OpenDaylight JIRA https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 [AAA-192] Warning displayed when using multiple auth methods https://jira.opendaylight.org/browse/AAA-192 aaa <p>The system raises an exception for LDAP auth when a local account is used and vice versa. That is, even if the user can successfully authenticate via one method, there is a WARN message regarding the other one. Is there a way to avoid this?</p> <p><b>Configuration:</b></p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">   &lt;!-- add tokenAuth and LDAP realms --&gt;     &lt;main&gt;         &lt;pair-key&gt;securityManager.realms&lt;/pair-key&gt;         &lt;pair-value&gt;$tokenAuthRealm, $ldapRealm&lt;/pair-value&gt;     &lt;/main&gt; </pre> </div></div> <p> </p> <p><b>Local Auth Fail:</b></p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> 2019-08-27T10:13:56,416 | INFO  | qtp1307418334-3400 | ODLJndiLdapRealm                 | 202 - org.opendaylight.aaa.shiro - 0.8.1 | AAA LDAP connection from admin2019-08-27T10:13:56,419 | WARN  | qtp1307418334-3400 | ModularRealmAuthenticator        | 141 - org.apache.shiro.core - 1.3.2 | Realm [org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm@3d65171e] threw an exception during a multi-realm authentication attempt:org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.        at org.apache.shiro.realm.ldap.DefaultLdapRealm.doGetAuthenticationInfo(DefaultLdapRealm.java:300) [141:org.apache.shiro.core:1.3.2]        at org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm.doGetAuthenticationInfo(ODLJndiLdapRealm.java:135) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter.onAccessDenied(BasicHttpAuthenticationFilter.java:227) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [142:org.apache.shiro.web:1.3.2]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) [163:org.eclipse.jetty.servlets:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:205) [172:org.eclipse.jetty.websocket.server:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.opendaylight.aaa.filterchain.filters.CustomFilterAdapter.doFilter(CustomFilterAdapter.java:86) [199:org.opendaylight.aaa.filterchain:0.8.1]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [159:org.eclipse.jetty.security:9.3.24.v20180605]        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:296) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.Server.handle(Server.java:539) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at java.lang.<span class="code-object">Thread</span>.run(<span class="code-object">Thread</span>.java:748) [?:?]Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154) ~[?:?]        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[?:?]        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) ~[?:?]        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) ~[?:?]        at com.sun.jndi.ldap.LdapCtx.&lt;init&gt;(LdapCtx.java:319) ~[?:?]        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:?]        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:?]        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:?]        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:?]        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:?]        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:?]        at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:?]        at javax.naming.ldap.InitialLdapContext.&lt;init&gt;(InitialLdapContext.java:154) ~[?:?]        at org.apache.shiro.realm.ldap.JndiLdapContextFactory.createLdapContext(JndiLdapContextFactory.java:508) ~[?:?]        at org.apache.shiro.realm.ldap.JndiLdapContextFactory.getLdapContext(JndiLdapContextFactory.java:495) ~[?:?]        at org.apache.shiro.realm.ldap.DefaultLdapRealm.queryForAuthenticationInfo(DefaultLdapRealm.java:375) ~[?:?]        at org.apache.shiro.realm.ldap.DefaultLdapRealm.doGetAuthenticationInfo(DefaultLdapRealm.java:295) ~[?:?]        ... 59 more </pre> </div></div> <p> </p> <p><b>LDAP Auth Failure</b></p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> 2019-08-27T10:14:15,691 | WARN  | qtp1307418334-3335 | ModularRealmAuthenticator        | 141 - org.apache.shiro.core - 1.3.2 | Realm [org.opendaylight.aaa.shiro.realm.TokenAuthRealm@2fbcffc1] threw an exception during a multi-realm authentication attempt:org.opendaylight.aaa.api.AuthenticationException: User :d618585 does not exist in domain sdn        at org.opendaylight.aaa.shiro.idm.IdmLightProxy.dbAuthenticate(IdmLightProxy.java:102) ~[?:?]        at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660) [?:?]        at org.opendaylight.aaa.shiro.idm.IdmLightProxy.authenticate(IdmLightProxy.java:67) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.opendaylight.aaa.shiro.idm.IdmLightProxy.authenticate(IdmLightProxy.java:40) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.opendaylight.aaa.shiro.tokenauthrealm.auth.HttpBasicAuth.generateAuthentication(HttpBasicAuth.java:102) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.opendaylight.aaa.shiro.tokenauthrealm.auth.HttpBasicAuth.validate(HttpBasicAuth.java:122) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.opendaylight.aaa.shiro.realm.TokenAuthRealm.doGetAuthenticationInfo(TokenAuthRealm.java:148) [202:org.opendaylight.aaa.shiro:0.8.1]        at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter.onAccessDenied(BasicHttpAuthenticationFilter.java:227) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [141:org.apache.shiro.core:1.3.2]        at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [142:org.apache.shiro.web:1.3.2]        at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [142:org.apache.shiro.web:1.3.2]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) [163:org.eclipse.jetty.servlets:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:205) [172:org.eclipse.jetty.websocket.server:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.opendaylight.aaa.filterchain.filters.CustomFilterAdapter.doFilter(CustomFilterAdapter.java:86) [199:org.opendaylight.aaa.filterchain:0.8.1]        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [159:org.eclipse.jetty.security:9.3.24.v20180605]        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:296) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [162:org.eclipse.jetty.servlet:9.3.24.v20180605]        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [377:org.ops4j.pax.web.pax-web-jetty:6.0.11]        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.Server.handle(Server.java:539) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [161:org.eclipse.jetty.server:9.3.24.v20180605]        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [153:org.eclipse.jetty.io:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [164:org.eclipse.jetty.util:9.3.24.v20180605]        at java.lang.<span class="code-object">Thread</span>.run(<span class="code-object">Thread</span>.java:748) [?:?]2019-08-27T10:14:15,693 | INFO  | qtp1307418334-3335 | ODLJndiLdapRealm                 | 202 - org.opendaylight.aaa.shiro - 0.8.1 | AAA LDAP connection from d618585 </pre> </div></div> <p> </p> <p> <br/>  </p> AAA-192 Warning displayed when using multiple auth methods Bug Medium In Review Unresolved Oleksandr Zharov Tejas Nevrekar Wed, 4 Dec 2019 08:12:49 +0000 Mon, 22 Aug 2022 09:52:27 +0000 General 1 5 <p>Looking at the implementation of apache shiro 1.3.2, this WARN message cannot be blocked by any configuration in AAA application.<br/> The only way is to set log level for org.apache.shiro as ERROR.</p> <p>The way multiple realms works is as follows<br/> a. The credentials are vailadated by all the suggested realms</p> <p>b. Even if one is successful, the request is responded. (This behavior can be changed by using different configuration in aaa-app-config xml)<br/> Ref: <a href="https://shiro.apache.org/static/1.3.2/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html" class="external-link" target="_blank" rel="nofollow noopener">https://shiro.apache.org/static/1.3.2/apidocs/org/apache/shiro/authc/pam/AuthenticationStrategy.html</a></p> <p>c. The warning being displayed can be only avoaidded using the suggested log settings.<br/> (currently AAA uses Apache Shiro 1.3.2, the future shiro versions logs this at DEBUG so should not be an issue)</p> <p><a href="https://jira.opendaylight.org/secure/ViewProfile.jspa?name=tnevrekar" class="user-hover" rel="tnevrekar">tnevrekar</a>Can we close this issue?</p> <p>I think we need the Shiro upgrade first.</p> <p>Needs to be checked whether this is still present.</p> <p><a href="https://jira.opendaylight.org/secure/ViewProfile.jspa?name=ojo" class="user-hover" rel="ojo">ojo</a> The log you have provided in <span class="nobr"><a href="https://jira.opendaylight.org/secure/attachment/17914/17914_karaf.log" title="karaf.log attached to AAA-192">karaf.log<sup><img class="rendericon" src="https://jira.opendaylight.org/images/icons/link_attachment_7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> is too big and contains a lot of exceptions. I am unsure if they mean some error during auth or not. Please try the following to make logs shorter:</p> <p>log:clear</p> <p>do auth using local account</p> <p>log:tail</p> <p>copy log to this issue attachments</p> <p>and repeat the same for LDAP case.</p> <p>Added new log. I cleared all old logs. Now there info from karaf start, requests from three users and karaf stop.</p> <p>I tried to reproduce issue and failed. All info about it is in attachments. It's either no longer exist or it should be tested in other way.</p> <p>The file <span class="nobr"><a href="https://jira.opendaylight.org/secure/attachment/17914/17914_karaf.log" title="karaf.log attached to AAA-192">karaf.log<sup><img class="rendericon" src="https://jira.opendaylight.org/images/icons/link_attachment_7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span>shows that there are no more logs like:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> LDAP authentication failed.</pre> </div></div> <p>in the case of successful local user authentication.</p> <p> </p> <p>In the case when LDAP authentication is successful we do not see any:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> User :d618585 does not exist in domain sdn. </pre> </div></div> <p>logs any more.</p> <p> </p> <p> </p> Blocks AAA-188 Development Rank 0|i03q9b: