You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Matthew Broadhead <ma...@nbmlaw.co.uk> on 2017/09/21 09:46:44 UTC
fediz 401
hi,
i have been following the instructions on
http://cxf.apache.org/fediz-idp-11.html as well as reading the articles
on Colm's blog e.g.
http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120-tutorial-part-i.html.
the idp and sts seem to be working. i get a "hello world" at
https://localhost:9443/fedizhelloworld/ and i get available SOAP
services at https://localhost:9443/fediz-idp-sts/.
but when i go to (changed to 9443)
https://localhost:9443/fediz-idp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld
it prompts me for the realm. i specify realm a and enter alice:ecila
but it gives me a 401 at
https://localhost:9443/fedizhelloworld/secure/fedservlet.
also i was wondering if i already have a JAAS LoginModule created which
has users and roles can i plug that directly into the sts and is there a
tutorial for that?
Matthew
Re: fediz 401
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, please start a new thread for the JAAS question, as it's nothing to do
with Fediz as such.
Colm.
On Fri, Sep 22, 2017 at 3:24 PM, Matthew Broadhead <
matthew.broadhead@nbmlaw.co.uk> wrote:
> ok got it working.
>
> for some reason i had a really long version of fediz_config.xml in
> catalina/conf but the one in the guide (http://coheigea.blogspot.com.
> es/2015/06/apache-cxf-fediz-120-tutorial-part-i.html) was much shorter so
> i swapped them and then it worked.
>
> sorry for wasting time i thought i had followed it correctly.
>
> the next thing i want to try is to set up a jaas config like a
> DataSourceRealm. should i start a new thread for that?
>
> On 22/09/2017 16:11, Colm O hEigeartaigh wrote:
>
>> OK it sounds like something is not configured correctly. I would suggest
>> starting again from a clean Tomcat install, and don't bother installing
>> the
>> IdP/STS, just the fedizhelloworld war, and associated configuration as
>> outlined on my blog. When you hit the fedservlet page then you should see
>> a
>> 404 when it redirects to the IdP, which would tell you that the Fediz
>> hello
>> world app is working correctly. If it is still not working, please detail
>> the exact configuration changes you are following and I'll see if there is
>> anything missing.
>>
>> Colm.
>>
>> On Fri, Sep 22, 2017 at 2:59 PM, Matthew Broadhead <
>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>
>> no. just a blank screen. it is like nothing is loading at all.
>>>
>>> On 22/09/2017 15:57, Colm O hEigeartaigh wrote:
>>>
>>> If you start with "https://localhost:9443/fedizh
>>>> elloworld/secure/fedservlet"
>>>> do you get redirected to the IdP?
>>>>
>>>> Colm.
>>>>
>>>> On Fri, Sep 22, 2017 at 1:15 PM, Matthew Broadhead <
>>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>>
>>>> i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and
>>>> all
>>>>
>>>>> i get is a blank screen. if i try to go from
>>>>> https://localhost:9443/fedizhelloworld to
>>>>> https://localhost:9443/fedizhe
>>>>> lloworld/secure/fedservlet the url does not change (Chrome). nothing
>>>>> is
>>>>> output in catalina.out.
>>>>>
>>>>> is there a way to increase the logging level or do i change tomcat
>>>>> logging.properties to FINE?
>>>>>
>>>>> after poking around in sts i think i am getting to grips with jaas
>>>>> setup.
>>>>> it looks like i need to create fediz-1.4.2/services/sts/src/m
>>>>> ain/webapp/WEB-INF/endpoints/jaas.xml. and also change the
>>>>> fediz-1.4.2/services/sts/pom.xml to
>>>>> <properties>
>>>>> ...
>>>>> <adapter.resource>jaas</adapter.resource>
>>>>> ...
>>>>> </properties>
>>>>> but the tricky thing is configuring jaas.xml to work for a basic jaas
>>>>> setup rather than ldap. my jaas loginmodule works like a
>>>>> DataSourceRealm
>>>>> e.g.
>>>>> <Realm className="org.apache.catalina.realm.DataSourceRealm"
>>>>> dataSourceName="directory" roleNameCol="rolename"
>>>>> userCredCol="password"
>>>>> userNameCol="username" userRoleTable="userrole" userTable="user" />
>>>>> so how to map the roles?
>>>>>
>>>>> On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
>>>>>
>>>>> I would have thought that 401 would be expected here. You are starting
>>>>>
>>>>>> from
>>>>>> the IDP and it is issuing a token and redirecting back to the client
>>>>>> application, but the client application has no record of the request
>>>>>> and
>>>>>> hence a 401. What happens if instead you start from "
>>>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>>>>>>
>>>>>> Here is some information on using JAAS with CXF:
>>>>>> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
>>>>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>>>>
>>>>>> hi,
>>>>>>
>>>>>> i have been following the instructions on
>>>>>>> http://cxf.apache.org/fediz-id
>>>>>>> p-11.html as well as reading the articles on Colm's blog e.g.
>>>>>>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>>>>>>> -tutorial-part-i.html.
>>>>>>>
>>>>>>> the idp and sts seem to be working. i get a "hello world" at
>>>>>>> https://localhost:9443/fedizhelloworld/ and i get available SOAP
>>>>>>> services
>>>>>>> at https://localhost:9443/fediz-idp-sts/.
>>>>>>>
>>>>>>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>>>>>>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>>>>>>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>>>>>>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for
>>>>>>> the
>>>>>>> realm. i specify realm a and enter alice:ecila but it gives me a 401
>>>>>>> at
>>>>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>>>>>>
>>>>>>> also i was wondering if i already have a JAAS LoginModule created
>>>>>>> which
>>>>>>> has users and roles can i plug that directly into the sts and is
>>>>>>> there
>>>>>>> a
>>>>>>> tutorial for that?
>>>>>>>
>>>>>>> Matthew
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: fediz 401
Posted by Matthew Broadhead <ma...@nbmlaw.co.uk>.
ok got it working.
for some reason i had a really long version of fediz_config.xml in
catalina/conf but the one in the guide
(http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120-tutorial-part-i.html)
was much shorter so i swapped them and then it worked.
sorry for wasting time i thought i had followed it correctly.
the next thing i want to try is to set up a jaas config like a
DataSourceRealm. should i start a new thread for that?
On 22/09/2017 16:11, Colm O hEigeartaigh wrote:
> OK it sounds like something is not configured correctly. I would suggest
> starting again from a clean Tomcat install, and don't bother installing the
> IdP/STS, just the fedizhelloworld war, and associated configuration as
> outlined on my blog. When you hit the fedservlet page then you should see a
> 404 when it redirects to the IdP, which would tell you that the Fediz hello
> world app is working correctly. If it is still not working, please detail
> the exact configuration changes you are following and I'll see if there is
> anything missing.
>
> Colm.
>
> On Fri, Sep 22, 2017 at 2:59 PM, Matthew Broadhead <
> matthew.broadhead@nbmlaw.co.uk> wrote:
>
>> no. just a blank screen. it is like nothing is loading at all.
>>
>> On 22/09/2017 15:57, Colm O hEigeartaigh wrote:
>>
>>> If you start with "https://localhost:9443/fedizh
>>> elloworld/secure/fedservlet"
>>> do you get redirected to the IdP?
>>>
>>> Colm.
>>>
>>> On Fri, Sep 22, 2017 at 1:15 PM, Matthew Broadhead <
>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>
>>> i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and all
>>>> i get is a blank screen. if i try to go from
>>>> https://localhost:9443/fedizhelloworld to https://localhost:9443/fedizhe
>>>> lloworld/secure/fedservlet the url does not change (Chrome). nothing is
>>>> output in catalina.out.
>>>>
>>>> is there a way to increase the logging level or do i change tomcat
>>>> logging.properties to FINE?
>>>>
>>>> after poking around in sts i think i am getting to grips with jaas setup.
>>>> it looks like i need to create fediz-1.4.2/services/sts/src/m
>>>> ain/webapp/WEB-INF/endpoints/jaas.xml. and also change the
>>>> fediz-1.4.2/services/sts/pom.xml to
>>>> <properties>
>>>> ...
>>>> <adapter.resource>jaas</adapter.resource>
>>>> ...
>>>> </properties>
>>>> but the tricky thing is configuring jaas.xml to work for a basic jaas
>>>> setup rather than ldap. my jaas loginmodule works like a DataSourceRealm
>>>> e.g.
>>>> <Realm className="org.apache.catalina.realm.DataSourceRealm"
>>>> dataSourceName="directory" roleNameCol="rolename" userCredCol="password"
>>>> userNameCol="username" userRoleTable="userrole" userTable="user" />
>>>> so how to map the roles?
>>>>
>>>> On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
>>>>
>>>> I would have thought that 401 would be expected here. You are starting
>>>>> from
>>>>> the IDP and it is issuing a token and redirecting back to the client
>>>>> application, but the client application has no record of the request and
>>>>> hence a 401. What happens if instead you start from "
>>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>>>>>
>>>>> Here is some information on using JAAS with CXF:
>>>>> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>>>>>
>>>>> Colm.
>>>>>
>>>>> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
>>>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>>>
>>>>> hi,
>>>>>
>>>>>> i have been following the instructions on
>>>>>> http://cxf.apache.org/fediz-id
>>>>>> p-11.html as well as reading the articles on Colm's blog e.g.
>>>>>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>>>>>> -tutorial-part-i.html.
>>>>>>
>>>>>> the idp and sts seem to be working. i get a "hello world" at
>>>>>> https://localhost:9443/fedizhelloworld/ and i get available SOAP
>>>>>> services
>>>>>> at https://localhost:9443/fediz-idp-sts/.
>>>>>>
>>>>>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>>>>>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>>>>>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>>>>>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for
>>>>>> the
>>>>>> realm. i specify realm a and enter alice:ecila but it gives me a 401
>>>>>> at
>>>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>>>>>
>>>>>> also i was wondering if i already have a JAAS LoginModule created which
>>>>>> has users and roles can i plug that directly into the sts and is there
>>>>>> a
>>>>>> tutorial for that?
>>>>>>
>>>>>> Matthew
>>>>>>
>>>>>>
>>>>>>
>
Re: fediz 401
Posted by Colm O hEigeartaigh <co...@apache.org>.
OK it sounds like something is not configured correctly. I would suggest
starting again from a clean Tomcat install, and don't bother installing the
IdP/STS, just the fedizhelloworld war, and associated configuration as
outlined on my blog. When you hit the fedservlet page then you should see a
404 when it redirects to the IdP, which would tell you that the Fediz hello
world app is working correctly. If it is still not working, please detail
the exact configuration changes you are following and I'll see if there is
anything missing.
Colm.
On Fri, Sep 22, 2017 at 2:59 PM, Matthew Broadhead <
matthew.broadhead@nbmlaw.co.uk> wrote:
> no. just a blank screen. it is like nothing is loading at all.
>
> On 22/09/2017 15:57, Colm O hEigeartaigh wrote:
>
>> If you start with "https://localhost:9443/fedizh
>> elloworld/secure/fedservlet"
>> do you get redirected to the IdP?
>>
>> Colm.
>>
>> On Fri, Sep 22, 2017 at 1:15 PM, Matthew Broadhead <
>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>
>> i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and all
>>> i get is a blank screen. if i try to go from
>>> https://localhost:9443/fedizhelloworld to https://localhost:9443/fedizhe
>>> lloworld/secure/fedservlet the url does not change (Chrome). nothing is
>>> output in catalina.out.
>>>
>>> is there a way to increase the logging level or do i change tomcat
>>> logging.properties to FINE?
>>>
>>> after poking around in sts i think i am getting to grips with jaas setup.
>>> it looks like i need to create fediz-1.4.2/services/sts/src/m
>>> ain/webapp/WEB-INF/endpoints/jaas.xml. and also change the
>>> fediz-1.4.2/services/sts/pom.xml to
>>> <properties>
>>> ...
