[jboss-user] [Security & JAAS/JBoss] - Problem with SAML in cookies
ajls
do-not-reply at jboss.com
Wed Apr 11 10:47:38 EDT 2007
I am having problems retrieving the SAML from the cookie. My SAML token is truncated to '<Response xmlns=\'. A little bit of adventure through Tomcat's src led me to:
org/apache/tomcat/util/http/Cookies.java
By changing dbg to "1", recompiling and adding the created tomcat-util.jar
to $JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/ .... I get this output:
| 15:26:16,489 INFO [Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 36s:640ms
| 15:27:14,692 INFO [STDOUT] ************ Cookies: Parsing b[]: JSESSIONID=v6lOu62iJ2ex2+nX9TlZMg**; JSESSIONIDSSO=7D1F4DAA170B31403D3994E56293C03A; token="<Response xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" IssueInstant=\"2007-04-11T14:27:11.207Z\" MajorVersion=\"1\" MinorVersion=\"1\" ResponseID=\"_7922e48bab03a7ed1fbb56da51a0e188\"><Status><StatusCode Value=\"samlp:Success\"></StatusCode></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"_e4d7d1360f820ceaf6ca4327e639b822\" IssueInstant=\"2007-04-11T14:27:11.426Z\" Issuer=\"HarpoonWebUI\" MajorVersion=\"1\" MinorVersion=\"1\"><AuthenticationStatement AuthenticationInstant=\"2007-04-11T14:27:11.207Z\" AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject><Attribute AttributeName=\"secret\" AttributeNamespace=\"jbosssso:secret\"><AttributeValue>99ce561dbb1f3c11a6bfbf5910800d844439d7ae02fbceec1c21e80d823009b7a1655f93384e7b7a148f7735e1135e843da328ff7f32aebec6c24373344e462b805abda1309587efef553a29dd2cf470166a5dd8c2bddb384edbfa49f6b1037a48432b5b46f57a18035f09a2ff4c7b4df95d4aba62fb17d5b808f541a665899cd50274c773c8a0e03ab661170c3a40710b4c8b3e318a89694a661581b4f61fca38ba166bf8de0d69a133fa3a7e81ade47847df7fad75268beab3b7259ffdbc6b0332b2d59053613ff099496b1c8f6ee99cbb333f1505903d9cfdd451effa28dce13aa2d03b5387c7d7c1a7580202e8161e8b9ad6c7881f655e4105f95dca0160aefce6400dd0c35aa38311c1c41b6635c00c30487782537be4d91b60a4724229a3e29f4deb1c66ca03ac4a1d3aa61efba5da366e0c36d7b5ef48966043e909754931fbf78583f4e679f04a29561b87c30ebee0a46d966fc5edf9fdcad73ce7081317d872abb6bbd749c2ea540c47838a4ebe51e36a5b9339e58822189ca22340c6b8749541235bb666ef4975729f1249a2e0403d9bc653a96777dc9f737bb65bcf03ccc2a63f24206f016f2a32f6e9cf4822d2a68ccf6227af89052c98becf2e0e05117d61f92ef41f74fd723e0e50dbb40bbab4fec9792c3a928e8f50031113e9556ac6dccfb770135250e3f9bdc5ebdeb2e943569a10b396ce88834becbcac</AttributeValue></Attribute></AttributeStatement></Assertion></Response>"
| 15:27:14,692 INFO [STDOUT] ************ Cookies: Start: 450 2836
| 15:27:14,692 INFO [STDOUT] ************ Cookies: SN: 450
| 15:27:14,692 INFO [STDOUT] ************ Cookies: DELIM: 460 =
| 15:27:14,692 INFO [STDOUT] ************ Cookies: New: JSESSIONIDX=Xv6lOu62iJ2ex2+nX9TlZMg**
| 15:27:14,692 INFO [STDOUT] ************ Cookies: Start: 486 2836
| 15:27:14,692 INFO [STDOUT] ************ Cookies: SN: 487
| 15:27:14,692 INFO [STDOUT] ************ Cookies: DELIM: 500 =
| 15:27:14,692 INFO [STDOUT] ************ Cookies: New: JSESSIONIDSSOX=X7D1F4DAA170B31403D3994E56293C03A
| 15:27:14,692 INFO [STDOUT] ************ Cookies: Start: 534 2836
| 15:27:14,692 INFO [STDOUT] ************ Cookies: SN: 535
| 15:27:14,692 INFO [STDOUT] ************ Cookies: DELIM: 540 =
| 15:27:14,692 INFO [STDOUT] ************ Cookies: New: tokenX=X<Response xmlns=\
| 15:27:14,692 INFO [STDOUT] ************ Cookies: Start: 560 2836
| 15:27:14,692 INFO [STDOUT] ************ Cookies: SN: 560
| 15:27:14,692 INFO [STDOUT] ************ Cookies: DELIM: 598 x
| 15:27:14,692 INFO [STDOUT] ************ Cookies: New: urn:oasis:names:tc:SAML:1.0:protocol\"X=Xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" IssueInstant=\"2007-04-11T14:27:11.207Z\" MajorVersion=\"1\" MinorVersion=\"1\" ResponseID=\"_7922e48bab03a7ed1fbb56da51a0e188\"><Status><StatusCode Value=\"samlp:Success\"></StatusCode></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"_e4d7d1360f820ceaf6ca4327e639b822\" IssueInstant=\"2007-04-11T14:27:11.426Z\" Issuer=\"HarpoonWebUI\" MajorVersion=\"1\" MinorVersion=\"1\"><AuthenticationStatement AuthenticationInstant=\"2007-04-11T14:27:11.207Z\" AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject><Attribute AttributeName=\"secret\" AttributeNamespace=\"jbosssso:secret\"><AttributeValue>99ce561dbb1f3c11a6bfbf5910800d844439d7ae02fbceec1c21e80d823009b7a1655f93384e7b7a148f7735e1135e843da328ff7f32aebec6c24373344e462b805abda1309587efef553a29dd2cf470166a5dd8c2bddb384edbfa49f6b1037a48432b5b46f57a18035f09a2ff4c7b4df95d4aba62fb17d5b808f541a665899cd50274c773c8a0e03ab661170c3a40710b4c8b3e318a89694a661581b4f61fca38ba166bf8de0d69a133fa3a7e81ade47847df7fad75268beab3b7259ffdbc6b0332b2d59053613ff099496b1c8f6ee99cbb333f1505903d9cfdd451effa28dce13aa2d03b5387c7d7c1a7580202e8161e8b9ad6c7881f655e4105f95dca0160aefce6400dd0c35aa38311c1c41b6635c00c30487782537be4d91b60a4724229a3e29f4deb1c66ca03ac4a1d3aa61efba5da366e0c36d7b5ef48966043e909754931fbf78583f4e679f04a29561b87c30ebee0a46d966fc5edf9fdcad73ce7081317d872abb6bbd749c2ea540c47838a4ebe51e36a5b9339e58822189ca22340c6b8749541235bb666ef4975729f1249a2e0403d9bc653a96777dc9f737bb65bcf03ccc2a63f24206f016f2a32f6e9cf4822d2a68ccf6227af89052c98becf2e0e05117d61f92ef41f74fd723e0e50dbb40bbab4fec9792c3a928e8f50031113e9556ac6dccfb770135250e3f9bdc5ebdeb2e943569a10b396ce88834becbcac</AttributeValue></Attribute></AttributeStatement></Assertion></Response>"
|
|
One can quite easily see why I am only getting '<Response xmlns=\'
If I tap the wire with tcpmon, I get:
| GET /sso-war-0.0.1/foo.do HTTP/1.1
| Host: d1m60q2j.my.domain:6060
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
| Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
| Accept-Language: en-gb,en;q=0.5
| Accept-Encoding: gzip,deflate
| Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
| Keep-Alive: 300
| Connection: keep-alive
| Cookie: JSESSIONID=v6lOu62iJ2ex2+nX9TlZMg**; JSESSIONIDSSO=7D1F4DAA170B31403D3994E56293C03A; token="<Response xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" IssueInstant=\"2007-04-11T14:27:11.207Z\" MajorVersion=\"1\" MinorVersion=\"1\" ResponseID=\"_7922e48bab03a7ed1fbb56da51a0e188\"><Status><StatusCode Value=\"samlp:Success\"></StatusCode></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"_e4d7d1360f820ceaf6ca4327e639b822\" IssueInstant=\"2007-04-11T14:27:11.426Z\" Issuer=\"HarpoonWebUI\" MajorVersion=\"1\" MinorVersion=\"1\"><AuthenticationStatement AuthenticationInstant=\"2007-04-11T14:27:11.207Z\" AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">admin</NameIdentifier></Subject><Attribute AttributeName=\"secret\" AttributeNamespace=\"jbosssso:secret\"><AttributeValue>99ce561dbb1f3c11a6bfbf5910800d844439d7ae02fbceec1c21e80d823009b7a1655f93384e7b7a148f7735e1135e843da328ff7f32aebec6c24373344e462b805abda1309587efef553a29dd2cf470166a5dd8c2bddb384edbfa49f6b1037a48432b5b46f57a18035f09a2ff4c7b4df95d4aba62fb17d5b808f541a665899cd50274c773c8a0e03ab661170c3a40710b4c8b3e318a89694a661581b4f61fca38ba166bf8de0d69a133fa3a7e81ade47847df7fad75268beab3b7259ffdbc6b0332b2d59053613ff099496b1c8f6ee99cbb333f1505903d9cfdd451effa28dce13aa2d03b5387c7d7c1a7580202e8161e8b9ad6c7881f655e4105f95dca0160aefce6400dd0c35aa38311c1c41b6635c00c30487782537be4d91b60a4724229a3e29f4deb1c66ca03ac4a1d3aa61efba5da366e0c36d7b5ef48966043e909754931fbf78583f4e679f04a29561b87c30ebee0a46d966fc5edf9fdcad73ce7081317d872abb6bbd749c2ea540c47838a4ebe51e36a5b9339e58822189ca22340c6b8749541235bb666ef4975729f1249a2e0403d9bc653a96777dc9f737bb65bcf03ccc2a63f24206f016f2a32f6e9cf4822d2a68ccf6227af89052c98becf2e0e05117d61f92ef41f74fd723e0e50dbb40bbab4fec9792c3a928e8f50031113e9556ac6dccfb770135250e3f9bdc5ebdeb2e943569a10b396ce88834becbcac</AttributeValue></Attribute></AttributeStatement></Assertion></Response>"
| Authorization: Basic YWRtaW46YWRtaW4=
|
Everything looks legit, bar the weird cookie truncation. My installation is pretty regular:
Jboss-4.0.5.GA/
Jboss-SSO-1.0.CR1/
jdk-1.5.0_08
win32
firefox 2.0.0.3
Anyone had this problem ? Has my SAML token absorbed weird formatting (i.e. CRLFs) or does Tomcat need to be tweaked ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036398#4036398
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036398
More information about the jboss-user
mailing list