Description:
|
When you try to initiate SAML login from
provided
sample
idp.war to any remote SP
. You
, you
get exception:
08-01 15:06:10,355 ERROR [org.picketlink.identity.federation] (ajp 2) PLFED000263: Service Provider could not handle the request.: java.lang.ClassCastException: org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType cannot be cast to org.picketlink.identity.federation.saml.v2.SAML2Object at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.getSAML2ObjectFromStream(SAML2Response.java:447) [picketlink-core-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.getSAMLDocumentHolder(ServiceProviderSAMLResponseProcessor.java:130) [picketlink-core-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:84) [picketlink-core-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.handleSAMLResponse(AbstractSPFormAuthenticator.java:422) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:298) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSAML11SPRedirectFormAuthenticator.authenticate(AbstractSAML11SPRedirectFormAuthenticator.java:117) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.17.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.1.4.Final-SNAPSHOT.jar:7.1.4.Final-SNAPSHOT] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.17.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.17.Final.jar:] at org.jboss.as.web.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:346) [jboss-as-web-7.1.4.Final-SNAPSHOT.jar:7.1.4.Final-SNAPSHOT] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.17.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:372) [jbossweb-7.0.17.Final.jar:] at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:491) [jbossweb-7.0.17.Final.jar:] at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:487) [jbossweb-7.0.17.Final.jar:] at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2516) [jbossweb-7.0.17.Final.jar:] at org.jboss.threads.SimpleDirectExecutor.execute(SimpleDirectExecutor.java:33) at org.jboss.threads.QueueExecutor.runTask(QueueExecutor.java:801) at org.jboss.threads.QueueExecutor.access$100(QueueExecutor.java:45) at org.jboss.threads.QueueExecutor$Worker.run(QueueExecutor.java:821) at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13] at org.jboss.threads.JBossThread.run(JBossThread.java:122)
Changing SP valve to SAML11SPRedirectFormAuthenticator didn't help.
h4. SP configuration:
valve - SAML11SPRedirectFormAuthenticator or ServiceProviderAuthenticator
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0" ServerEnvironment="tomcat" BindingType="POST"> <IdentityURL>...</IdentityURL> <ServiceURL>...</ServiceURL> </PicketLinkSP> <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> </Handlers> </PicketLink>
h4. IDP configuration:
valve - IDPWebBrowserSSOValve
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1"> <IdentityURL>...</IdentityURL> <Trust> <Domains>...</Domains> </Trust> </PicketLinkIDP> <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> </Handlers>
</PicketLink>
|