satyanarayana created FEDIZ-40:
----------------------------------
Summary: Can CXF Fediz IDP & RP work with SAML1.1 ?
Key: FEDIZ-40
URL: https://issues.apache.org/jira/browse/FEDIZ-40
Project: CXF-Fediz
Issue Type: Bug
Components: Examples
Affects Versions: 1.0.1
Environment: Apache Tomcat/7
OS Name: Windows XP
Architecture: x86
Reporter: satyanarayana
Fix For: 1.0.1
Hi,
I have tried to run the RP application configured in tomcat 7 and also
configured our ADFS server as IDP which serves STS tokens. As per WS-federation
protocol, the control got redirected to IDP/STS for authentication & in return
RP received the STS. The received STS token is SAML 1.1 version. While
processing the SAML 1.1 assertion token we are getting below error where as the
same code with SAML 2.0 assertion token it works well (we have IDP/STS
configured into tomcat 7 as suggested in fediz tomcat IDP configuration).
For RP we used the same versions of jars as provided in the apache fediz
release 1.0.2
Note:As per the below reference URL, following features are supported by the
Fediz plugin 1.0
WS-Federation 1.0/1.1/1.2
SAML 1.1/2.0 Tokens
For ur Reference:
http://owulff.blogspot.in/2011/11/configure-tomcat-for-federation-part.html
Error:
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
INFO: Trusted issuer: .*CN=www.sts.com.*
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
FINE: Truststore file: D:\FasiSSOTesting\tomcat-rp\conf\tomcat-rp.jks
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
FINE: Truststore password: tompass
Dec 10, 2012 3:10:47 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.NullPointerException
at org.apache.ws.security.saml.ext.OpenSAMLUtil.fromDom(OpenSAMLUtil.jav
a:83)
at org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrap
per.java:137)
at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessT
oken(SAMLTokenValidator.java:90)
at org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInReques
t(FederationProcessorImpl.java:155)
at org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Fede
rationProcessorImpl.java:75)
at org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(Fede
rationAuthenticator.java:448)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:544)
at org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(Federation
Authenticator.java:235)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:405)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:269)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
t.java:302)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
