cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: WARNING: Unexpected error forwarding to login page
Date Mon, 13 Aug 2012 21:12:29 GMT
Hi Hua Jie, I think the samples hardcode specific port numbers 
(following the instructions), assuming the two or three Tomcat instance 
setup, so if you try to put all on one Tomcat alone, you might have to 
go through each of the apps to make sure all the port numbers were 
updated.  (Also, I haven't tested yet, but the Fediz plugin that needs 
to be installed on Tomcat-RP might conflict with the Fediz IDP & STS if 
you put them on the same Tomcat instance.)

I'm glad #2 works for you, but did you do #1 below?  The keystores and 
example READMEs, again, have been *radically* improved in the trunk 
version.  The sample keystores and trust relationships are not defined 
in 1.0 as they are in 1.0.1 
(http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co)

<-- You see, much of the important information in the last two columns 
are lost when you try a one-Tomcat solution.

Regards,
Glen


On 08/12/2012 11:19 PM, 杨华杰 wrote:
> Hi Glen
>
> Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I will
> learn more from the example if it is working.
>
>
> I do see the wsdl from
> http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl
>
> I don't know which step I did wrong. The only tip I have is the error
> message from the page and log.
>
>
> Regards,
> Hua JIe
>
> On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <yhjhoo@gmail.com> wrote:
>
>> Hi Glen
>>
>> I am beginner in this SAML settup, probabily also impatient. But I already
>> tried to follow your document three times and I still didn't make it work.
>> Could you help me of this?
>>
>> Regards,
>> Hua JIe
>>
>> On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <gmazza@talend.com> wrote:
>>
>>> On 08/12/2012 09:42 PM, 杨华杰 wrote:
>>>
>>>> Hi Glen
>>>>
>>>> Thanks for your patient. It's very details. But currently I don't know
>>>> which step is wrong.
>>>>
>>> The step where you're not using a different Tomcat instance to host the
>>> IDP compared to the one hosting the RP applications, as given in the
>>> directions.  Also, that you're not going sequentially as I recommended
>>> below, and testing at each point before proceeding on to the next step.
>>>   Doing it all at once and saying "it doesn't work" doesn't help you when
>>> you need to retrace back to try to figure out what is going wrong.  (Why
>>> deploy the RP apps if you haven't first checked the IDP STS works, for
>>> example.)
>>>
>>>
>>>   I can access the web service through http and https.
>>>>    That's why I want to ask a working tomcat, at least I can make it
>>>> works. I
>>>> also think one tomcat setup is also much easier for beginners.
>>>>
>>> Well, maybe someone else can provide you a single Tomcat setup. Sorry, I
>>> see a single Tomcat setup as easier only for those beginners who don't care
>>> to learn anything (necessary keystore/truststore relationships between apps
>>> and between servlet containers, required setup of relying party Tomcat
>>> instance, Tomcat IDP instance), and doing more harm than good in learning a
>>> distributed deployment and understanding the deployment requirements for
>>> each portion.
>>>
>>>
>>>
>>>
>>>> I have one question here, is the https mandatory, I don't need security
>>>> like that.
>>>>
>>> Yes, so the usernames and passwords sent are secure, possibly other
>>> reasons as well.  Even with HTTP alone, you will still need message-layer
>>> encryption for the SAML tokens being sent, requiring application keystores
>>> at least.
>>>
>>>
>>>
>>>   I just want to make it work first.
>>> Well, if you would just follow the instructions given below and on the
>>> website, you'll get it to "work first" pretty rapidly (and learn a lot in
>>> the process.)
>>>
>>> Regards,
>>> Glen
>>>
>>>
>>>   Thank you again for your
>>>> time, really appreciate.
>>>>
>>>>
>>>> Regards,
>>>> Hua Jie
>>>>
>>>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <gmazza@talend.com> wrote:
>>>>
>>>>   Hi Hua Jie,
>>>>> I don't have a one-Tomcat solution, I'm not sure how useful such a setup
>>>>> would be.  Our Fediz samples use a two-Tomcat setup (three for the more
>>>>> advanced wsClientWebapp sample) in order to try to mimic an actual
>>>>> production environment.  I'd recommend following the documentation
>>>>> closely,
>>>>> using the two or three Tomcat setup as it suggests, and make sure it
>>>>> works,
>>>>> then look at reducing the number of Tomcats if you wish.
>>>>>
>>>>> Sending you a working Tomcat is not going to help you, a web page that
>>>>> just says "Hello World!" is useless.  Rather, it's working through the
>>>>> sample and getting it to work on your machine that is the important
>>>>> point.
>>>>>
>>>>> I've requested Fediz 1.0.1--which has much better READMEs and clearer
>>>>> keystore configuration rules--to be released.  In the meantime, I'd
>>>>> recommend:
>>>>>
>>>>> 1.) Downloading and building (mvn clean install) the trunk branch of
>>>>> Fediz
>>>>> instead of using the Fediz 1.0 distribution:
>>>>> http://cxf.apache.org/fediz.*
>>>>> *html#Fediz-Building <http://cxf.apache.org/fediz.**html#Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building>
>>>>>> .
>>>>>    Follow the READMEs in the trunk versions instead.
>>>>>
>>>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using
>>>>> these
>>>>> instructions:  http://cxf.apache.org/fediz-****idp.html<http://cxf.apache.org/fediz-**idp.html>
>>>>> <http://cxf.apache.**org/fediz-idp.html<http://cxf.apache.org/fediz-idp.html>
>>>>>> .
>>>>> Don't do anything else until you can view the STS WSDL at
>>>>> http://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl>
>>>>> <ht**tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl>>as
>>>>> stated on that page.  If you can't view the WSDL, nothing else will work.
>>>>>
>>>>>
>>>>> 3.) Next, configure Tomcat #2 as the Relying Party instance:
>>>>> http://cxf.apache.org/fediz-****tomcat.html<http://cxf.apache.org/fediz-**tomcat.html>
>>>>> <http://cxf.apache.**org/fediz-tomcat.html<http://cxf.apache.org/fediz-tomcat.html>
>>>>>> .
>>>>>    For running the samples, all you need to do are the Installation and
>>>>> HTTPS
>>>>> Configuration parts at the top.
>>>>>
>>>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure the
>>>>> sample works--follow that sample's README.
>>>>>
>>>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a third
>>>>> Tomcat instance to run the web service provider--follow the
>>>>> wsclientWebapp
>>>>> sample README for full instructions.
>>>>>
>>>>> If you can get to step #5, you're in good shape with Fediz (just make
>>>>> sure
>>>>> for production you use your own keystores and not the sample ones
>>>>> provided.)
>>>>>
>>>>> Regards,
>>>>> Glen
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 08/12/2012 03:40 AM, 杨华杰 wrote:
>>>>>
>>>>>   Hi
>>>>>> Anyone have a idea about this
>>>>>>
>>>>>> Regards,
>>>>>> Hua JIe
>>>>>>
>>>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <yhjhoo@gmail.com>
wrote:
>>>>>>
>>>>>>    Hi
>>>>>>
>>>>>>> I followed the readme to configure the example.(but I configure
the
>>>>>>> example and the IDP in the same tomcat)
>>>>>>>
>>>>>>> I am able to view the web service.
>>>>>>>
>>>>>>> But when I access the link
>>>>>>> https://localhost:8443/****fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet>
>>>>>>> <https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet>
>>>>>>>
>>>>>>> I always get this error
>>>>>>>
>>>>>>> WARNING: Unexpected error forwarding to login page
>>>>>>> java.lang.NullPointerException
>>>>>>> at
>>>>>>> org.apache.catalina.****authenticator.****FormAuthenticator.**
>>>>>>> forwardToLoginPage(****FormAuthenticator.java:322)
>>>>>>> at
>>>>>>> org.apache.catalina.****authenticator.****FormAuthenticator.****
>>>>>>> authenticate(*
>>>>>>> *FormAuthenticator.java:245)
>>>>>>> at
>>>>>>> org.apache.catalina.****authenticator.****AuthenticatorBase.invoke(**
>>>>>>> AuthenticatorBase.java:528)
>>>>>>> at
>>>>>>> org.apache.cxf.fediz.tomcat.****FederationAuthenticator.****invoke(**
>>>>>>> FederationAuthenticator.java:****180)
>>>>>>> at
>>>>>>> org.apache.catalina.core.****StandardHostValve.invoke(**
>>>>>>> StandardHostValve.java:127)
>>>>>>> at
>>>>>>> org.apache.catalina.valves.****ErrorReportValve.invoke(**
>>>>>>> ErrorReportValve.java:102)
>>>>>>> at
>>>>>>> org.apache.catalina.core.****StandardEngineValve.invoke(**
>>>>>>> StandardEngineValve.java:109)
>>>>>>> at
>>>>>>> org.apache.catalina.connector.****CoyoteAdapter.service(**
>>>>>>> CoyoteAdapter.java:291)
>>>>>>> at
>>>>>>> org.apache.coyote.http11.****Http11Processor.process(**
>>>>>>> Http11Processor.java:859)
>>>>>>> at
>>>>>>> org.apache.coyote.http11.****Http11Protocol$****
>>>>>>> Http11ConnectionHandler.**
>>>>>>> process(Http11Protocol.java:****602)
>>>>>>> at org.apache.tomcat.util.net.****JIoEndpoint$Worker.run(**
>>>>>>> JIoEndpoint.java:489)
>>>>>>> at java.lang.Thread.run(Thread.****java:662)
>>>>>>>
>>>>>>> Aug 6, 2012 10:01:37 PM
>>>>>>> org.apache.catalina.****authenticator.****FormAuthenticator
>>>>>>>
>>>>>>> forwardToLoginPage
>>>>>>> WARNING: Unexpected error forwarding to login page
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Can someone send me a working tomcat and send it to me? It will
be
>>>>>>> much
>>>>>>> easier to explore the example.
>>>>>>>
>>>>>>> This is the first time to post questions on the mail list. Yesterday
I
>>>>>>> file a bug to the jira
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Prince
>>>>>>>
>>>>>>>
>>>>>>>


Mime
View raw message