[ https://issues.apache.org/jira/browse/FEDIZ-217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arnaud MERGEY updated FEDIZ-217: -------------------------------- Description: On a tomcat hosting a RP application trying to authenticate against a SAML IDP (OKTA) authentication fails with this log: May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState SEVERE: Missing Request State May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler handleRequest SEVERE: Federation processing failed: The request was invalid or malformed I checked in the code and it fails because request state in org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems with SAML protocol org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState) is never called, so I am wondering how it can be different from null and I suspect a bug I manage to patch fediz to have it working, I could propose a Pull request for this if required I also tried with samling for a simple test setup {code:java} <FedizConfig> <contextConfig name="/myApp"> <audienceUris> <audienceItem>http://localhost:8080/myApp/</audienceItem> </audienceUris> <certificateStores> <trustManager> <keyStore file="/opt/tomcat/.keystore" password="changeit" type="JKS" /> </trustManager> </certificateStores> <trustedIssuers> <issuer certificateValidation="PeerTrust" /> </trustedIssuers> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="2.0"> <disableDeflateEncoding>true</disableDeflateEncoding> <doNotEnforceKnownIssuer>true</doNotEnforceKnownIssuer> <issuer>https://capriza.github.io/samling/samling.html</issuer> <roleURI>groups</roleURI> </protocol> </contextConfig> </FedizConfig> {code} was: On a tomcat hosting a RP application trying to authenticate against a SAML IDP (OKTA) authentication fails with this log: May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState SEVERE: Missing Request State May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler handleRequest SEVERE: Federation processing failed: The request was invalid or malformed I checked in the code and it fails because request state in org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems with SAML protocol org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState) is never called, so I am wondering how it can be different from null and I suspect a bug I manage to patch fediz to have it working, I could propose a Pull request for this if required I also tried with samling for a simple test setup > SAML authentication fails in plugin > ----------------------------------- > > Key: FEDIZ-217 > URL: https://issues.apache.org/jira/browse/FEDIZ-217 > Project: CXF-Fediz > Issue Type: Bug > Components: Plugin > Affects Versions: 1.4.3 > Reporter: Arnaud MERGEY > Priority: Major > > On a tomcat hosting a RP application trying to authenticate against a SAML > IDP (OKTA) > authentication fails with this log: > May 11, 2018 11:22:14 AM > org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState > SEVERE: Missing Request State > May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler > handleRequest > SEVERE: Federation processing failed: The request was invalid or malformed > I checked in the code and it fails because request state in > org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems with > SAML protocol > org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState) > is never called, so I am wondering how it can be different from null and I > suspect a bug > I manage to patch fediz to have it working, I could propose a Pull request > for this if required > I also tried with samling for a simple test setup > > {code:java} > <FedizConfig> > <contextConfig name="/myApp"> > <audienceUris> > <audienceItem>http://localhost:8080/myApp/</audienceItem> > </audienceUris> > <certificateStores> > <trustManager> > <keyStore file="/opt/tomcat/.keystore" password="changeit" > type="JKS" /> > </trustManager> > </certificateStores> > <trustedIssuers> > <issuer certificateValidation="PeerTrust" /> > </trustedIssuers> > <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:type="samlProtocolType" version="2.0"> > <disableDeflateEncoding>true</disableDeflateEncoding> > <doNotEnforceKnownIssuer>true</doNotEnforceKnownIssuer> > <issuer>https://capriza.github.io/samling/samling.html</issuer> > <roleURI>groups</roleURI> > </protocol> > </contextConfig> > </FedizConfig> > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)