[SAML] timeout behind http proxy

[bartleboeuf]

Hi,

Would it be possible to implement the management of the http proxy on SAML calls, because we are running into a timeout on authentication with our AzureAD. Thank you.

Here the part of the logs

2021-02-04 09:51:05.250 DEBUG 1 --- [           main] o.s.s.saml.metadata.MetadataManager      : Created new trust manager for metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@397ef2
2021-02-04 09:51:05.250 DEBUG 1 --- [           main] o.s.s.saml.metadata.MetadataManager      : Adding signature filter
2021-02-04 09:51:05.250 DEBUG 1 --- [           main] o.s.s.saml.metadata.MetadataManager      : Initializing extendedMetadataDelegate org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@397ef2
2021-02-04 09:51:05.250 DEBUG 1 --- [           main] o.s.s.s.m.ExtendedMetadataDelegate       : Initializing delegate
2021-02-04 09:51:05.287 DEBUG 1 --- [           main] .s.m.p.AbstractReloadingMetadataProvider : Beginning refresh of metadata from 'https://login.microsoftonline.com/aca3c8d6-aa71-4e1a-a10e-xxxxxxxxx/FederationMetadata/2007-06/FederationMetadata.xml'
2021-02-04 09:51:05.304 DEBUG 1 --- [           main] o.o.s.m.provider.HTTPMetadataProvider    : Attempting to fetch metadata document from 'https://login.microsoftonline.com/aca3c8d6-aa71-4e1a-a10e-xxxxxxxxx/FederationMetadata/2007-06/FederationMetadata.xml'
2021-02-04 09:51:05.310 DEBUG 1 --- [           main] o.a.commons.httpclient.HttpConnection    : Open connection to login.microsoftonline.com:443
...
2021-02-04 09:53:16.106 DEBUG 1 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Closing the connection.
2021-02-04 09:53:16.106  INFO 1 --- [           main] o.a.c.httpclient.HttpMethodDirector      : I/O exception (java.net.ConnectException) caught when processing request: Connection timed out (Connection timed out)
2021-02-04 09:53:16.112 DEBUG 1 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Connection timed out (Connection timed out)
java.net.ConnectException: Connection timed out (Connection timed out)
        at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source) ~[na:na]
        at java.base/java.net.SocksSocketImpl.connect(Unknown Source) ~[na:na]
        at java.base/java.net.Socket.connect(Unknown Source) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.connect(Unknown Source) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.<init>(Unknown Source) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source) ~[na:na]
        at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:185) ~[openws-1.5.6.jar!/:na]
        at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1.jar!/:na]
        at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:250) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:239) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) ~[opensaml-2.6.6.jar!/:na]
        at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]

Note : we found this on spring security doc but no way apply it (https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html#artifact-resolution)

Thanks

[LEDfan]

Hi @bartleboeuf

I'm not sure whether I understand your question completely. Do you want to use a proxy to connect to your IDP (https://login.microsoftonline.com) or do you want to configure the timeout to connect to your IDP? Or a combination of these?
When you want to use a proxy for a Java application you typically use something like:

java -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128   -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=3128 ...

For configuring the timeout we would need to add a bit of code for configuring that.

[hmissi]

I have the same issue, and I added the java -Dhttp.proxyHost = ... but that doesn't change anything! I also have java.net.ConnectException: Connection timed out (Connection timed out)

un issue similaire sur metadata loading timeout https://stackoverflow.com/questions/22489065/saml-service-provider-spring-security

[hmissi]

6/FederationMetadata.xml'
2021-02-11 15:33:33.568 DEBUG 7 --- [           main] o.a.commons.httpclient.HttpConnection    : Open connection to login.microsoftonline.com:443
2021-02-11 15:33:53.001 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:34:13.002 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:34:33.002 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:34:53.003 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:35:13.003 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:35:33.004 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:35:44.714 DEBUG 7 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Closing the connection.
2021-02-11 15:35:44.714  INFO 7 --- [           main] o.a.c.httpclient.HttpMethodDirector      : I/O exception (java.net.ConnectException) caught when processing request: Connection timed out (Connection timed out)
2021-02-11 15:35:44.720 DEBUG 7 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Connection timed out (Connection timed out)

