also timedatectl shows the Singapore timezone :
    Code:
    [root@amanda-server log]# timedatectl
          Local time: Mon 2020-04-13 12:54:10 +08
      Universal time: Mon 2020-04-13 04:54:10 UTC
            RTC time: Mon 2020-04-13 04:54:08
           Time zone: Asia/Singapore (+08, +0800)
         NTP enabled: yes
    NTP synchronized: yes
     RTC in local TZ: no
          DST active: n/a
    [root@amanda-server log]#
    
    However, I live in Malaysia/Kuala Lumpur, does this make a difference? Here it is also GMT +8.
    Anyways I have made the changes now :

    Code:
    [root@amanda-server log]# timedatectl
          Local time: Mon 2020-04-13 12:58:41 +08
      Universal time: Mon 2020-04-13 04:58:41 UTC
            RTC time: Mon 2020-04-13 12:58:41
           Time zone: Asia/Kuala_Lumpur (+08, +0800)
         NTP enabled: yes
    NTP synchronized: yes
     RTC in local TZ: yes
          DST active: n/a
    
    Warning: The system is configured to read the RTC time in the local time zone.
             This mode can not be fully supported. It will create various problems
             with time zone changes and daylight saving time adjustments. The RTC
             time is never updated, it relies on external facilities to maintain it.
             If at all possible, use RTC in UTC by calling
             'timedatectl set-local-rtc 0'.
    
    But here, as you can see, I get a warning to not configure the system to read RTC in local time zone.

    And even after I make these changes, and then close and login to the JOSSO login page, I still get error
    .
     
    Last edited: Apr 13, 2020

Share This Page