OTDS Authentication Issue

Options
d_farouk
d_farouk
edited May 19, 2021 in AppWorks #1

Hello,

I'm calling two webservices on AWP simultaneously, to create application entity and upload document using an otds ticket. now the problem is when using the same otds ticket twice, this error is raised.

Please advise.

![CDATA[The validation of an OTDS ticket has failed for the resource with the name '__OTDS#Shared#Platform#Resource__' in organization 'dev'.]]></log4j:message>
<log4j:MDC><![CDATA[correlationID=00155d1a-3d09-a1eb-adc6-3bdb254699f8 host=gpwork processid=990 hopCount=0]]></log4j:MDC>
<log4j:throwable><![CDATA[com.opentext.otds.OtdsException: Replay detected
	at com.opentext.otds.client.WebServiceOtdsCallerV2.checkWebServiceV2Response(WebServiceOtdsCallerV2.java:684)
	at com.opentext.otds.client.WebServiceOtdsCallerV2.validateTicket(WebServiceOtdsCallerV2.java:479)
	at com.opentext.otds.client.OtdsClient.parseTicket(OtdsClient.java:289)
	at com.opentext.otds.client.OtdsClient.validateTicket(OtdsClient.java:260)
	at com.cordys.security.otds.ticketclient.OTDSTicketClientImpl.validateTicket(OTDSTicketClientImpl.java:253)
	at com.cordys.sso.otds.identity.OTDSTicketIdentity.getOSIdentityFromOTDSTicket(OTDSTicketIdentity.java:19)
	at com.cordys.sso.otds.identity.OTDSTicketIdentity.<init>(OTDSTicketIdentity.java:15)
	at com.cordys.sso.otds.identity.OTDSTicketIdentityFactory.createIdentity(OTDSTicketIdentityFactory.java:42)
	at com.cordys.sso.otds.identity.OTDSTicketIdentityFactory.createIdentity(OTDSTicketIdentityFactory.java:24)
	at com.eibus.security.identity.UserIdentityFactory.getIdentity(UserIdentityFactory.java:139)
	at com.eibus.security.identity.UserIdentityFactory.determineIdentity(UserIdentityFactory.java:106)
	at com.eibus.soap.Processor._determineIdentity(Processor.java:1829)
	at com.eibus.soap.SOAPTransaction.getValidatedUserIdentity(SOAPTransaction.java:600)
	at com.eibus.soap.SOAPTransaction.execute(SOAPTransaction.java:336)
	at com.eibus.soap.SOAPTransaction.lambda$new$0(SOAPTransaction.java:252)
	at com.eibus.soap.SOAPTransaction.executeWithSOAPTransactionContext(SOAPTransaction.java:564)
	at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:252)
	at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:231)
	at com.eibus.soap.Processor.onReceive(Processor.java:1446)
	at com.eibus.soap.Processor.onReceive(Processor.java:1427)
	at com.eibus.connector.nom.Connector.onReceive(Connector.java:493)
	at com.eibus.transport.Middleware.lambda$sendMessageInThisVM$11(Middleware.java:957)
	at com.cordys.transaction.TransactionProvider.callInExistingTransaction(TransactionProvider.java:152)
	at com.cordys.transaction.TransactionProvider.createTransactionAndExecuteWork(TransactionProvider.java:133)
	at com.cordys.transaction.TransactionProvider.callInTransaction(TransactionProvider.java:55)
	at com.eibus.transport.Middleware.sendMessageInThisVM(Middleware.java:956)
	at com.eibus.transport.Middleware.sendMessageToRegisteredTargetOrThrowException(Middleware.java:929)
	at com.eibus.transport.Middleware.residesInThisVM(Middleware.java:880)
	at com.eibus.transport.Middleware.send(Middleware.java:689)
	at com.eibus.web.gateway.BusGateway.send(BusGateway.java:412)
	at com.eibus.web.gateway.SOAPTransaction.execute(SOAPTransaction.java:420)
	at com.eibus.web.gateway.SOAPTransaction.<init>(SOAPTransaction.java:254)
	at com.eibus.web.gateway.SOAPTransaction.<init>(SOAPTransaction.java:218)
	at com.eibus.web.soap.Gateway.service(Gateway.java:86)
	at com.eibus.web.isapi.WebApplication.handleExtensionControlBlock(WebApplication.java:101)
	at com.eibus.web.isapi.ServletExtensionControlBlock.handleExtensionControlBlock(ServletExtensionControlBlock.java:89)
	at com.eibus.web.isapi.ExtensionControlBlock.handleMethod(ExtensionControlBlock.java:156)
	at com.eibus.web.isapi.ExtensionControlBlock.execute(ExtensionControlBlock.java:112)
	at com.eibus.web.isapi.Engine$SynchronousRequestHandler.run(Engine.java:121)
	at com.eibus.web.isapi.Engine.processAndLog(Engine.java:94)
	at com.eibus.web.isapi.Engine.handleSynchronousExtensionControlBlock(Engine.java:109)
	at com.cordys.applicationserver.servlet.GatewayServlet.service(GatewayServlet.java:38)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.openejb.server.httpd.EEFilter.doFilter(EEFilter.java:65)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.opentext.dev.CwsDevFilter.doFilter(CwsDevFilter.java:43)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.PreemptiveAuthenticationFilter.doFilter(PreemptiveAuthenticationFilter.java:57)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.OpenEJBSecurityContextFilter.lambda$doFilter$1(OpenEJBSecurityContextFilter.java:41)
	at com.cordys.applicationserver.EJBContextProvider.invokeWithPlatformContext(EJBContextProvider.java:107)
	at com.cordys.applicationserver.EJBContextProvider.lambda$invokeWithPlatformInformation$2(EJBContextProvider.java:99)
	at com.cordys.applicationserver.EJBContextProviderInternal.lambda$invokeWithEJBContext$0(EJBContextProviderInternal.java:52)
	at com.cordys.applicationserver.PlatformContextBean.invoke(PlatformContextBean.java:20)
	at jdk.internal.reflect.GeneratedMethodAccessor203.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.openejb.core.interceptor.ReflectionInvocationContext$Invocation.invoke(ReflectionInvocationContext.java:205)
	at org.apache.openejb.core.interceptor.ReflectionInvocationContext.proceed(ReflectionInvocationContext.java:186)
	at org.apache.openejb.monitoring.StatsInterceptor.record(StatsInterceptor.java:191)
	at org.apache.openejb.monitoring.StatsInterceptor.invoke(StatsInterceptor.java:102)
	at jdk.internal.reflect.GeneratedMethodAccessor202.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.openejb.core.interceptor.ReflectionInvocationContext$Invocation.invoke(ReflectionInvocationContext.java:205)
	at org.apache.openejb.core.interceptor.ReflectionInvocationContext.proceed(ReflectionInvocationContext.java:186)
	at org.apache.openejb.core.interceptor.InterceptorStack.invoke(InterceptorStack.java:85)
	at org.apache.openejb.core.stateless.StatelessContainer._invoke(StatelessContainer.java:252)
	at org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:212)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(EjbObjectProxyHandler.java:265)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:260)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:89)
	at org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:349)
	at com.cordys.applicationserver.PlatformContextBean$$LocalBeanProxy.invoke(com/cordys/applicationserver/PlatformContextBean.java)
	at com.cordys.applicationserver.PlatformContextBean.invoke(PlatformContextBean.java:12)
	at com.cordys.applicationserver.EJBContextProviderInternal.invokeWithEJBContext(EJBContextProviderInternal.java:50)
	at com.cordys.applicationserver.EJBContextProvider.invokeWithPlatformInformation(EJBContextProvider.java:99)
	at com.cordys.applicationserver.filter.OpenEJBSecurityContextFilter.doFilter(OpenEJBSecurityContextFilter.java:39)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.IsUserInRoleFilter.doFilter(IsUserInRoleFilter.java:44)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:93)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.OrganizationFallbackFilter.doFilter(OrganizationFallbackFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.CrossContextRewriteFilter.doFilter(CrossContextRewriteFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.ContentExpiryFilter.doFilter(ContentExpiryFilter.java:116)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.ProcessExperienceFilter.doFilter(ProcessExperienceFilter.java:55)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.OrganizationContextFilter.doFilter(OrganizationContextFilter.java:59)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.LicenseFilter.doFilter(LicenseFilter.java:32)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.LocaleFilter.doFilter(LocaleFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.XUACompatibleFilter.doFilter(XUACompatibleFilter.java:37)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.cordys.applicationserver.filter.VerifyPlatformIsInitializedFilter.doFilter(VerifyPlatformIsInitializedFilter.java:30)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.opentext.otdsauth.OTDSOAuthFilter.doFilter(OTDSOAuthFilter.java:87)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.opentext.otdsauth.OTDSOAuthFilter.doFilter(OTDSOAuthFilter.java:87)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.tomee.catalina.OpenEJBSecurityListener$RequestCapturer.invoke(OpenEJBSecurityListener.java:97)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
]]></log4j:throwable>
<log4j:locationInfo class="com.cordys.security.otds.ticketclient.OTDSTicketClientImpl" method="logAndCreateException" file="OTDSTicketClientImpl.java" line="260"/>
</log4j:event>
Tagged:

Comments

  • jpluimers
    jpluimers E mod
    #2
    Options

    @d_farouk, I expect you're using an OTDS resource bound ticket, maybe starting with '*VER2*'. Such a ticket can only be validated once. It is typically used to get an AppWorks specific authentication with (called SAMLart).

    AppWorks Platform also supports OTDSSSO tickets, from version AWP 16.5. These tickets can be used multiple time, where above mentioned OTDS resource-bound tickets only can be validated once.

    To request an OTDSSSO ticket from OTDS just send a similar request as to get an OTDS ticket, so with username and password, but don't provide the targetResourceId in the request. The returned ticket will start with '*OTDSSSO*'. It also is possible to use this ticket to get an AppWorks authentication token / SAMLart, just provide it in the same wat as an OTDS ticket.

    See https://knowledge.opentext.com/knowledge/cs.dll/kcs/kbarticle/view/KB11932091

  • d_farouk
    d_farouk
    #3
    Options

    Thanks John .. it worked when providing empty targetResourceId

Categories

image
OpenText CE Products
AppWorks
Gateway & Platform