Change By:

Maksym Gryevtsov (01/Aug/13 6:29 PM)

Description:

When you try to initiate SAML login from provided sample idp.war to any remote SP . You , you get exception:

08-01 15:06:10,355 ERROR [org.picketlink.identity.federation] (ajp 2) PLFED000263: Service Provider could not handle the request.: java.lang.ClassCastException: org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType cannot be cast to org.picketlink.identity.federation.saml.v2.SAML2Object
at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.getSAML2ObjectFromStream(SAML2Response.java:447) [picketlink-core-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.getSAMLDocumentHolder(ServiceProviderSAMLResponseProcessor.java:130) [picketlink-core-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:84) [picketlink-core-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.handleSAMLResponse(AbstractSPFormAuthenticator.java:422) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:298) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSAML11SPRedirectFormAuthenticator.authenticate(AbstractSAML11SPRedirectFormAuthenticator.java:117) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.17.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.1.4.Final-SNAPSHOT.jar:7.1.4.Final-SNAPSHOT]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.17.Final.jar:]
at org.jboss.as.web.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:346) [jboss-as-web-7.1.4.Final-SNAPSHOT.jar:7.1.4.Final-SNAPSHOT]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.17.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:372) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:491) [jbossweb-7.0.17.Final.jar:]
at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:487) [jbossweb-7.0.17.Final.jar:]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2516) [jbossweb-7.0.17.Final.jar:]
at org.jboss.threads.SimpleDirectExecutor.execute(SimpleDirectExecutor.java:33)
at org.jboss.threads.QueueExecutor.runTask(QueueExecutor.java:801)
at org.jboss.threads.QueueExecutor.access$100(QueueExecutor.java:45)
at org.jboss.threads.QueueExecutor$Worker.run(QueueExecutor.java:821)
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)

Changing SP valve to SAML11SPRedirectFormAuthenticator didn't help.

h4. SP configuration:

valve - SAML11SPRedirectFormAuthenticator or ServiceProviderAuthenticator

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0"
ServerEnvironment="tomcat" BindingType="POST">
<IdentityURL>...</IdentityURL>
<ServiceURL>...</ServiceURL>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
</PicketLink>

h4. IDP configuration:

valve - IDPWebBrowserSSOValve

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1">
<IdentityURL>...</IdentityURL>
<Trust>
<Domains>...</Domains>
</Trust>
</PicketLinkIDP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>

</PicketLink>

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira