incubator-stonehenge-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Dewey <Ben.De...@26ny.com>
Subject RE: Metro CBS
Date Tue, 06 Oct 2009 04:07:21 GMT
Ming,

> There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token
Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document
STS_Setup_manual.doc, where the Login URL should be like
http://openssohost:openssoport/opensso/WSFederationServlet/metaAlias/Fedsp.*

> What url do you use?

My url for this step is: http://sp.stonehenge.com:8090/opensso/WSFederationServlet/metaAlias/Fedsp

> Can you verify the configurations of SP&IdP by opening
https://openssohost:openssoSecurityPort/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort/opensso?
> What's the result?

When going to https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://idp.stonehenge.com:8183/opensso

I login using User0 and xxx and I get a message that says Logged In

Just to recap,  I'm able to login to the trader_client app, redirect to SP and then to IDP,
and when I get directed back to the trader_client I receive an exception of:

javax.servlet.ServletException: AmAgentFilter: An exception has occured
javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid session ID.

Also,  This is my fedsp.xml config file, is it right?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Federation FederationID="Fedsp" xmlns="http://schemas.xmlsoap.org/ws/2006/12/federation">
    <TokenIssuerName>Fedsp</TokenIssuerName>
    <TokenIssuerEndpoint>
        <ns1:Address xmlns:ns1="http://www.w3.org/2005/08/addressing">https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp</ns1:Address>
    </TokenIssuerEndpoint>
    <SingleSignOutNotificationEndpoint>
        <ns2:Address xmlns:ns2="http://www.w3.org/2005/08/addressing">https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp</ns2:Address>
    </SingleSignOutNotificationEndpoint>
</Federation>

-Ben Dewey


-----Original Message-----
From: Ming Jin [mailto:skyairmj@gmail.com] 
Sent: Wednesday, September 30, 2009 7:15 PM
To: stonehenge-dev@incubator.apache.org
Subject: Re: Metro CBS

Hi Ben,
There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token
Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document
STS_Setup_manual.doc, where the Login URL should be like
http://openssohost:openssoport/opensso/WSFederationServlet/metaAlias/Fedsp.*

What url do you use?

Can you verify the configurations of SP&IdP by opening
https://openssohost:openssoSecurityPort/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort/opensso?
What's the result?

BTW, you need to change the above URLs to the host and port you used.


On Wed, Sep 30, 2009 at 11:36 PM, Ben Dewey <Ben.Dewey@26ny.com> wrote:

> Here are the setting from my agent properties
>
> #
> # LOGIN URL
> #   Specifies the login URLs to be used by the Agent to redirect
> #   incoming users without sufficient credentials to the OpenSSO
> #   authentication service.
> # Hot-Swap Enabled: Yes
> #
> com.sun.identity.agents.config.login.url[0] =
> http://sp.stonehenge.com:8090/opensso/UI/Login
>
> #
> # LOGOUT URL
> #   Specifies the logout URLs to be used by the Agent to log out
> #   the authenticated users from the OpenSSO authentication service.
> # Hot-Swap Enabled: Yes
> #
> com.sun.identity.agents.config.logout.url[0] =
> http://sp.stonehenge.com:8090/opensso/UI/Logout
>
>
>
> -----Original Message-----
> From: Ming Jin [mailto:skyairmj@gmail.com]
> Sent: Wednesday, September 30, 2009 6:24 PM
> To: stonehenge-dev@incubator.apache.org
> Subject: Re: Metro CBS
>
> Ben,
> What is the SSO login url in agent's configuration in OpenSSO?
> https://sp.stonehenge.com:8181/opensso/fedlet?
>
>
>
> On Wed, Sep 30, 2009 at 9:33 PM, Ben Dewey <Ben.Dewey@26ny.com> wrote:
>
> > Ming,
> >
> > I have setup everything for the Passive STS based on the STS manual,
> > unfortunately I think I still missing something.
> >
> > 1. I access http://www.stonehenge.com:8092/trader_client
> >
> > 2. I get directed to https://sp.stonehenge.com:8181/opensso/fedlet
> >
> > 3. I get directed to https://idp.stonehenge.com:8183/opensso/fedlet
> >
> > 4. I get directed to https://idp.stonehenge.com:8183/opensso/UI/login
> >
> > 5. I login using User0 and xxx
> >
> > 6. I get directed back to the trader client page with an 'Invalid session
> > ID' error below [1]
> >
> > Any idea what I'm missing?
> >
> > - Ben Dewey
> >
> >
> > [1]: HTTP Status 500 -
> >
> > type Exception report
> >
> > message
> > descriptionThe server encountered an internal error () that prevented it
> > from fulfilling this request.
> >
> > exception
> > javax.servlet.ServletException: AmAgentFilter: An exception has occured
> >
> > root cause
> > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid
> > session ID.
> >
> > root cause
> > com.iplanet.sso.SSOException: Invalid session ID.
> >
>
>
>
> --
> Ming Jin
>
> Consultant
> Thoughtworks, Inc
> Twitter: https://twitter.com/mingjin
>



-- 
Ming Jin

Consultant
Thoughtworks, Inc
Twitter: https://twitter.com/mingjin
Mime
View raw message