Hi I have setup the identity provider with roles and allocated the users to the roles.
When opening the designer it is not showing any roles in security settings.
I am not sure where i am going wrong......?
Hi Team,
I can see identity provider displaying roles for prospective permission but not with vision.
Is the identity provider is not useable in vision?
Thanks Aaronrai24
I was thinking if identity provider is selected then user source should be identity provider rather than default or any other user source created......
i noticed on wrapper there is following error:
| jvm 1 | 2023/07/27 11:09:57 | E [g.ExpressionSecurityLevelPolicy] [23:09:57]: Unexpected problem executing the security level policy expression. Evaluating policy to false. derived-security-level-policy=Authenticated/Custom Roles/Administrators, route-group=federate, idp-adapter-name=SAMLTest_MG, route-path=/callback/:type
INFO | jvm 1 | 2023/07/27 11:09:57 | com.inductiveautomation.ignition.common.expressions.ExpressionException: Value is not a Collection
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.expr.WebAuthFunctionFactory$ContainsFunction.execute(WebAuthFunctionFactory.java:45)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.common.expressions.FunctionExpression.execute(FunctionExpression.java:69)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.expr.DerivedSecurityLevelPolicyExpression.execute(DerivedSecurityLevelPolicyExpression.java:79)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.expr.ExpressionSecurityLevelPolicy.test(ExpressionSecurityLevelPolicy.java:32)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.expr.ExpressionSecurityLevelPolicy.test(ExpressionSecurityLevelPolicy.java:18)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.evaluate(DerivedSecurityLevelPolicyNode.java:99)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.lambda$evaluate$1(DerivedSecurityLevelPolicyNode.java:127)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Optional.map(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.evaluate(DerivedSecurityLevelPolicyNode.java:127)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.AuthenticatedDerivedSecurityLevelPolicyNode.evaluate(AuthenticatedDerivedSecurityLevelPolicyNode.java:83)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.lambda$evaluate$0(DerivedSecurityLevelPolicyNode.java:120)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.evaluate(DerivedSecurityLevelPolicyNode.java:123)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.AuthenticatedDerivedSecurityLevelPolicyNode.evaluate(AuthenticatedDerivedSecurityLevelPolicyNode.java:83)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.lambda$evaluate$0(DerivedSecurityLevelPolicyNode.java:120)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.DerivedSecurityLevelPolicyNode.evaluate(DerivedSecurityLevelPolicyNode.java:123)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.security.level.policy.AuthenticatedDerivedSecurityLevelPolicyNode.evaluate(AuthenticatedDerivedSecurityLevelPolicyNode.java:83)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapter.lambda$grantSecurityLevelsInternal$0(IdpAdapter.java:148)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapter.grantSecurityLevelsInternal(IdpAdapter.java:151)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapter.grantSecurityLevels(IdpAdapter.java:206)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.WebAuthSessionImpl.refreshWebAuthSessionContext(WebAuthSessionImpl.java:203)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.WebAuthSessionImpl.onLoginResponseInternal(WebAuthSessionImpl.java:237)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.WebAuthSessionImpl.lambda$handleLoginResponse$3(WebAuthSessionImpl.java:264)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.WebAuthSessionImpl.mdc(WebAuthSessionImpl.java:108)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.idp.WebAuthSessionImpl.handleLoginResponse(WebAuthSessionImpl.java:264)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.servlets.gateway.functions.Login$LogInResponseHandler.applyResponse(Login.java:739)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.web.WebAuthRequestCollection$BaseWebAuthResponseHandler.handle(WebAuthRequestCollection.java:381)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.federation.FederationRoutes.callback(FederationRoutes.java:274)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.auth.federation.FederationRoutes$CrossSiteRouteHandler.handle(FederationRoutes.java:122)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.dataroutes.Route.service(Route.java:254)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupImpl.service(RouteGroupImpl.java:61)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupCollectionServlet.serviceInternal(RouteGroupCollectionServlet.java:59)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.ignition.gateway.dataroutes.AbstractRouteGroupServlet.service(AbstractRouteGroupServlet.java:38)
INFO | jvm 1 | 2023/07/27 11:09:57 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
INFO | jvm 1 | 2023/07/27 11:09:57 | at com.inductiveautomation.catapult.handlers.RemoteHostNameLookupHandler.handle(RemoteHostNameLookupHandler.java:121)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:301)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.Server.handle(Server.java:563)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
INFO | jvm 1 | 2023/07/27 11:09:57 | at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
INFO | jvm 1 | 2023/07/27 11:09:57 | at java.base/java.lang.Thread.run(Unknown Source)
Hi Team,
I manage to get this sorted. Where i was wrong. I created custom roles. with identity provider roles needs to be created under Authentication>Roles. Role names have to match exactly same as what is in Active directory.
1 Like