[BUG-12252, 12253] Unable to save IdP

Ignition Early Access
1

Version - 8.0.0-beta0 (b2019010702)

What was done -

Attempting to setup a new OpenID identify provider to Auth against Microsoft (o365/Azure) for our private tenant.

  1. Configured Azure with a new App Registration clientID/secret/config URLs etc…
  2. Setup the Provider Name, etc…
  3. Loaded the OpenID config via the metadata document by clicking import
  4. Added ClientID/Secret
  5. Clicked Save
  6. ERROR Could not save IdP

image.png848×706 28.8 KB

2

Can you check if there are any errors in the gateway logs?

3

Ahhh ha… yes, did not appear in the logs, but found in the wrapper.

I striped out the sensitive information, as all the auth config was printed to the wrapper including secrets (prob should be fixed too). If you need more info, PM me.

INFO   | jvm 1    | 2019/01/07 09:45:03 | com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterManagerException: Problem adding new IdP config
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterManagerImpl.addConfig(IdpAdapterManagerImpl.java:365)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterConfigRoutes.createIdpAdapter(IdpAdapterConfigRoutes.java:78)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.dataroutes.Route.service(Route.java:244)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupImpl.service(RouteGroupImpl.java:49)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.dataroutes.DataServlet.service(DataServlet.java:87)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:852)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:61)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.Server.handle(Server.java:530)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:289)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:149)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at java.base/java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2019/01/07 09:45:03 | Caused by: simpleorm.utils.SException$Validation: Param too long (>-1) for field [F IdpAdapterRecord.CONFIG] and value {"name":".....
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.validation.SValidatorMaxLength.onValidate(SValidatorMaxLength.java:32)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.SFieldMeta.doValidate(SFieldMeta.java:294)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.SRecordInstance.doValidateField(SRecordInstance.java:940)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.SRecordInstance.setObject(SRecordInstance.java:291)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.SRecordInstance.setObject(SRecordInstance.java:248)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at simpleorm.dataset.SRecordInstance.setString(SRecordInstance.java:424)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterRecord.setConfig(IdpAdapterRecord.java:40)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.auth.idp.PersistentRecordIdpAdapterConfigService.add(PersistentRecordIdpAdapterConfigService.java:193)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterManagerImpl.addConfig(IdpAdapterManagerImpl.java:363)
INFO   | jvm 1    | 2019/01/07 09:45:03 | 	... 41 common frames omitted
1 Like
4

Thank you for reporting this. I have isolated the root cause and will issue a fix shortly.

You are totally correct in that sensitive information from the IdP config such as the client secret should not print plaintext to the logs. I will also fix that issue.

2 Likes
5

These issues have been fixed in the build that was uploaded today (2/4).
Please let us know if you continue to see this behavior after upgrading.