>>> <adapter.resource>jaas</adapter.resource>
>>> ...
>>> </properties>
>>> but the tricky thing is configuring jaas.xml to work for a basic jaas
>>> setup rather than ldap. my jaas loginmodule works like a DataSourceRealm
>>> e.g.
>>> <Realm className="org.apache.catalina.realm.DataSourceRealm"
>>> dataSourceName="directory" roleNameCol="rolename" userCredCol="password"
>>> userNameCol="username" userRoleTable="userrole" userTable="user" />
>>> so how to map the roles?
>>>
>>> On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
>>>
>>> I would have thought that 401 would be expected here. You are starting
>>>> from
>>>> the IDP and it is issuing a token and redirecting back to the client
>>>> application, but the client application has no record of the request and
>>>> hence a 401. What happens if instead you start from "
>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>>>>
>>>> Here is some information on using JAAS with CXF:
>>>> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>>>>
>>>> Colm.
>>>>
>>>> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
>>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>>
>>>> hi,
>>>>
>>>>> i have been following the instructions on
>>>>> http://cxf.apache.org/fediz-id
>>>>> p-11.html as well as reading the articles on Colm's blog e.g.
>>>>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>>>>> -tutorial-part-i.html.
>>>>>
>>>>> the idp and sts seem to be working. i get a "hello world" at
>>>>> https://localhost:9443/fedizhelloworld/ and i get available SOAP
>>>>> services
>>>>> at https://localhost:9443/fediz-idp-sts/.
>>>>>
>>>>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>>>>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>>>>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>>>>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for
>>>>> the
>>>>> realm. i specify realm a and enter alice:ecila but it gives me a 401
>>>>> at
>>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>>>>
>>>>> also i was wondering if i already have a JAAS LoginModule created which
>>>>> has users and roles can i plug that directly into the sts and is there
>>>>> a
>>>>> tutorial for that?
>>>>>
>>>>> Matthew
>>>>>
>>>>>
>>>>>
>>>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: fediz 401
Posted by Matthew Broadhead <ma...@nbmlaw.co.uk>.
no. just a blank screen. it is like nothing is loading at all.
On 22/09/2017 15:57, Colm O hEigeartaigh wrote:
> If you start with "https://localhost:9443/fedizhelloworld/secure/fedservlet"
> do you get redirected to the IdP?
>
> Colm.
>
> On Fri, Sep 22, 2017 at 1:15 PM, Matthew Broadhead <
> matthew.broadhead@nbmlaw.co.uk> wrote:
>
>> i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and all
>> i get is a blank screen. if i try to go from
>> https://localhost:9443/fedizhelloworld to https://localhost:9443/fedizhe
>> lloworld/secure/fedservlet the url does not change (Chrome). nothing is
>> output in catalina.out.
>>
>> is there a way to increase the logging level or do i change tomcat
>> logging.properties to FINE?
>>
>> after poking around in sts i think i am getting to grips with jaas setup.
>> it looks like i need to create fediz-1.4.2/services/sts/src/m
>> ain/webapp/WEB-INF/endpoints/jaas.xml. and also change the
>> fediz-1.4.2/services/sts/pom.xml to
>> <properties>
>> ...
>> <adapter.resource>jaas</adapter.resource>
>> ...
>> </properties>
>> but the tricky thing is configuring jaas.xml to work for a basic jaas
>> setup rather than ldap. my jaas loginmodule works like a DataSourceRealm
>> e.g.
>> <Realm className="org.apache.catalina.realm.DataSourceRealm"
>> dataSourceName="directory" roleNameCol="rolename" userCredCol="password"
>> userNameCol="username" userRoleTable="userrole" userTable="user" />
>> so how to map the roles?
>>
>> On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
>>
>>> I would have thought that 401 would be expected here. You are starting
>>> from
>>> the IDP and it is issuing a token and redirecting back to the client
>>> application, but the client application has no record of the request and
>>> hence a 401. What happens if instead you start from "
>>> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>>>
>>> Here is some information on using JAAS with CXF:
>>> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>>>
>>> Colm.
>>>
>>> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
>>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>>
>>> hi,
>>>> i have been following the instructions on http://cxf.apache.org/fediz-id
>>>> p-11.html as well as reading the articles on Colm's blog e.g.
>>>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>>>> -tutorial-part-i.html.
>>>>
>>>> the idp and sts seem to be working. i get a "hello world" at
>>>> https://localhost:9443/fedizhelloworld/ and i get available SOAP
>>>> services
>>>> at https://localhost:9443/fediz-idp-sts/.
>>>>
>>>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>>>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>>>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>>>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for the
>>>> realm. i specify realm a and enter alice:ecila but it gives me a 401 at
>>>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>>>
>>>> also i was wondering if i already have a JAAS LoginModule created which
>>>> has users and roles can i plug that directly into the sts and is there a
>>>> tutorial for that?
>>>>
>>>> Matthew
>>>>
>>>>
>>>
>
Re: fediz 401
Posted by Colm O hEigeartaigh <co...@apache.org>.
If you start with "https://localhost:9443/fedizhelloworld/secure/fedservlet"
do you get redirected to the IdP?
Colm.
On Fri, Sep 22, 2017 at 1:15 PM, Matthew Broadhead <
matthew.broadhead@nbmlaw.co.uk> wrote:
> i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and all
> i get is a blank screen. if i try to go from
> https://localhost:9443/fedizhelloworld to https://localhost:9443/fedizhe
> lloworld/secure/fedservlet the url does not change (Chrome). nothing is
> output in catalina.out.
>
> is there a way to increase the logging level or do i change tomcat
> logging.properties to FINE?
>
> after poking around in sts i think i am getting to grips with jaas setup.
> it looks like i need to create fediz-1.4.2/services/sts/src/m
> ain/webapp/WEB-INF/endpoints/jaas.xml. and also change the
> fediz-1.4.2/services/sts/pom.xml to
> <properties>
> ...
> <adapter.resource>jaas</adapter.resource>
> ...
> </properties>
> but the tricky thing is configuring jaas.xml to work for a basic jaas
> setup rather than ldap. my jaas loginmodule works like a DataSourceRealm
> e.g.
> <Realm className="org.apache.catalina.realm.DataSourceRealm"
> dataSourceName="directory" roleNameCol="rolename" userCredCol="password"
> userNameCol="username" userRoleTable="userrole" userTable="user" />
> so how to map the roles?
>
> On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
>
>> I would have thought that 401 would be expected here. You are starting
>> from
>> the IDP and it is issuing a token and redirecting back to the client
>> application, but the client application has no record of the request and
>> hence a 401. What happens if instead you start from "
>> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>>
>> Here is some information on using JAAS with CXF:
>> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>>
>> Colm.
>>
>> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
>> matthew.broadhead@nbmlaw.co.uk> wrote:
>>
>> hi,
>>>
>>> i have been following the instructions on http://cxf.apache.org/fediz-id
>>> p-11.html as well as reading the articles on Colm's blog e.g.
>>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>>> -tutorial-part-i.html.
>>>
>>> the idp and sts seem to be working. i get a "hello world" at
>>> https://localhost:9443/fedizhelloworld/ and i get available SOAP
>>> services
>>> at https://localhost:9443/fediz-idp-sts/.
>>>
>>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for the
>>> realm. i specify realm a and enter alice:ecila but it gives me a 401 at
>>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>>
>>> also i was wondering if i already have a JAAS LoginModule created which
>>> has users and roles can i plug that directly into the sts and is there a
>>> tutorial for that?
>>>
>>> Matthew
>>>
>>>
>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: fediz 401
Posted by Matthew Broadhead <ma...@nbmlaw.co.uk>.
i tried https://localhost:9443/fedizhelloworld/secure/fedservlet and all
i get is a blank screen. if i try to go from
https://localhost:9443/fedizhelloworld to
https://localhost:9443/fedizhelloworld/secure/fedservlet the url does
not change (Chrome). nothing is output in catalina.out.
is there a way to increase the logging level or do i change tomcat
logging.properties to FINE?
after poking around in sts i think i am getting to grips with jaas
setup. it looks like i need to create
fediz-1.4.2/services/sts/src/main/webapp/WEB-INF/endpoints/jaas.xml. and
also change the fediz-1.4.2/services/sts/pom.xml to
<properties>
...
<adapter.resource>jaas</adapter.resource>
...
</properties>
but the tricky thing is configuring jaas.xml to work for a basic jaas
setup rather than ldap. my jaas loginmodule works like a
DataSourceRealm e.g.
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="directory" roleNameCol="rolename" userCredCol="password"
userNameCol="username" userRoleTable="userrole" userTable="user" />
so how to map the roles?
On 22/09/2017 13:03, Colm O hEigeartaigh wrote:
> I would have thought that 401 would be expected here. You are starting from
> the IDP and it is issuing a token and redirecting back to the client
> application, but the client application has no record of the request and
> hence a 401. What happens if instead you start from "
> https://localhost:9443/fedizhelloworld/secure/fedservlet"?
>
> Here is some information on using JAAS with CXF:
> http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
>
> Colm.
>
> On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
> matthew.broadhead@nbmlaw.co.uk> wrote:
>
>> hi,
>>
>> i have been following the instructions on http://cxf.apache.org/fediz-id
>> p-11.html as well as reading the articles on Colm's blog e.g.
>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
>> -tutorial-part-i.html.
>>
>> the idp and sts seem to be working. i get a "hello world" at
>> https://localhost:9443/fedizhelloworld/ and i get available SOAP services
>> at https://localhost:9443/fediz-idp-sts/.
>>
>> but when i go to (changed to 9443) https://localhost:9443/fediz-i
>> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
>> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
>> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for the
>> realm. i specify realm a and enter alice:ecila but it gives me a 401 at
>> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>
>> also i was wondering if i already have a JAAS LoginModule created which
>> has users and roles can i plug that directly into the sts and is there a
>> tutorial for that?
>>
>> Matthew
>>
>
>
Re: fediz 401
Posted by Colm O hEigeartaigh <co...@apache.org>.
I would have thought that 401 would be expected here. You are starting from
the IDP and it is issuing a token and redirecting back to the client
application, but the client application has no record of the request and
hence a 401. What happens if instead you start from "
https://localhost:9443/fedizhelloworld/secure/fedservlet"?
Here is some information on using JAAS with CXF:
http://coheigea.blogspot.ie/2014/10/using-jaas-with-apache-cxf.html
Colm.
On Thu, Sep 21, 2017 at 10:46 AM, Matthew Broadhead <
matthew.broadhead@nbmlaw.co.uk> wrote:
> hi,
>
> i have been following the instructions on http://cxf.apache.org/fediz-id
> p-11.html as well as reading the articles on Colm's blog e.g.
> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120
> -tutorial-part-i.html.
>
> the idp and sts seem to be working. i get a "hello world" at
> https://localhost:9443/fedizhelloworld/ and i get available SOAP services
> at https://localhost:9443/fediz-idp-sts/.
>
> but when i go to (changed to 9443) https://localhost:9443/fediz-i
> dp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%
> 3A9443%2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=
> urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld it prompts me for the
> realm. i specify realm a and enter alice:ecila but it gives me a 401 at
> https://localhost:9443/fedizhelloworld/secure/fedservlet.
>
> also i was wondering if i already have a JAAS LoginModule created which
> has users and roles can i plug that directly into the sts and is there a
> tutorial for that?
>
> Matthew
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: AW: fediz 401
Posted by Matthew Broadhead <ma...@nbmlaw.co.uk>.
Thanks Jan,
I will try to turn up the logging levels. also i will clear out the
database again.
maybe if i try first with standard port numbers 8080, 8009, 8443 instead
of prefixing with 9?
otherwise i need to look through the config for references to the port
numbers if i understand correctly?
this also makes me wonder about when i finally need to deploy the idp,
sts on a https://domain.tld i will need to reconfigure all this stuff
again...
On 22/09/2017 10:12, Jan Bernhardt wrote:
> Hi Matthew,
>
> you should take a look into the log files from IDP and STS. Most likely you have a connection error here. There are several places in the IDP configuration to update your STS URL. Make sure to update all of these when you change the STS location.
> Also be aware that some configuration is stored within an embedded database. Most likely you need to delete a "target" folder relative to the location from where your started Tomcat. Otherwise config changes in the entities-* files will have no effect after a restart.
>
> And yes, the STS also supports JAAS LoginModules. You just have to use the JAAS Token Validator.
>
> Best regards
> Jan
>
>> -----Ursprüngliche Nachricht-----
>> Von: Matthew Broadhead [mailto:matthew.broadhead@nbmlaw.co.uk]
>> Gesendet: Donnerstag, 21. September 2017 11:47
>> An: users@cxf.apache.org
>> Betreff: fediz 401
>>
>> hi,
>>
>> i have been following the instructions on http://cxf.apache.org/fediz-idp-
>> 11.html as well as reading the articles on Colm's blog e.g.
>> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120-tutorial-part-
>> i.html.
>>
>> the idp and sts seem to be working. i get a "hello world" at
>> https://localhost:9443/fedizhelloworld/ and i get available SOAP services at
>> https://localhost:9443/fediz-idp-sts/.
>>
>> but when i go to (changed to 9443)
>> https://localhost:9443/fediz-
>> idp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%3A9443%
>> 2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=urn%3Aorg%3Aapache%
>> 3Acxf%3Afediz%3Afedizhelloworld
>> it prompts me for the realm. i specify realm a and enter alice:ecila but it gives
>> me a 401 at https://localhost:9443/fedizhelloworld/secure/fedservlet.
>>
>> also i was wondering if i already have a JAAS LoginModule created which has
>> users and roles can i plug that directly into the sts and is there a tutorial for that?
>>
>> Matthew
AW: fediz 401
Posted by Jan Bernhardt <jb...@talend.com>.
Hi Matthew,
you should take a look into the log files from IDP and STS. Most likely you have a connection error here. There are several places in the IDP configuration to update your STS URL. Make sure to update all of these when you change the STS location.
Also be aware that some configuration is stored within an embedded database. Most likely you need to delete a "target" folder relative to the location from where your started Tomcat. Otherwise config changes in the entities-* files will have no effect after a restart.
And yes, the STS also supports JAAS LoginModules. You just have to use the JAAS Token Validator.
Best regards
Jan
> -----Ursprüngliche Nachricht-----
> Von: Matthew Broadhead [mailto:matthew.broadhead@nbmlaw.co.uk]
> Gesendet: Donnerstag, 21. September 2017 11:47
> An: users@cxf.apache.org
> Betreff: fediz 401
>
> hi,
>
> i have been following the instructions on http://cxf.apache.org/fediz-idp-
> 11.html as well as reading the articles on Colm's blog e.g.
> http://coheigea.blogspot.com.es/2015/06/apache-cxf-fediz-120-tutorial-part-
> i.html.
>
> the idp and sts seem to be working. i get a "hello world" at
> https://localhost:9443/fedizhelloworld/ and i get available SOAP services at
> https://localhost:9443/fediz-idp-sts/.
>
> but when i go to (changed to 9443)
> https://localhost:9443/fediz-
> idp/federation?wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%3A9443%
> 2Ffedizhelloworld%2Fsecure%2Ffedservlet&wtrealm=urn%3Aorg%3Aapache%
> 3Acxf%3Afediz%3Afedizhelloworld
> it prompts me for the realm. i specify realm a and enter alice:ecila but it gives
> me a 401 at https://localhost:9443/fedizhelloworld/secure/fedservlet.
>
> also i was wondering if i already have a JAAS LoginModule created which has
> users and roles can i plug that directly into the sts and is there a tutorial for that?
>
> Matthew