Message Boards
Liferay 7.2 DXP EE Integration of OKTA through OpenID Connect
Amit sinha, modified 4 Years ago.
Liferay 7.2 DXP EE Integration of OKTA through OpenID Connect
New Member Posts: 17 Join Date: 6/4/15 Recent Posts
Hi,
I have configured all the configurations related to OKTA through OpenID Connect (Client App set up) in Liferay DXP. Below are the properties configured through the configuration entry form provided in Control Panel --> System Settings;
1. Provider Name, Client ID, Client Secret, Authorization Endpoint, Token Endpoint, User Information, JWKS URI, Scopes (as - "openid email profile") & Subject Type ("public")
Once these configurations are setup; have also enabled OpenID Connect authentication under System Settings, post which I'm able to see the OpenID Connect link in Sign-in Portlet. On clicking OpenID Connect link from Sign-In portlet, it is redirected to a page, where the provider information (that was configured through configuration entries) is shown. Clicking on Sign-In button from this view, redirects to OKTA sign-in page (where-in username and password is supplied for authorization); upon clicking on Sign-In from OKTA sign-in page; it is redirecting to a page with an error message as "Internal Server Error" in Liferay DXP.
Request the team's expert suggestions / support here to proceed further - from the below error trace, I could understand that auth tokens aren't getting exchanged properly - not sure if any configurations are being missed and should customize the login functionality of Liferay to bypass the authentication for OIDC flow.
Error Trace
2019-11-26 12:50:03.525 ERROR [http-nio-8080-exec-3][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response: Unable to get tokens from https://{okta.domain}/oauth2/v1/token: Connection reset
com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException$TokenException: Unable to get tokens from https://{okta.domain}oauth2/v1/token: Connection reset
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestTokens(OpenIdConnectServiceHandlerImpl.java:530)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestIdToken(OpenIdConnectServiceHandlerImpl.java:466)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.processAuthenticationResponse(OpenIdConnectServiceHandlerImpl.java:166)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processAuthenticationResponse(OpenIdConnectFilter.java:109)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processFilter(OpenIdConnectFilter.java:150)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.toHttpURLConnection(HTTPRequest.java:814)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:882)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestTokens(OpenIdConnectServiceHandlerImpl.java:502)
... 59 more
2019-11-26 12:50:03.720 ERROR [http-nio-8080-exec-3][status_jsp:852] Unable to get tokens from https://{okta.domain}/oauth2/v1/token: Connection reset
26-Nov-2019 12:50:03.749 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Main Servlet] in context with path [] threw exception [java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:488)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at com.liferay.portal.servlet.filters.absoluteredirects.AbsoluteRedirectsResponse.sendRedirect(AbsoluteRedirectsResponse.java:47)
at com.liferay.portal.action.LoginAction.execute(LoginAction.java:191)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectSessionValidationFilter.processFilter(OpenIdConnectSessionValidationFilter.java:124)
2019-11-26 12:50:04.919 WARN [http-nio-8080-exec-3][code_jsp:160] {code="400", msg="", uri=/c/portal/login/openidconnect}
javax.servlet.ServletException: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at com.liferay.portal.struts.PortalRequestProcessor._process(PortalRequestProcessor.java:428)
at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:155)
at com.liferay.portal.internal.servlet.MainServlet.doGet(MainServlet.java:205)
... 82 more
Thanks
Amit
I have configured all the configurations related to OKTA through OpenID Connect (Client App set up) in Liferay DXP. Below are the properties configured through the configuration entry form provided in Control Panel --> System Settings;
1. Provider Name, Client ID, Client Secret, Authorization Endpoint, Token Endpoint, User Information, JWKS URI, Scopes (as - "openid email profile") & Subject Type ("public")
Once these configurations are setup; have also enabled OpenID Connect authentication under System Settings, post which I'm able to see the OpenID Connect link in Sign-in Portlet. On clicking OpenID Connect link from Sign-In portlet, it is redirected to a page, where the provider information (that was configured through configuration entries) is shown. Clicking on Sign-In button from this view, redirects to OKTA sign-in page (where-in username and password is supplied for authorization); upon clicking on Sign-In from OKTA sign-in page; it is redirecting to a page with an error message as "Internal Server Error" in Liferay DXP.
Request the team's expert suggestions / support here to proceed further - from the below error trace, I could understand that auth tokens aren't getting exchanged properly - not sure if any configurations are being missed and should customize the login functionality of Liferay to bypass the authentication for OIDC flow.
Error Trace
2019-11-26 12:50:03.525 ERROR [http-nio-8080-exec-3][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response: Unable to get tokens from https://{okta.domain}/oauth2/v1/token: Connection reset
com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException$TokenException: Unable to get tokens from https://{okta.domain}oauth2/v1/token: Connection reset
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestTokens(OpenIdConnectServiceHandlerImpl.java:530)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestIdToken(OpenIdConnectServiceHandlerImpl.java:466)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.processAuthenticationResponse(OpenIdConnectServiceHandlerImpl.java:166)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processAuthenticationResponse(OpenIdConnectFilter.java:109)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectFilter.processFilter(OpenIdConnectFilter.java:150)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.toHttpURLConnection(HTTPRequest.java:814)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:882)
at com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectServiceHandlerImpl.requestTokens(OpenIdConnectServiceHandlerImpl.java:502)
... 59 more
2019-11-26 12:50:03.720 ERROR [http-nio-8080-exec-3][status_jsp:852] Unable to get tokens from https://{okta.domain}/oauth2/v1/token: Connection reset
26-Nov-2019 12:50:03.749 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Main Servlet] in context with path [] threw exception [java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:488)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at com.liferay.portal.servlet.filters.absoluteredirects.AbsoluteRedirectsResponse.sendRedirect(AbsoluteRedirectsResponse.java:47)
at com.liferay.portal.action.LoginAction.execute(LoginAction.java:191)
at com.liferay.portal.security.sso.openid.connect.internal.service.filter.OpenIdConnectSessionValidationFilter.processFilter(OpenIdConnectSessionValidationFilter.java:124)
2019-11-26 12:50:04.919 WARN [http-nio-8080-exec-3][code_jsp:160] {code="400", msg="", uri=/c/portal/login/openidconnect}
javax.servlet.ServletException: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at com.liferay.portal.struts.PortalRequestProcessor._process(PortalRequestProcessor.java:428)
at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:155)
at com.liferay.portal.internal.servlet.MainServlet.doGet(MainServlet.java:205)
... 82 more
Thanks
Amit
Attachments:
Srikanth Reddy Sanivarapu, modified 4 Years ago.
RE: Liferay 7.2 DXP EE Integration of OKTA through OpenID Connect
Regular Member Posts: 203 Join Date: 11/15/08 Recent Posts
Did you find a solution for this. I too see the same error in my platform.
Upender Kashyap, modified 3 Years ago.
RE: Liferay 7.2 DXP EE Integration of OKTA through OpenID Connect
Junior Member Posts: 30 Join Date: 8/12/20 Recent Posts
I am also facing same issue while connecting to Azure AD. Did anyone get a solution for this? Thanks in Advance.