8:01 a.m.
Hi,
you can try to declare in the
|GATEIN_HOME/gatein/gatein.ear/portal.war/WEB-INF/conf/sso/saml/picketlink-idp.xml|
a ValidatingDomain directive like:
<ValidatingAlias Key="127.0.0.1" Value="secure-key"/>
Even though Google SAML requests are not signed, PicketLink requires
that there is validating key corresponding to each SAMLRequest. When a
key is not found for a specific domain (in this case google.com),
PicketLink will search for keys with the alias |127.0.0.1| . You can use
alias for any key you have declared in your keystore. It will be used
just as placeholder as SAML requests from Google are not signed, so
validation won't be checked anyway.
Marek
On 10.10.2013 11:55, Tuyen The Nguyen wrote:
Hi all,
I'm configuring SSO for gatein 3.5 with google and salefore use SAML2
protocol.
I follow by three docs:
https://docs.jboss.org/author/display/GTNPORTAL35/SAML2
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce...
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+App...
When i try to login to google, it redirect to IDP (use gatein) and
login success, but when redirect back to google, i meet error "google
could not parse the login request" and i can't login.
I see an exception on console of gatein:
16:26:01,844 ERROR [org.picketlink.identity.federation]
(http-www.idp.com-127.0.0.1-8080-7) PLFED000253: Exception in
processing request: java.lang.IllegalStateException: PLFED000058:
KeyStoreKeyManager : Domain Alias missing for : 127.0.0.1
at
org.picketlink.identity.federation.PicketLinkLoggerImpl.keyStoreMissingDomainAlias(PicketLinkLoggerImpl.java:183)
at
org.picketlink.identity.federation.core.impl.KeyStoreKeyManager.getValidatingKey(KeyStoreKeyManager.java:196)
at
org.picketlink.identity.federation.core.util.CoreConfigUtil.getValidatingKey(CoreConfigUtil.java:140)
at
org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.getIssuerPublicKey(AbstractIDPValve.java:683)
at
org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:545)
at
org.gatein.sso.saml.plugin.valve.PortalIDPWebBrowserSSOValve.invoke(PortalIDPWebBrowserSSOValve.java:255)
[sso-saml-plugin-1.3.1.Final.jar:1.3.1.Final]
at
org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:155)
[sso-integration-1.3.1.Final.jar:1.3.1.Final]
at
org.gatein.portal.security.jboss.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:88)
[exo.portal.component.web.security-jboss-3.5.7.Final-SNAPSHOT.jar:3.5.7.Final-SNAPSHOT]
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
[jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
*Is there any one know how to fix this problem?*
Tuyen Nguyen The.
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev