a-langer / nexus-sso Goto Github PK

View Code? Open in Web Editor NEW

62.0 62.0 14.0 329 KB

Single Sign-On patch for Nexus OSS

License: Eclipse Public License 1.0

Dockerfile 1.97% Java 82.72% Groovy 2.17% HTML 7.21% JavaScript 5.93%

nexus-sso's People

Contributors

Stargazers

Watchers

Forkers

wenceslas vvatta magicjie pringinacio brbcza vrtdev aisyun alexgluck vitaly-zverev

nexus-sso's Issues

Context Path Support

Greetings, by having our Nexus service behind "/nexus" context path, we're facing some issues with SAML functionality. After authentication against Azure, we're getting redirected to the root domain (without context path). Seems to be happening after "/callback". After it if we manually in browser go again to "/nexus", user is logged in and no issues. Where could be the issue? Shiro/metadatas url's are set with context path.

Okta integration, 405 error

Hi!

I have been trying to set this (image 3.46) up with an Okta instance, but after getting past the login (which works great), I get hit with a 405 error:

After a bunch of experimentation, I suspect that the issue is the single-sign-on URL setting in okta. I have tried a bunch of different things, but to no avail.

Based on the guide referenced in the README and other places, I tried a bunch of different things, including auth/realms/master.

What would be the appropriate thing to put there?

Kind regards
Sam

The user loses all roles every time he logs in with SSO

Error 500 Internal Server Error

Hello,

We have a nexus on an EC2 instance on AWS where we applied the SSO patch by:

Override nexus-bootstrap.jar
Override nexus-repository-services.jar
Add SSO and urlrewrite configs

We see the "Sign in with SSO" button but when we click on it, we end up on the /index.html endpoint with a Error 500 Internal Server Error page from nexus jetty server.

We use the default XML files (metadata-keycloak.xml metadata.xml samlKeystore.jks shiro.ini sp-metadata.xml urlrewrite.xml ) that are already provided in this repo. So we should get a redirect to Okta, like on the demo docker image.

We also already added these lines to our logback.xml: https://github.com/a-langer/nexus-sso/blob/main/docs/SAML.md#debug but with no luck. We do not see more related logging about the error 500.

We also do not use an .env file, but I could not see what env vars are critical to make this work.

At this moment we are looking for a needle in the haystack. Without better logging, we can not find the problem.

User ID Format

Greetings, we're having an issue when using SAML claim for user ID having following format "name.surname", after authentication we're getting error 500 exceptions in the user profile UI (other locations seem to be working fine and proper user exists in the admin panel).
In logs exceptions, when we go to user profile we see that it throws user "[email protected]" is not found, changing claim to the emailaddress fixes the issue, but ideally we would not use email for ID.
Our IDP is Azure and we change "pac4jAuthenticationListener.attrs[id]" property in the shira.ini file. One of the suspicions is that SAML response has "id" claim as well and its in email format, maybe profile functionality is hardcoded somewhere to use literal claim ID and not the "pac4jAuthenticationListener.attrs[id]" variable.
We have users with such ID formatting in production Nexus without issues.

Logout not working

Hi,

Do you know if logout function (via Nexus) with SAML and Keycloak is working?

We managed to configure correctly Nexus integrated with Keycloak via SAML.
Login works correctly

Logout button on Nexus, appears to have logout, but after sign-in button is pressed, it redirects to Keycloak (as expected), and then back to Nexus. The credentials screen does not appear and the user is logged in again.

Checking the logs, the Pac4jAuthenticationListener.java is called (onLogout method).
The method onLogout in Pac4jAuthenticationListener.java only has a log trace line and nothing is done.

SAML Roles mapping resets on every login

I am using Okta SSO to login to Nexus.

First, there is no way I can make the Roles:Group mapping to work. I have a role created in Nexus called "test-role" and I have updated value for authorizationGenerator.roleAttributes with sub_team in shiro.ini: the variable from IdP User Profile that contains the value "test-role", but no mapping takes place. Please tell me what I am missing here.

Secondly, if I go ahead and manually assign the newly created user (through SSO login) with say nx-admin role, whenever the user logs in after assignment, this role is reset. Following is from the logs:

2669	2023-08-24 13:17:04,688+0000 TRACE [qtp84619637-674]  *UNKNOWN com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - userQuery sql: SELECT * FROM user WHERE id = '[email protected]'
  2670	2023-08-24 13:17:04,689+0000 TRACE [qtp84619637-674]  *UNKNOWN com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - userUpdate/userInsert sql: UPDATE user SET firstName = 'Bilal', lastName = 'Bokhari', email = '[email protected]', status = 'active', password = '[pac4jRealm]' WHERE id = '[email protected]'
  2671	2023-08-24 13:17:04,690+0000 TRACE [qtp84619637-674]  *UNKNOWN com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - roleQuery sql: SELECT * FROM user_role_mapping WHERE userId = '[email protected]'
  2672	2023-08-24 13:17:04,690+0000 TRACE [qtp84619637-674]  *UNKNOWN com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - roleUpdate/roleInsert sql: UPDATE user_role_mapping SET source = 'default', roles = 'nx-authenticated,nx-public' WHERE userId = '[email protected]'

Ideally what I want is that when a user signs in with SSO, using value from a variable from IdP profile, say subteam=d_prod, a role with name "d_prod" is mapped to this user, that stays persistent.

Following is the structure of IdP from nexus.log

2663	2023-08-24 13:17:04,685+0000 DEBUG [qtp84619637-674]  *UNKNOWN org.pac4j.saml.client.SAML2Client - credentials : SAML2Credentials{nameId=SAMLNameID{format='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', nameQualifier='null', spNameQualifier='null', spProviderId='null', value='[email protected]'}, sessionIndex='_0794e6d7c1f14092a34cba8903bdcb0a0730b52', attributes=[SAMLAttribute{friendlyName='null', name='firstName', nameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:basic', attributeValues=[Bilal]}, SAMLAttribute{friendlyName='null', name='lastName', nameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:basic', attributeValues=[Bokhari]}, SAMLAttribute{friendlyName='null', name='email', nameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:basic', attributeValues=[[email protected]]}, SAMLAttribute{friendlyName='null', name='username', nameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:basic', attributeValues=[[email protected]]}, SAMLAttribute{friendlyName='null', name='roles', nameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:basic', attributeValues=[aws#playground#261700167, admin_panel#access, blackduck-users, piam_team#platform, All Employees,  - test Product Team, piam_subteam#dprod, piam_app#admin_panel_staging#access, piam_app#admin_panel#access, coverity-users, piam_app#k8s_stg#platform_drod, Airflow User, Enterprise Mobility & Security (E3) License Removal, K/Full Time Remote, Everyone, aws#platform-admin#93370186,  - Engineering,  Auth, piam_app#blacuck#user, piam_subteam#platform_dprod, Engineering, Software, Tabu--Software Engineering-Viewer,  App Access, aws#piam_subteam_platform_dprod#72065712, k8s#platform, piam_app#admin_panel_preview#access, admin_panel#access_tf, aws#production-platform#93580186, Full Time Employees (FTE), k8s#argocd_read_only, k8s#admin, K, piam_app#aws#piam_subteam_platform_dprod#93379486, Engineering Okta]}], conditions=SAMLConditions{notBefore=2023-08-24T13:12:04.289Z, notOnOrAfter=2023-08-24T13:22:04.289Z}, issuerId='https://www.okta.com/exko722aZ5j', authnContexts=[urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport]}
  2664	2023-08-24 13:17:04,685+0000 DEBUG [qtp84619637-674]  *UNKNOWN org.pac4j.saml.client.SAML2Client - profile: #SAML2Profile# | id: [email protected] | attributes: {firstName=[Bilal], lastName=[Bokhari], roles=[aws#playground#2617167, admin_panel#access, bkduck-users, piam_team#platform, All Employees, Miro - test Product Team, piam_subteam#dprod, piam_app#admin_panel_staging#access, piam_app#admin_panel#access, coverity-users, piam_app#k8s_stg#platform_dprod, Airflow User, Enterprise Mobility & Security (E3) License Removal, K/Full Time Remote, Everyone, aws#production-platform-admin#933794186, Ludchart - Engineering,  Auth, piam_app#blackduck#user, piam_subteam#platform_dprod, Engineering, Software, Tableau-PROD-Software Engineering-Viewer,  App Access, aws#piam_subteam_platform_dprod#72065712, k8s#platform, piam_app#admin_panel_preview#access, admin_panel#access_tf, aws#production-platform#933790186, Full Time Employees (FTE), k8s#argocd_read_only, k8s#admin, PK, piam_app#aws#piam_subteam_platform_dprod#933790186, Engineering Okta], notOnOrAfter=2023-08-24T13:22:04.289Z, sessionindex=_0794e6d7c1f14092a34cba8903bdcb0a0730b52, [email protected], notBefore=2023-08-24T13:12:04.289Z, [email protected]} | roles: [] | permissions: [] | isRemembered: false | clientName: null | linkedId: null |

There isn't SAML option after I run the image

Hi, I have a separate VM that my Keycloak runs on that, Now I want to connect this Nexus to that Keycloak after I run that image and I go to browser and log in to that with the internal user of Nexus but I don't see the any SAML option and I read the README of this project and in this link It shows in Nexus UI there's SAML option, but I don't see it. should change any environment to true or it's a bug? ( I used the docker compose of this project)

(I meant I don't see this option after I run the docker compose in my Nexus, I see this picture from that link )

NuGet API Key access issue

Greetings, we're having an issue accessing NuGet API Key with our SSO users. Providing username in the password results in authentication failing. Our suspicions:

We recently asked about changing User ID formatting and we changed "pac4jRealm.principalNameAttribute" to a different SAML claim (there was no "username" in our Azure IDP response). Current format: "name.surname", getting back to a default one is not changing outcome.
Documentation mentions having two realms "Local Authenticating Realm" and "Local Authorizing Realm", but we're having only "Local Authenticating Realm" activated, second one is missing from either Realm lists.
We also upgraded Nexus to 3.61.0 (including plugins), no issues with other functionality.

