[ 
https://issues.apache.org/jira/browse/FEDIZ-217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16474398#comment-16474398
 ] 

ASF GitHub Bot commented on FEDIZ-217:
--------------------------------------

amergey opened a new pull request #27: [FEDIZ-217] Fix SAML authentication in 
Plugin
URL: https://github.com/apache/cxf-fediz/pull/27
 
 
   RequestState needs to be saved before redirecting to IDP in order to be
   retrieved when IDP post back authentication token.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> SAML authentication fails in plugin
> -----------------------------------
>
>                 Key: FEDIZ-217
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-217
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: Plugin
>    Affects Versions: 1.4.3
>            Reporter: Arnaud MERGEY
>            Priority: Major
>
> On a tomcat hosting a SP application trying to authenticate against a SAML 
> IDP (OKTA)
>  authentication fails with this log:
> May 11, 2018 11:22:14 AM 
> org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState 
>  SEVERE: Missing Request State 
>  May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler 
> handleRequest 
>  SEVERE: Federation processing failed: The request was invalid or malformed
> I checked in the code and it fails because request state in 
> org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems with 
> SAML protocol 
> org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState)
>  is never called, so I am wondering how it can be different from null and I 
> suspect a bug
> I manage to patch fediz to have it working, I could propose a Pull request 
> for this if required
> Additionally to OKTA I also tried with samling for a simple test setup, same 
> error
>  
> {code:java}
> <FedizConfig> 
>     <contextConfig name="/myApp"> 
>         <audienceUris> 
> <audienceItem>http://localhost:8080/myApp/</audienceItem> 
>         </audienceUris> 
>        <certificateStores> 
>             <trustManager> 
>                 <keyStore file="/opt/tomcat/.keystore" password="changeit" 
> type="JKS" /> 
>             </trustManager> 
>         </certificateStores> 
>         <trustedIssuers> 
>             <issuer certificateValidation="PeerTrust" /> 
>         </trustedIssuers> 
>         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
> xsi:type="samlProtocolType" version="2.0"> 
>             <disableDeflateEncoding>true</disableDeflateEncoding>
>             <doNotEnforceKnownIssuer>true</doNotEnforceKnownIssuer>
>             <issuer>https://capriza.github.io/samling/samling.html</issuer> 
>             <roleURI>groups</roleURI> 
>         </protocol> 
>     </contextConfig> 
> </FedizConfig>
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to