java.net.ConnectException: Connection timed out (Connection timed out)
        at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[na:na]
        at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
        at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:na]
        at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:289) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:194) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153) ~[na:na]
        at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:185) ~[openws-1.5.6.jar!/:na]
        at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar!/:na]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1.jar!/:na]
        at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:250) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:239) ~[opensaml-2.6.6.jar!/:na]
        at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407) ~[opensaml-2.6.6.jar!/:na]
        at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
        at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:438) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
        at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:264) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
        at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
        at org.springframework.security.saml.metadata.MetadataManager.afterPropertiesSet(MetadataManager.java:168) ~[spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1853) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1790) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:594) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1307) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1227) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:715) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:130) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1420) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1307) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1227) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:715) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:130) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1420) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:207) ~[spring-beans-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.boot.web.servlet.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:211) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.ServletContextInitializerBeans.addAsRegistrationBean(ServletContextInitializerBeans.java:174) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.ServletContextInitializerBeans.addAsRegistrationBean(ServletContextInitializerBeans.java:169) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.ServletContextInitializerBeans.addAdaptableBeans(ServletContextInitializerBeans.java:154) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.ServletContextInitializerBeans.<init>(ServletContextInitializerBeans.java:86) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.getServletContextInitializerBeans(ServletWebServerApplicationContext.java:255) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.selfInitialize(ServletWebServerApplicationContext.java:229) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory$Initializer.onStartup(UndertowServletWebServerFactory.java:439) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:204) ~[undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
        at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:186) ~[undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42) ~[undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) ~[undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
        at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:252) ~[undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
        at org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory.createManager(UndertowServletWebServerFactory.java:296) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory.getWebServer(UndertowServletWebServerFactory.java:267) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:178) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:158) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:545) ~[spring-context-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
        at eu.openanalytics.containerproxy.ContainerProxyApplication.main(ContainerProxyApplication.java:77) ~[containerproxy-0.8.7.jar!/:0.8.7]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[shinyproxy.jar:2.4.3]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:107) ~[shinyproxy.jar:2.4.3]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[shinyproxy.jar:2.4.3]
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[shinyproxy.jar:2.4.3]

2021-02-11 15:35:44.720  INFO 7 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Retrying request
2021-02-11 15:35:44.720 DEBUG 7 --- [           main] o.a.commons.httpclient.HttpConnection    : Open connection to login.microsoftonline.com:443
2021-02-11 15:35:53.004 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:36:13.005 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:36:33.005 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String
2021-02-11 15:36:53.006 DEBUG 7 --- [tiveProxyKiller] o.s.c.e.PropertySourcesPropertyResolver  : Found key 'proxy.admin-groups' in PropertySource 'configurationProperties' with value of type String

[bartleboeuf]

Hi @LEDfan ,

We tried to launch shinyproxy with our web proxy to get access to the IDP. But we fall everytime on "java.net.ConnectException: Connection timed out (Connection timed out)".

Here our java cmdline with the proxy setting.
java -Dhttp.proxyHost=web-proxy.mydomainaws.local -Dhttp.proxyPort=3128 -Dhttp.nonProxyHosts="172.20.0.1|10.24.224.*|10.24.225.*|localhost|127.*|[::1]|169.254.169.254" -Dhttps.proxyHost=web-proxy.mydomainaws.local -Dhttps.proxyPort=3128 -jar /opt/shinyproxy/shinyproxy.jar

We checked that our web-proxy is reachable from inside our container.

[hmissi]

Hi @LEDfan
do you have any solutions please.
I am stuck to implement the shinyproxy...

[LEDfan]

Hi @bartleboeuf

This seems to be more of Java/Network problem than something within ShinyProxy. I would try to further debug this:

• are you sure your proxy is a HTTP and not e.g. a SOCKS proxy?
• can you reach the proxy from the ShinyProxy host, e.g. try to reach it with telnet
• can you use the proxy using curl? i.e. try to do a request to the web using the proxy: https://oxylabs.io/blog/curl-with-proxy
• ...

[LEDfan]

Hi @hmissi

It's not clear to me what you are trying to do. Do your network setup requires you to use a proxy, or are you just experiencing timeouts and trying to solve that by using a proxy? In the first case, please follow the same steps as above. In the second case: you won't be able to solve ConnectException by adding proxy options. Instead you should try to find out why ShinyProxy is unable to contact the SAML metadata URL. ShinyProxy tries to connect to the SAML server for about two minutes, if that fails the following messages should be logged:

2021-02-25 16:09:33.995  INFO 111992 --- [           main] o.a.c.httpclient.HttpMethodDirector      : I/O exception (java.net.ConnectException) caught when processing request: Connection timed out (Connection timed out)
2021-02-25 16:09:33.996  INFO 111992 --- [           main] o.a.c.httpclient.HttpMethodDirector      : Retrying request

Please try the following things to debug the issue

• make sure you are using the correct SAML IDP metadata URL
• can you reach the server hosting the metadata using telnet?
• can you download the metadata on the ShinyProxy server using curl?
• how long does that take (use the time command)?
• if it takes unusual long, is that normal? If not, what is slowing down the request? Maybe resolving of the domainname (DNS)?

Success!

[hmissi]

Hi @LEDfan
I took the version corrected by @bartleboeuf and it worked.
I confirm that the problem is that the SAML authentication class does not support proxy exports
Thank you @bartleboeuf

[LEDfan]

The changes proposed in #50 are now part of ShinyProxy 2.6.0 (ContainerProxy 0.8.10). Therefore I believe this issue is solved.

Feel free to re-open the issue if you still encounter an issue with it.