cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Broadhead <matthew.broadh...@nbmlaw.co.uk>
Subject Re: fediz production
Date Fri, 20 Oct 2017 21:05:38 GMT
ok i now have a different error and it doesn't load the login screen
2017-10-20 19:25:39,175 [https-openssl-apr-9443-exec-2] WARN 
org.apache.cxf.fediz.service.idp.beans.EndpointAddressValidator  - No 
service config found for urn:org:apache:cxf:fediz:fedizhelloworld
2017-10-20 19:26:18,084 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'CLAIM_LIST' not found
2017-10-20 19:26:18,085 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'IDP_READ' not found
2017-10-20 19:26:18,090 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'IDP_LIST' not found
2017-10-20 19:26:18,091 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'TRUSTEDIDP_LIST' not found
2017-10-20 19:26:18,092 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'CLAIM_READ' not found
2017-10-20 19:26:18,094 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'APPLICATION_LIST' not found
2017-10-20 19:26:18,095 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'APPLICATION_READ' not found
2017-10-20 19:26:18,096 [https-openssl-apr-9443-exec-5] ERROR 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Role 'TRUSTEDIDP_READ' not found
2017-10-20 19:26:18,096 [https-openssl-apr-9443-exec-5] INFO 
org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements 
- Enriched AuthenticationToken added

the previous one was caused by
services/idp/src/main/webapp/WEB-INF/idp-config-realm-myrealm.xml
<property name="stsUrl" 
value="https://domain.tld:9443/idp-sts/REALMMYREALM" />
should have been
<property name="stsUrl" value="https://domain.tld:0/idp-sts/REALMMYREALM" />
according to original file

On 20/10/2017 18:27, Matthew Broadhead wrote:
> Hi Colm,
>
> Yes I have:
> <bean id="idp-realmXYZ" 
> class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
> ...
>         <property name="applications">
>             <util:list>
>                 <ref bean="srv-fedizhelloworld" />
>         <!-- <ref bean="srv-oidc" /> -->
>             </util:list>
>         </property>
> ...
> </bean>
>
> <bean id="srv-fedizhelloworld" 
> class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
>         <property name="realm" 
> value="urn:org:apache:cxf:fediz:fedizhelloworld" />
>         <property name="protocol" 
> value="http://docs.oasis-open.org/wsfed/federation/200706" />
>         <property name="serviceDisplayName" value="Fedizhelloworld" />
>         <property name="serviceDescription" value="Web Application to 
> illustrate WS-Federation" />
>         <property name="role" value="ApplicationServiceType" />
>         <property name="tokenType" 
> value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" 
> />
>         <property name="lifeTime" value="3600" />
>         <property name="passiveRequestorEndpointConstraint" 
> value="https://localhost:?(\d)*/.*" />
>         <property name="logoutEndpointConstraint" 
> value="https://localhost:?(\d)*/.*" />
> </bean>
>
> <bean 
> class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
>         <property name="application" ref="srv-fedizhelloworld" />
>         <property name="claim" ref="claim_role" />
>         <property name="optional" value="false" />
> </bean>
>
> etc.
>
> On 20/10/2017 18:08, Colm O hEigeartaigh wrote:
>> Do you have an
>> org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity 
>> instance in
>> your webapps/fediz-idp/WEB-INF/classes/entities-realma.xml with realm
>> "urn:org:apache:cxf:fediz:fedizhelloworld"?
>>
>> Colm.
>>
>> On Fri, Oct 20, 2017 at 4:09 PM, Matthew Broadhead <
>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>
>>> Hi,
>>>
>>> i have Fediz working now on (e.g.) domain.tld:9443/idp and i am 
>>> trying to
>>> use it from localhost:9443/fedizhelloworld/secure/fedservlet. it
>>> correctly redirects to the login page and seems to authenticate ok
>>>
>>> but then i get the following error
>>> 2017-10-20 15:56:17,424 [https-openssl-apr-9443-exec-8] INFO
>>> org.apache.cxf.fediz.service.idp.beans.CacheSecurityToken  - Token
>>> [IDP_TOKEN=<something>] for realm [<something>] successfully cached.
>>> 2017-10-20 15:56:17,433 [https-openssl-apr-9443-exec-8] WARN
>>> org.apache.cxf.fediz.service.idp.beans.EndpointAddressValidator  - No
>>> service config found for urn:org:apache:cxf:fediz:fedizhelloworld
>>>
>>> Matthew
>>>
>>
>>
>


Mime
View raw message