You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/01/11 16:16:13 UTC

[jira] [Resolved] (FEDIZ-40) Can CXF Fediz IDP & RP work with SAML1.1 ?

     [ https://issues.apache.org/jira/browse/FEDIZ-40?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved FEDIZ-40.
--------------------------------------

    Resolution: Fixed


This will be fixed for the next release. I have tested a SAML 1.1 Token with the latest 2.6.6-SNAPSHOT code and it works fine.

Colm.
                
> Can CXF Fediz IDP & RP work with SAML1.1 ? 
> -------------------------------------------
>
>                 Key: FEDIZ-40
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-40
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: Examples
>    Affects Versions: 1.0.1
>         Environment: Apache Tomcat/7
> OS Name: Windows XP
> Architecture: x86
>            Reporter: satyanarayana
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>             Fix For: 1.1.0, 1.0.3
>
>   Original Estimate: 434h
>  Remaining Estimate: 434h
>
> Hi,
> I have tried to run the RP application configured in tomcat 7 and also configured our ADFS server as IDP which serves STS tokens. As per WS-federation protocol, the control got redirected to IDP/STS for authentication & in return RP received the STS. The received STS token is SAML 1.1 version. While processing the SAML 1.1 assertion token we are getting below error where as the same code with SAML 2.0 assertion token it works well (we have IDP/STS configured into tomcat 7 as suggested in fediz tomcat IDP configuration).
> For RP we used the same versions of jars as provided in the apache fediz release 1.0.2 
> Note:As per the below reference URL, following features are supported by the Fediz plugin 1.0
> WS-Federation 1.0/1.1/1.2
> SAML 1.1/2.0 Tokens
> For ur Reference: http://owulff.blogspot.in/2011/11/configure-tomcat-for-federation-part.html
> Error:
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> INFO: Trusted issuer: .*CN=www.sts.com.*
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore file: D:\FasiSSOTesting\tomcat-rp\conf\tomcat-rp.jks
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore password: tompass
> Dec 10, 2012 3:10:47 PM org.apache.coyote.http11.Http11Processor process
> SEVERE: Error processing request
> java.lang.NullPointerException
>         at org.apache.ws.security.saml.ext.OpenSAMLUtil.fromDom(OpenSAMLUtil.jav
> a:83)
>         at org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrap
> per.java:137)
>         at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessT
> oken(SAMLTokenValidator.java:90)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInReques
> t(FederationProcessorImpl.java:155)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Fede
> rationProcessorImpl.java:75)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(Fede
> rationAuthenticator.java:448)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
> torBase.java:544)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(Federation
> Authenticator.java:235)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> ava:151)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> ava:100)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 929)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> ve.java:118)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> a:405)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :269)
>         at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> AbstractProtocol.java:515)
>         at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> t.java:302)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
> )
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>         at java.lang.Thread.run(Unknown Source)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira