WSO2 Carbon
  1. WSO2 Carbon
  2. CARBON-11757

Openid signin (with openid url provided by IS) fails if host name is not localhost

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Highest Highest
    • Resolution: Not a bug
    • Affects Version/s: 3.2.3
    • Fix Version/s: 3.2.3
    • Component/s: None
    • Labels:
      None
    • Environment:
      IS 3.2.3 06-12-2011

      Description

      -Change the host name (e.g wso2is, server ip, wso2is.wso2.com, etc...) and try to sign in with the openid url provided by identity server.

      -Sign in fails (see attached screen print). This scenario worked fine in IS 3.0.1

      [2011-12-07 13:31:34,142] INFO {org.apache.xml.security.signature.Reference} - Verification successful for URI "#Id-1788515889"
      [2011-12-07 13:31:34,143] INFO {org.apache.xml.security.signature.Reference} - Verification successful for URI "#Timestamp-1"
      [2011-12-07 13:31:34,191] INFO {org.apache.xml.security.signature.Reference} - Verification successful for URI "#Id-1532676418"
      [2011-12-07 13:31:34,194] INFO {org.apache.xml.security.signature.Reference} - Verification successful for URI "#Timestamp-3"
      [2011-12-07 13:31:34,514] WARN {org.openid4java.server.RealmVerifier} - RP discovery / realm validation disabled;
      [2011-12-07 13:31:34,567] INFO {com.google.step2.ConsumerHelper} - OpenId: com.google.step2.discovery.IdpIdentifier@50267e5f Return URL: https://wso2is.wso2.com:9443/carbon/relyingparty/openid_accept.jsp
      [2011-12-07 13:31:34,568] INFO {com.google.step2.AuthRequestHelper} - OpenId: com.google.step2.discovery.IdpIdentifier@50267e5f ReturnToUrl: https://wso2is.wso2.com:9443/carbon/relyingparty/openid_accept.jsp
      [2011-12-07 13:31:35,449] INFO {org.openid4java.discovery.Discovery} - Starting discovery on URL identifier: https://wso2is.wso2.com:9443/openid/admin
      [2011-12-07 13:31:35,529] ERROR {org.wso2.carbon.identity.relyingparty.ui.openid.OpenIDConsumer} - 0x704: I/O transport error: hostname in certificate didn't match: <wso2is.wso2.com> != <localhost>
      org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: hostname in certificate didn't match: <wso2is.wso2.com> != <localhost>
      at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:478)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:248)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:232)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:166)
      at org.openid4java.discovery.Discovery.discover(Discovery.java:147)
      at com.google.step2.discovery.Discovery2.access$101(Discovery2.java:98)
      at com.google.step2.discovery.Discovery2$FallbackDiscovery.oldStyleDiscovery(Discovery2.java:436)
      at com.google.step2.discovery.Discovery2$FallbackDiscovery.get(Discovery2.java:428)
      at com.google.step2.discovery.Discovery2.discover(Discovery2.java:345)
      at com.google.step2.AuthRequestHelper.getDiscoveryInformation(AuthRequestHelper.java:115)
      at com.google.step2.AuthRequestHelper.generateRequest(AuthRequestHelper.java:216)
      at org.wso2.carbon.identity.relyingparty.ui.openid.OpenIDConsumer.authRequest(OpenIDConsumer.java:187)
      at org.wso2.carbon.identity.relyingparty.ui.openid.OpenIDConsumer.doOpenIDAuthentication(OpenIDConsumer.java:113)
      at org.apache.jsp.relyingparty.openid_jsp._jspService(openid_jsp.java:145)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:161)
      at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
      at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:593)
      at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:530)
      at org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
      at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:265)
      at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
      at org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:643)
      at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:637)
      at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87)
      at org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88)
      at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82)
      at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465)
      at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140)
      at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117)
      at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171)
      at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75)
      at org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80)
      at org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_insertAttribute_7(template_jsp.java:524)
      at org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:275)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:161)
      at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
      at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
      at org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30)
      at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:258)
      at org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198)
      at org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:185)
      at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:419)
      at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:370)
      at org.wso2.carbon.ui.action.ActionHelper.render(ActionHelper.java:52)
      at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:101)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
      at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154)
      at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:254)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
      at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396)
      at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <wso2is.wso2.com> != <localhost>
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
      at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:488)
      at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
      at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
      at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
      at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
      at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
      at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
      at org.openid4java.util.HttpCache.head(HttpCache.java:335)
      at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:400)
      ... 109 more

        Activity

          People

          • Assignee:
            Thilina Buddhika
            Reporter:
            Pavithra Madurangi
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: