[
https://issues.apache.org/jira/browse/FEDIZ-124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14718540#comment-14718540
]
ronald commented on FEDIZ-124:
------------------------------
in accordance to your remark of the latest release 1.2.0 of the Fediz plugin,
we did a test with the 1.2.1version on a Tomcat behind a hardware loadbalancer.
the LB does a head request to see if the tomcat is alive.
versions of the Java and Tomcat are
Tomcat = Tomcat 7.0.63
Java = jdk-8u51-windows-x64
config of the Fediz is as follows:
- <FedizConfig>
- <contextConfig name="/QIS_Extranet">
- <audienceUris>
<audienceItem>***************/</audienceItem>
</audienceUris>
- <certificateStores>
- <trustManager>
<keyStore file="**************" password="*************" type="JKS" />
</trustManager>
</certificateStores>
- <trustedIssuers>
<issuer subject=".*CN=.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="federationProtocolType" version="1.0.0">
<realm>https://extranet.reaal.srg/</realm>
<issuer>https://acc-login.reaal.srg/issue/wsfed</issuer>
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
<freshness>0</freshness>
- <claimTypesRequested>
<claimType type="" optional="true" />
</claimTypesRequested>
</protocol>
</contextConfig>
</FedizConfig>
Within Tomcat there are 2 webapps and the default webapp.
/LB
/QIS_Extranet
/
When we start the Tomcat instance there are no faults (logging is set on FINEST)
in the local_access_log we only see http 500 error's
[28/Aug/2015:14:02:03 +0200] - GET /LB/index.jsp HTTP/1.1 500 - - - 10.52.59.4
- -
[28/Aug/2015:14:02:03 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.3 - -
[28/Aug/2015:14:02:03 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.4 - -
[28/Aug/2015:14:02:05 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.3 - -
[28/Aug/2015:14:02:07 +0200] - GET /LB/index.jsp HTTP/1.1 500 - - - 10.52.59.3
- -
if we switch to the 1.0.0 version, nothing else is changed the we get the
following
[28/Aug/2015:14:09:38 +0200] AF6355DBEB324B90E8C1933654778D73 HEAD / HTTP/1.1
200 - - - 10.52.58.4 - -
[28/Aug/2015:14:09:38 +0200] 460DD2ECFB194D0AEFDF1FF42B41E8D8 GET /LB/index.jsp
HTTP/1.1 200 - - - 10.52.59.4 - -
so this is ok
if we do a HEAD request to the Tomcat instance we get http 500 errors with
version 1.2.1 (and 1.2.0)
also the requests to the webapp will result in a HTTP 500 error.
if we do HEAD request with the version 1.0.1 we get HTTP 200 return codes and
everyting is ok.
correct me if I am wrong but the contextConfig name will determine which calls
will be handeld by Fediz isn't?
what can be wrong with our config?
> Fediz-plugin for Tomcat 8
> -------------------------
>
> Key: FEDIZ-124
> URL: https://issues.apache.org/jira/browse/FEDIZ-124
> Project: CXF-Fediz
> Issue Type: Question
> Components: Plugin
> Affects Versions: 1.0.2
> Environment: Windows tomcat version
> Reporter: ronald
> Labels: patch
>
> we currently using Fediz-plugin version 1.0.2 within Tomcat7. Now we have to
> upgrade Tomcat to version 8.
> Fediz-plugin is build for Tomcat 6 & 7. Not for Tomcat 8.0.23 .
> With which enhancments is this plugin do we have to make within the
> distribution?
> the supplier of the application that uses the Fediz-plugin had made a diff
> and had the following differences:
> ////////////////////////
> C:\projects\fediz-1.2.0\plugins>diff
> tomcat7\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
>
> tomcat8\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
> ---
> tomcat7\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
> Wed Jul 15 10:18:57 2015
> +++
> tomcat8\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
> Mon Jul 13 22:52:39 2015
> @@ -40,7 +40,6 @@
> import org.apache.catalina.authenticator.SavedRequest;
> import org.apache.catalina.connector.Request;
> import org.apache.catalina.connector.Response;
> -import org.apache.catalina.deploy.LoginConfig;
> import org.apache.cxf.fediz.core.FederationConstants;
> import org.apache.cxf.fediz.core.FedizPrincipal;
> import org.apache.cxf.fediz.core.config.FedizConfigurator;
> @@ -85,14 +84,6 @@
> LOG.debug("WsFedAuthenticator()");
> }
> - /**
> - * Return descriptive information about this Valve implementation.
> - */
> - @Override
> - public String getInfo() {
> - return INFO;
> - }
> -
> public String getConfigFile() {
> return configFile;
> }
> @@ -192,8 +183,7 @@
> }
> @Override
> - public boolean authenticate(Request request, HttpServletResponse
> response,
> - LoginConfig config) throws IOException {
> + public boolean authenticate(Request request, HttpServletResponse
> response) throws IOException {
> LOG.debug("authenticate invoked");
> //////////////////////////////
> are these the only differences or do we miss something?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
