Hi,
I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
To test, I've set up two domains, with the admin users in one and the normal users in the other.
I've set up two certificate mapping rules (both for the same CA), one for each domain.
However LC will only authenticate users who are matched using the first certificate mapping rule.
Has anyone else seen/tried this? Have I missed something obvious?
For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
Thanks
Craig
Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
2010-05-11 11:23:41,331 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerB ean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,835 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerB ean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
SEVERE: Unexpected exception in Rest Call
com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerB ean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.jav a:251)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.jav a:194)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:338)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:154)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:162)
at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authe nticateWithWSHeaderElement(UserManagerUtilServiceImpl.java:173)
at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(Defaul tPOJOInvokerImpl.java:118)
at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(In vocationInterceptor.java:140)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.int ercept(DocumentPassivationInterceptor.java:53)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.do InTransaction(TransactionInterceptor.java:74)
at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapt erBean.doRequiresNew(EjbTransactionBMTAdapterBean.java:218)
at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(S tatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invo ke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidation Interceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInte rceptor.java:121)
at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxI nterceptorBMT.java:173)
at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:7 7)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(Stat elessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor. java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFacto ryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:6 48)
at org.jboss.ejb.Container.invoke(Container.java:960)
at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalPro xyFactory.java:430)
at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSes sionProxy.java:103)
at $Proxy179.doRequiresNew(Unknown Source)
at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute (EjbTransactionProvider.java:145)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.inte rcept(TransactionInterceptor.java:72)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.inte rcept(InvocationStrategyInterceptor.java:55)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept( InvalidStateInterceptor.java:37)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept (AuthorizationInterceptor.java:165)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterc eptor.java:48)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.procee d(RequestInterceptorChainImpl.java:60)
at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineI mpl.java:121)
at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMes sage(AbstractMessageReceiver.java:93)
at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessa geDispatcher.java:225)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(A bstractMessageDispatcher.java:66)
at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:2 08)
at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authent icate(UserManagerUtilServiceClient.java:210)
at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549 )
at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClient AuthenticationHeader(RestFacade.java:161)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHan dler(RestFacade.java:206)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticat ionToken(RestFacade.java:226)
at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler .handleRequest(RestDefaultRequestHandler.java:29)
at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler. handleRequest(RestSecureRequestHandler.java:13)
at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRe quest(RestRequestRouter.java:10)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(Rest Servlet.java:50)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestSer vlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi lter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit yAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv e.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC onnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:241)
a
2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ss(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44 7)
at java.lang.Thread.run(Unknown Source)