cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FEDIZ-40) Can CXF Fediz IDP & RP work with SAML1.1 ?
Date Fri, 11 Jan 2013 15:16:13 GMT

     [ https://issues.apache.org/jira/browse/FEDIZ-40?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated FEDIZ-40:
-------------------------------------

    Fix Version/s: 1.0.3
                   1.1.0
    
> Can CXF Fediz IDP & RP work with SAML1.1 ? 
> -------------------------------------------
>
>                 Key: FEDIZ-40
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-40
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: Examples
>    Affects Versions: 1.0.1
>         Environment: Apache Tomcat/7
> OS Name: Windows XP
> Architecture: x86
>            Reporter: satyanarayana
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>             Fix For: 1.1.0, 1.0.3
>
>   Original Estimate: 434h
>  Remaining Estimate: 434h
>
> Hi,
> I have tried to run the RP application configured in tomcat 7 and also configured our
ADFS server as IDP which serves STS tokens. As per WS-federation protocol, the control got
redirected to IDP/STS for authentication & in return RP received the STS. The received
STS token is SAML 1.1 version. While processing the SAML 1.1 assertion token we are getting
below error where as the same code with SAML 2.0 assertion token it works well (we have IDP/STS
configured into tomcat 7 as suggested in fediz tomcat IDP configuration).
> For RP we used the same versions of jars as provided in the apache fediz release 1.0.2

> Note:As per the below reference URL, following features are supported by the Fediz plugin
1.0
> WS-Federation 1.0/1.1/1.2
> SAML 1.1/2.0 Tokens
> For ur Reference: http://owulff.blogspot.in/2011/11/configure-tomcat-for-federation-part.html
> Error:
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> INFO: Trusted issuer: .*CN=www.sts.com.*
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore file: D:\FasiSSOTesting\tomcat-rp\conf\tomcat-rp.jks
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore password: tompass
> Dec 10, 2012 3:10:47 PM org.apache.coyote.http11.Http11Processor process
> SEVERE: Error processing request
> java.lang.NullPointerException
>         at org.apache.ws.security.saml.ext.OpenSAMLUtil.fromDom(OpenSAMLUtil.jav
> a:83)
>         at org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrap
> per.java:137)
>         at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessT
> oken(SAMLTokenValidator.java:90)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInReques
> t(FederationProcessorImpl.java:155)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Fede
> rationProcessorImpl.java:75)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(Fede
> rationAuthenticator.java:448)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
> torBase.java:544)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(Federation
> Authenticator.java:235)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> ava:151)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> ava:100)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 929)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> ve.java:118)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> a:405)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :269)
>         at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> AbstractProtocol.java:515)
>         at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> t.java:302)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
> )
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>         at java.lang.Thread.run(Unknown Source)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message