Hi,
I’ve started to look at the user interface of Geoserver, and wonder about the error handling. As I see it there are three options:
1 - 500 status code from the Servlet Engine. Usually presented with the stack trace.
2 - Geoserver’s version of number 1), but with the menu available and a message about using the mailing list.
3 - A red message that don’t interrupt the user, but tries to inform abut a problem.
For the moment I’m getting 1) with this stack trace:
java.lang.RuntimeException: None of the supported token claims [IdToken,AccessToken,MSGraphAPI,UserInfo] have been set as Role Source in the configuration of Authentication using OpenId Connect.
org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.getRoles(OpenIdConnectAuthenticationFilter.java:152)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doAuthenticate(GeoServerOAuthAuthenticationFilter.java:346)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:153)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:72)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:100)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
I’m at the front page with the url: https://some.url.at/geoserver/web?session_state=6d2d6c39-7eca…
How could the message be presented like 3)?
Best regards,
Roar Brænden
Hi,
This looks like you are using the OIDC security module(s) and it’s having some issues.
How did you add them?
Thanks,
Dave
Sent from my iPhone
On Apr 24, 2024, at 1:47 PM, Roar Brænden roar.brenden.no@anonymised.com wrote:
Hi,
I’ve started to look at the user interface of Geoserver, and wonder about the error handling. As I see it there are three options:
1 - 500 status code from the Servlet Engine. Usually presented with the stack trace.
2 - Geoserver’s version of number 1), but with the menu available and a message about using the mailing list.
3 - A red message that don’t interrupt the user, but tries to inform abut a problem.
For the moment I’m getting 1) with this stack trace:
java.lang.RuntimeException: None of the supported token claims [IdToken,AccessToken,MSGraphAPI,UserInfo] have been set as Role Source in the configuration of Authentication using OpenId Connect.
org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.getRoles(OpenIdConnectAuthenticationFilter.java:152)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doAuthenticate(GeoServerOAuthAuthenticationFilter.java:346)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:153)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:72)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:100)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
I’m at the front page with the url: https://some.url.at/geoserver/web?session_state=6d2d6c39-7eca…
How could the message be presented like 3)?
Best regards,
Roar Brænden
Geoserver-devel mailing list
Geoserver-devel@anonymised.coms.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Hi,
Yes, I’m using the OIDC security module. And provided some input with this PR.
It didn’t have the expected outcome, therefore I want to investigate it further.
How I add them?
I have a setup with Docker Geoserver and add the nightly build of that plugin. In addition I have a Docker container with Keycloak.
During development I copy the jar into the Geoserver container and restart. That’s the reason why you want find the specific error message within Geoserver codebase.
Did that answer your question?
Regards, Roar
- apr. 2024 kl. 01:07 skrev David Blasby <david.blasby@anonymised.com>:
Hi,
This looks like you are using the OIDC security module(s) and it’s having some issues.
How did you add them?
Thanks,
Dave
Sent from my iPhone
On Apr 24, 2024, at 1:47 PM, Roar Brænden <roar.brenden.no@anonymised.com> wrote:
Hi,
I’ve started to look at the user interface of Geoserver, and wonder about the error handling. As I see it there are three options:
1 - 500 status code from the Servlet Engine. Usually presented with the stack trace.
2 - Geoserver’s version of number 1), but with the menu available and a message about using the mailing list.
3 - A red message that don’t interrupt the user, but tries to inform abut a problem.
For the moment I’m getting 1) with this stack trace:
java.lang.RuntimeException: None of the supported token claims [IdToken,AccessToken,MSGraphAPI,UserInfo] have been set as Role Source in the configuration of Authentication using OpenId Connect.
org.geoserver.security.oauth2.OpenIdConnectAuthenticationFilter.getRoles(OpenIdConnectAuthenticationFilter.java:152)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doAuthenticate(GeoServerOAuthAuthenticationFilter.java:346)
org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:153)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:72)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:100)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
I’m at the front page with the url: https://some.url.at/geoserver/web?session_state=6d2d6c39-7eca…
How could the message be presented like 3)?
Best regards,
Roar Brænden
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
25. apr. 2024 kl. 06:44 skrev David Blasby <david.blasby@anonymised.com>:
java.lang.RuntimeException: None of the supported token claims [IdToken,AccessToken,MSGraphAPI,UserInfo] have been set as Role Source in the configuration of Authentication using OpenId Connect.
Looks like a config issue. What does the config look like?
Dave
Hi Dave,
I know what the problem is. That isn't my question.
If you are working on that module, I would advice you to make the field "Role Source" a required field.
Regards, Roar