Stream: troubleshooting

Topic: OAuth login

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Oct 20 2023 at 11:39):

Good afternoon. I set up an OAuth identity provider to work with my Dataverse installation (rctsai). It was working but now whan I try to login with RCTSAI dataverse presents a login form 'https://dados.ipb.pt//oauth2/firstLogin.xhtml', even thugh is nt the first login? What can I do to fix this? Thanks in advance

view this post on Zulip Philip Durbin 🚀 (Oct 20 2023 at 12:06):

Huh. Was is working ok for a long time? For weeks or months?

view this post on Zulip Philip Durbin 🚀 (Oct 20 2023 at 12:08):

Sometimes, sadly, the Identity Provider (IdP) will change their entityId. This makes Dataverse think it's a new IdP.

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Oct 30 2023 at 16:00):

Philip Durbin said:

Sometimes, sadly, the Identity Provider (IdP) will change their entityId. This makes Dataverse think it's a new IdP.

I contacted the Identity Provider (IdP) and they assured me that the 'entityId' did not change. How can I check what user's fields are matched with the response of the Identity Provider in order to identify users? It seems that dataverse does not recognize already registered users because user's fields do not match IdP returned data .
Thanks in advance.

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:10):

Well, the logic seems to be in OAuth2LoginBackingBean.java

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:10):

You might need to add more logging statements and recompile Dataverse. :thinking:

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:10):

What version of Dataverse are you on?

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:12):

For 6.0, here is the logic to login an existing user or prompt to create a new user: https://github.com/IQSS/dataverse/blob/v6.0/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java#L116-L137

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Oct 30 2023 at 16:16):

I am in Dataverse v. 5.12.1 build 1122-cf90431. What do you suggest in order to quickly let users get in in the dataverse system
?

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:22):

Ok, it's the same. Hasn't changed: https://github.com/IQSS/dataverse/blob/v5.12.1/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java#L116-L137

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:23):

I'm suggesting adding more lines like this:

logger.log(Level.INFO, "debugging line here");

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Oct 30 2023 at 16:23):

Philip Durbin said:

Ok, it's the same. Hasn't changed: https://github.com/IQSS/dataverse/blob/v5.12.1/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java#L116-L137

Is it possible to quickly disable signups?

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:24):

Hmm, I'm not sure. I don't believe so.

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 16:25):

Is there anything helpful or interesting in server.log?

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Oct 30 2023 at 16:48):

In server.log I see the warning message
" [WARNING] [] [edu.harvard.iq.dataverse.util.BundleUtil] [tid: _ThreadID=75 _ThreadName=http-thread-pool::http-listener-1(3)] [tim>
Could not find key "authenticationProvider.name.rctsaai" in bundle file: ]]", can this be the problem? How can I fix it?

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 17:30):

Interesting. You could edit src/main/java/propertyFiles/Bundle.properties but I doubt it will fix your problem, unfortunately.

view this post on Zulip Philip Durbin 🚀 (Oct 30 2023 at 17:31):

@Adília Isabel Domingues da Cruz Alves actually, could you please go ahead and open up a support ticket by emailing support@dataverse.org ? And please let me know the ticket number.

view this post on Zulip Oliver Bertuch (Nov 01 2023 at 09:00):

Maybe you sent @Adília Isabel Domingues da Cruz Alves into the wrong rabbit hole...

view this post on Zulip Oliver Bertuch (Nov 01 2023 at 09:01):

@Adília Isabel Domingues da Cruz Alves which OAuth provider exactly are you using? If this is from your institution, did you mean OIDC?

view this post on Zulip Oliver Bertuch (Nov 01 2023 at 09:01):

Please note that remote users are identified by some persistent identificator

view this post on Zulip Oliver Bertuch (Nov 01 2023 at 09:02):

In case of OIDC, this is the "sub" attribute of the providers auth response.

view this post on Zulip Oliver Bertuch (Nov 01 2023 at 09:03):

I'm not sure right now what it is in case of OAuth2, would need to look into the code for that. And I would need to know which provider you're using exactly

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Nov 02 2023 at 10:06):

Oliver Bertuch said:

Adília Isabel Domingues da Cruz Alves which OAuth provider exactly are you using? If this is from your institution, did you mean OIDC?

Our OAuth provider is FCCN (not our institution), We are using rctsaai.

view this post on Zulip Philip Durbin 🚀 (Nov 02 2023 at 11:37):

@Adília Isabel Domingues da Cruz Alves hi, did you email support yet? It would be good to track this. If you did, I can't find the ticket number.

view this post on Zulip Oliver Bertuch (Nov 02 2023 at 12:39):

@Adília Isabel Domingues da Cruz Alves did you add a custom OAuth2 provider for that? Or did you use one of the existing implementations?

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Nov 02 2023 at 15:43):

Oliver Bertuch said:

Adília Isabel Domingues da Cruz Alves did you add a custom OAuth2 provider for that? Or did you use one of the existing implementations?

I used the curl command 'curl -X POST -H 'Content-type: application/json' --upload-file rctsaai.json http://localhost:8080/api/admin/authenticationProviders' with the rctsaai.json that our OAuth provider sent us.

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Nov 02 2023 at 15:47):

Philip Durbin said:

Adília Isabel Domingues da Cruz Alves hi, did you email support yet? It would be good to track this. If you did, I can't find the ticket number.

Hello Philip. I just emailed support. The tracking system ID of my message is #351508.
Thank you very much for your support.

view this post on Zulip Philip Durbin 🚀 (Nov 02 2023 at 16:05):

Thanks, I see it at https://help.hmdc.harvard.edu/Ticket/Display.html?id=351508

view this post on Zulip Philip Durbin 🚀 (Nov 02 2023 at 16:06):

@Adília Isabel Domingues da Cruz Alves did we meet in Braga? And in IRC or Matrix a while back? I think so. :grinning:

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Nov 03 2023 at 14:38):

Philip Durbin said:

Adília Isabel Domingues da Cruz Alves did we meet in Braga? And in IRC or Matrix a while back? I think so. :grinning:

Hello Philip. Yes we meet in Braga :-) and in Matrix :-). How are you? :-)

view this post on Zulip Philip Durbin 🚀 (Nov 03 2023 at 14:46):

Good. My daughter just rowed in a famous race in Boston, the Head of the Charles. She's on the far right in this pic: https://www.flickr.com/photos/136251156@N05/52449562353/in/album-72177720303110555/

view this post on Zulip Philip Durbin 🚀 (Nov 03 2023 at 14:46):

her "game face", so serious :grinning:

view this post on Zulip Adília Isabel Domingues da Cruz Alves (Nov 03 2023 at 15:01):

Philip Durbin said:

Good. My daughter just rowed in a famous race in Boston, the Head of the Charles. She's on the far right in this pic: https://www.flickr.com/photos/136251156@N05/52449562353/in/album-72177720303110555/

She is still focused. Well done! Congratulations :-).

Last updated: Jan 09 2026 at 14:18 UTC