[ https://issues.apache.org/jira/browse/FEDIZ-217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16498229#comment-16498229 ]
Arnaud MERGEY commented on FEDIZ-217: ------------------------------------- tested recently it works perfectly with OKTA and some other provider as well, thanks ! Any ideas when the 1.4.4 will be released ? > SAML authentication fails in plugin > ----------------------------------- > > Key: FEDIZ-217 > URL: https://issues.apache.org/jira/browse/FEDIZ-217 > Project: CXF-Fediz > Issue Type: Bug > Components: Plugin > Affects Versions: 1.4.3 > Reporter: Arnaud MERGEY > Assignee: Colm O hEigeartaigh > Priority: Major > Fix For: 1.4.4 > > > On a tomcat hosting a SP application trying to authenticate against a SAML > IDP (OKTA) > authentication fails with this log: > May 11, 2018 11:22:14 AM > org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState > SEVERE: Missing Request State > May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler > handleRequest > SEVERE: Federation processing failed: The request was invalid or malformed > I checked in the code and it fails because request state in > org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems with > SAML protocol > org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState) > is never called, so I am wondering how it can be different from null and I > suspect a bug > I manage to patch fediz to have it working, I could propose a Pull request > for this if required > Additionally to OKTA I also tried with samling for a simple test setup, same > error > > {code:java} > <FedizConfig> > <contextConfig name="/myApp"> > <audienceUris> > <audienceItem>http://localhost:8080/myApp/</audienceItem> > </audienceUris> > <certificateStores> > <trustManager> > <keyStore file="/opt/tomcat/.keystore" password="changeit" > type="JKS" /> > </trustManager> > </certificateStores> > <trustedIssuers> > <issuer certificateValidation="PeerTrust" /> > </trustedIssuers> > <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:type="samlProtocolType" version="2.0"> > <disableDeflateEncoding>true</disableDeflateEncoding> > <doNotEnforceKnownIssuer>true</doNotEnforceKnownIssuer> > <issuer>https://capriza.github.io/samling/samling.html</issuer> > <roleURI>groups</roleURI> > </protocol> > </contextConfig> > </FedizConfig> > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)