You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/01/10 15:40:12 UTC

[jira] [Updated] (FEDIZ-40) Can CXF Fediz IDP & RP work with SAML1.1 ?

     [ https://issues.apache.org/jira/browse/FEDIZ-40?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated FEDIZ-40:
-------------------------------------

    Fix Version/s:     (was: 1.0.1)
    
> Can CXF Fediz IDP & RP work with SAML1.1 ? 
> -------------------------------------------
>
>                 Key: FEDIZ-40
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-40
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: Examples
>    Affects Versions: 1.0.1
>         Environment: Apache Tomcat/7
> OS Name: Windows XP
> Architecture: x86
>            Reporter: satyanarayana
>              Labels: security
>   Original Estimate: 434h
>  Remaining Estimate: 434h
>
> Hi,
> I have tried to run the RP application configured in tomcat 7 and also configured our ADFS server as IDP which serves STS tokens. As per WS-federation protocol, the control got redirected to IDP/STS for authentication & in return RP received the STS. The received STS token is SAML 1.1 version. While processing the SAML 1.1 assertion token we are getting below error where as the same code with SAML 2.0 assertion token it works well (we have IDP/STS configured into tomcat 7 as suggested in fediz tomcat IDP configuration).
> For RP we used the same versions of jars as provided in the apache fediz release 1.0.2 
> Note:As per the below reference URL, following features are supported by the Fediz plugin 1.0
> WS-Federation 1.0/1.1/1.2
> SAML 1.1/2.0 Tokens
> For ur Reference: http://owulff.blogspot.in/2011/11/configure-tomcat-for-federation-part.html
> Error:
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> INFO: Trusted issuer: .*CN=www.sts.com.*
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore file: D:\FasiSSOTesting\tomcat-rp\conf\tomcat-rp.jks
> Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
> enticate
> FINE: Truststore password: tompass
> Dec 10, 2012 3:10:47 PM org.apache.coyote.http11.Http11Processor process
> SEVERE: Error processing request
> java.lang.NullPointerException
>         at org.apache.ws.security.saml.ext.OpenSAMLUtil.fromDom(OpenSAMLUtil.jav
> a:83)
>         at org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrap
> per.java:137)
>         at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessT
> oken(SAMLTokenValidator.java:90)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInReques
> t(FederationProcessorImpl.java:155)
>         at org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Fede
> rationProcessorImpl.java:75)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(Fede
> rationAuthenticator.java:448)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
> torBase.java:544)
>         at org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(Federation
> Authenticator.java:235)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> ava:151)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> ava:100)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 929)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> ve.java:118)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> a:405)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :269)
>         at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> AbstractProtocol.java:515)
>         at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> t.java:302)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
> )
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>         at java.lang.Thread.run(Unknown Source)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira