Adding to dev mailing list. ---------- Forwarded message ---------- From: Suhan Dharmasuriya <[email protected]> Date: Tue, Aug 19, 2014 at 11:49 AM Subject: Re: Useful bug fixing tips - IS Error when reading claim values for generating SAML Response To: WSO2 Training Group <[email protected]>, Suhan Dharmasuriya < [email protected]>, Shevan Goonetilleke <[email protected]>
Correct values email first_name last_name On Tue, Aug 19, 2014 at 11:48 AM, Suhan Dharmasuriya <[email protected]> wrote: > Hi, > > FYI. > > I was running WSO2 Identity Server. > While I was using facebook configuration as federated authenticator, I got > the following error in web browser. > SAML 2.0 based Single Sign-On > Error when processing the authentication request! > Please try login again. > > When I searched the error it directed me towards a jira bug[3] which is > not the root cause for this setup. > > This error occurred due to usage of non standard values for Identity > Provider Claim URI field in Identity provider's basic claim configuration. > Once I corrected the values (emailaddress -> email, lastname -> last_name, > firstname -> first_name) the authentication was working as expected. > > Identity Provider Claim URI Local Claim URI Actions --- Select Claim > URI --- http://wso2.org/claims/otherphone http://wso2.org/claims/dob > http://wso2.org/claims/primaryChallengeQuestion > http://wso2.org/claims/role http://wso2.org/claims/challengeQuestion1 > http://wso2.org/claims/telephone http://wso2.org/claims/mobile > http://wso2.org/claims/country > http://wso2.org/claims/challengeQuestionUris > http://wso2.org/claims/postalcode > http://wso2.org/claims/challengeQuestion2 > http://wso2.org/claims/identity/accountLocked > http://wso2.org/claims/nickname http://wso2.org/claims/streetaddress > http://wso2.org/claims/url http://wso2.org/claims/givenname > http://wso2.org/claims/emailaddress > http://wso2.org/claims/oneTimePassword http://wso2.org/claims/region > http://wso2.org/claims/gender http://wso2.org/claims/fullname > http://wso2.org/claims/passwordTimestamp http://wso2.org/claims/title > http://wso2.org/claims/locality http://wso2.org/claims/stateorprovince > http://wso2.org/claims/im http://wso2.org/claims/organization > http://wso2.org/claims/lastname > > --- Select Claim URI --- http://wso2.org/claims/otherphone > http://wso2.org/claims/dob > http://wso2.org/claims/primaryChallengeQuestion > http://wso2.org/claims/role http://wso2.org/claims/challengeQuestion1 > http://wso2.org/claims/telephone http://wso2.org/claims/mobile > http://wso2.org/claims/country > http://wso2.org/claims/challengeQuestionUris > http://wso2.org/claims/postalcode > http://wso2.org/claims/challengeQuestion2 > http://wso2.org/claims/identity/accountLocked > http://wso2.org/claims/nickname http://wso2.org/claims/streetaddress > http://wso2.org/claims/url http://wso2.org/claims/givenname > http://wso2.org/claims/emailaddress > http://wso2.org/claims/oneTimePassword http://wso2.org/claims/region > http://wso2.org/claims/gender http://wso2.org/claims/fullname > http://wso2.org/claims/passwordTimestamp http://wso2.org/claims/title > http://wso2.org/claims/locality http://wso2.org/claims/stateorprovince > http://wso2.org/claims/im http://wso2.org/claims/organization > http://wso2.org/claims/lastname > > --- Select Claim URI --- http://wso2.org/claims/otherphone > http://wso2.org/claims/dob > http://wso2.org/claims/primaryChallengeQuestion > http://wso2.org/claims/role http://wso2.org/claims/challengeQuestion1 > http://wso2.org/claims/telephone http://wso2.org/claims/mobile > http://wso2.org/claims/country > http://wso2.org/claims/challengeQuestionUris > http://wso2.org/claims/postalcode > http://wso2.org/claims/challengeQuestion2 > http://wso2.org/claims/identity/accountLocked > http://wso2.org/claims/nickname http://wso2.org/claims/streetaddress > http://wso2.org/claims/url http://wso2.org/claims/givenname > http://wso2.org/claims/emailaddress > http://wso2.org/claims/oneTimePassword http://wso2.org/claims/region > http://wso2.org/claims/gender http://wso2.org/claims/fullname > http://wso2.org/claims/passwordTimestamp http://wso2.org/claims/title > http://wso2.org/claims/locality http://wso2.org/claims/stateorprovince > http://wso2.org/claims/im http://wso2.org/claims/organization > http://wso2.org/claims/lastname > > > Useful Facebook permission link[1]. > Tomcat deployment war file[2]. > > Hope this will help to save your time... :) > > IS Server console output error details. > [2014-08-19 10:36:59,958] ERROR > {org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder} - Error > when reading claim values for generating SAML Response > java.lang.NullPointerException > at > org.wso2.carbon.utils.multitenancy.MultitenantUtils.getTenantAwareUsername(MultitenantUtils.java:50) > at > org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildSAMLAssertion(DefaultResponseBuilder.java:135) > at > org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildResponse(DefaultResponseBuilder.java:69) > at > org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:161) > at > org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:140) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:546) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:163) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > [2014-08-19 10:36:59,958] ERROR > {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} > - Error processing the authentication request > org.wso2.carbon.identity.base.IdentityException: Error when reading claim > values for generating SAML Response > at > org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildSAMLAssertion(DefaultResponseBuilder.java:220) > at > org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildResponse(DefaultResponseBuilder.java:69) > at > org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:161) > at > org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:140) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:546) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:163) > at > org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.NullPointerException > at > org.wso2.carbon.utils.multitenancy.MultitenantUtils.getTenantAwareUsername(MultitenantUtils.java:50) > at > org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildSAMLAssertion(DefaultResponseBuilder.java:135) > ... 40 more > > [1] https://developers.facebook.com/docs/facebook-login/permissions/v2.1 > [2] https://docs.google.com/file/d/0B6TqW_IScmilVzdsSUNVWEQ0UWs/edit > [3] https://wso2.org/jira/browse/IDENTITY-2494 > > Thanks and Regards, > -- > Suhan Dharmasuriya > Software Engineer - Test Automation > Tel: +94 112 145345 > Mob: +94 779 869138 > -- Suhan Dharmasuriya Software Engineer - Test Automation Tel: +94 112 145345 Mob: +94 779 869138 -- Suhan Dharmasuriya Software Engineer - Test Automation Tel: +94 112 145345 Mob: +94 779 869138
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
