Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?
by Adam Dong
Hi,
Any previous successful usage of putting ServiceProviderAuthenticator as a Valve in Tomcat, by adding it in a web app's META-INF/context.xml like below (as opposed to adding it in jboss-web.xml on Jboss) ?
<Context>
<Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator"/>
</Context>
I tried with Tomcat 7 and get some complaints (see below) about ServiceProviderAuthenticator overriding final method start()but the valve seemed being pulled in.
java.lang.VerifyError: class org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator overrides final method start.()V
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:144)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1288)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509)
at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1342)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2770)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:648)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561)
at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:637)
at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:599)
at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:837)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:385)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
I tried with Tomcat 6 and the valve didn't get pulled in the request path, just as if it were not there.
Any experience or idea ?
Thanks,
Adam Dong
10 years, 2 months
GLO Logout URL
by Bruno Bonfils
Hello,
I'm working on integration between PicketLink (as SP) and OpenAM (as
IdP), using the picketlink-federation-saml-sp-with-metadata example.
While I succedeed to get login working, when I click on the Logout link,
I'm redirected to the SingleSignOnService URL (with a logout
assertion) instead of the SingleLogoutService one (see the
sp-metadata.xml attachment). As you can see, the "Destination" in the
LogoutRequest is correct, but the POST is send to another URL:
--8<--
POST http://idp.tests.opencsi.com/openam/SSOPOST/metaAlias/example/idp HTTP/1.1
Host: idp.tests.opencsi.com
--8<--
Note the SSOPOST is only referenced as SingleSignOnService in the
metadata.xml
I tried to read the picketlink code souce, but I'm not a java
developper, so I don't understand when the getLogoutURL function of
CoreConfigUtil is called!
By the way, I was not able to find the code source (in git) of
picketlink versions used in JBoss EAP (like the 2.5.3.SP10 used in JBoss
EAP 6.3, only a 2.5.3Beta can be found in github) it doesn't help
debugging! Is the tag/branch available somewhere?
Thanks!
--
http://www.opencsi.com/
10 years, 2 months