Logs showing:

2023-10-24 14:58:52,196+0000 TRACE [qtp369070482-100] name.surname com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - onFailure token: org.apache.shiro.authc.UsernamePasswordToken - name.surname, rememberMe=false , exception:
org.sonatype.nexus.security.authc.NexusAuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens.

Maven building the JAR fails: Fatal error compiling: invalid flag: --release

Hello,

I noticed something strange in the pom.xml file:

nexus-sso/pom.xml

Line 16 in d726b46

<maven.compiler.release>8</maven.compiler.release>

This line (release tag) introduces a feature that is only available from java 9 and +.
But this project is targeted to be build with java 8.
Hence getting the error: (when executing mvn clean package)

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project nexus-repository-services: Fatal error compiling: invalid flag: --release -> [Help 1]

Also tried building it with openjdk 11 but I am getting this clear error:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project nexus-repository-services: Fatal error compiling: error: release version 8 not supported -> [Help 1]

Removing this line from the pom.xml file fixes the building on java 8:

nexus-sso/pom.xml

Line 16 in d726b46

<maven.compiler.release>8</maven.compiler.release>

Nuget API Key not working after upgrading to 3.58.1-02

Hello,

After upgrading from 3.49.x to 3.58.1-02, we have noticed that users are not able to create/access Nuget API Keys anymore.

This was not an issue on version 3.49.x.

I have checked this users permissions and it has nx-admin role assigned.
I have also tested this like the README told me:

Note: For SSO and user tokens, it is enough to have two realms: "Local Authenticating Realm" and "Local Authorizing Realm". Other realms are not required and may lead to conflicts.

I have enabled TRACE logging for the nexus sso and this is what I get:

2023-10-03 08:43:11,112+0000 TRACE [qtp942638576-84]  redacted.user.email com.github.alanger.nexus.bootstrap.Pac4jAuthenticationListener - onFailure token: org.apache.shiro.authc.UsernamePasswordToken - redacted.user.email, rememberMe=false , exception:
org.sonatype.nexus.security.authc.NexusAuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.
	at org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:99)
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:275)
	at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
	at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)

Can you also reproduce this issue on 3.58.1-02?

500 Internal Server Error on SSO login

I am using Okta SSO for login. The configuration for timeout on the side of Okta is 45min of inactivity(and this cannot be changed from admin side). I have defined 45min (2700) as the value for saml2Config.maximumAuthenticationLifetime in shiro.ini. With these configurations, I still get Internal Server Error 500 on UI (after the time has passed) and the following error in nexus.log.

2023-08-29 12:22:38,866+0000 ERROR [qtp84619637-109] *UNKNOWN org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator - Current assertion validation failed, continue with the next one org.pac4j.saml.exceptions.SAMLAuthnInstantException: Authentication issue instant is too old or in the future

500 Internal Server on SSO login

Expected behavior:

When token validity expires, should prompt user to re-login via SSO. Instead throws 500 Internal Server Error.

2023-08-24 13:53:04,756+0000 ERROR [qtp84619637-680]  *UNKNOWN org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator - Current assertion validation failed, continue with the next one
org.pac4j.saml.exceptions.SAMLAuthnInstantException: Authentication issue instant is too old or in the future
	at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAuthenticationStatements(SAML2AuthnResponseValidator.java:592)
	at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:369)
	at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:293)
	at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:140)
	at org.pac4j.saml.profile.impl.AbstractSAML2MessageReceiver.receiveMessage(AbstractSAML2MessageReceiver.java:83)
	at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35)
	at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.extract(SAML2CredentialsExtractor.java:74)
	at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.extract(SAML2CredentialsExtractor.java:26)
	at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:65)
	at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:140)
	at org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:89)
	at io.buji.pac4j.filter.CallbackFilter.doFilter(CallbackFilter.java:94)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:458)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:96)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:373)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:370)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:112)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:116)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:79)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)
	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
	at com.github.alanger.shiroext.servlets.ResponseComittedFilter.doFilter(ResponseComittedFilter.java:24)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:405)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
	at java.lang.Thread.run(Thread.java:750)

User Authentication Tokens not working

I have only 2 default realms. I created the token from NuGet API Key menu as described in the README. I use this token to push some artifacts (jar) to maven hosted repository. I have not changed any configuration for thi. I get this error when trying to push artifacts from where the command is executed:

Exception in thread "main" java.util.concurrent.ExecutionException: java.lang.RuntimeException: BASIC realm="Sonatype Nexus Repository Manager"

and this in nexus.log:

574 org.sonatype.nexus.security.authc.NexusAuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens.

a-langer / nexus-sso Goto Github PK

nexus-sso's People

Contributors

Stargazers

Watchers

Forkers

nexus-sso's Issues

Recommend Projects

Recommend Topics

Recommend Org