RE: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
> -Original Message- > From: Christopher Schultz > Sent: Wednesday, March 17, 2021 3:13 PM > To: users@tomcat.apache.org > Subject: Re: Wait... NULL address in java.net.BindException: Address already > in use (Bind failed) ??? > > Eric and Martin, > > On 3/17/21 15:35, Martin Grigorov wrote: > > On Wed, Mar 17, 2021, 20:27 Eric Robinson > wrote: > > > >>> From: Martin Grigorov > >>> Sent: Wednesday, March 17, 2021 12:45 PM > >>> To: Tomcat Users List > >>> Subject: Re: Wait... NULL address in java.net.BindException: Address > >> already > >>> in use (Bind failed) ??? > >>> > >>> Hi, > >>> > >>> On Wed, Mar 17, 2021, 19:34 Eric Robinson > >>> wrote: > >>> > Getting error: > > java.net.BindException: Address already in use (Bind failed) > :3787 > > >>> > >>> Please paste more lines of the exception. > >>> Also please tell us which version of JDK/JRE you use. > >>> This exception is very cryptic and does not usually tell which > >>> address > >> is in use. > >>> I.e. 3787 is not the port, as you might think. Most probably it is a > >> line in some > >>> class. > >>> > >> > >> Tomcat: Apache Tomcat/8.5.51 > >> JVM: 1.8.0_241-b08 > >> > >> The following error appears in catalina.out under tomcat 8. It does > >> not mention the null. We tried it under tomcat 7 as well, and that is > >> where it mentions the null. > >> > >> 17-Mar-2021 11:12:54.039 INFO [main] > >> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > >> ["http-nio-3787"] > >> 17-Mar-2021 11:12:54.048 SEVERE [main] > >> org.apache.catalina.core.StandardService.initInternal Failed to > >> initialize connector [Connector[HTTP/1.1-3787]] > >> > > > > This line says that 3787 is the port indeed. > > Are you sure it is not bound? > > Also, please post your s from conf/server.xml. > > You mentioned ":3787" in your error message but I don't see that in > the exception. Are you sure you are posting everything? > Hi Chris -- I mentioned in the email that the null reference appears in the catalina log when we use tomcat 7. It does not appear when we use tomcat 8. Although it fails to bind either way. Here's the connector. > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
RE: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
> -Original Message- > From: Martin Grigorov > Sent: Wednesday, March 17, 2021 2:35 PM > To: Tomcat Users List > Subject: Re: Wait... NULL address in java.net.BindException: Address already > in use (Bind failed) ??? > > On Wed, Mar 17, 2021, 20:27 Eric Robinson > wrote: > > > > From: Martin Grigorov > > > Sent: Wednesday, March 17, 2021 12:45 PM > > > To: Tomcat Users List > > > Subject: Re: Wait... NULL address in java.net.BindException: Address > > already > > > in use (Bind failed) ??? > > > > > > Hi, > > > > > > On Wed, Mar 17, 2021, 19:34 Eric Robinson > > > wrote: > > > > > > > Getting error: > > > > > > > > java.net.BindException: Address already in use (Bind failed) > > > > :3787 > > > > > > > > > > Please paste more lines of the exception. > > > Also please tell us which version of JDK/JRE you use. > > > This exception is very cryptic and does not usually tell which > > > address > > is in use. > > > I.e. 3787 is not the port, as you might think. Most probably it is a > > line in some > > > class. > > > > > > > Tomcat: Apache Tomcat/8.5.51 > > JVM: 1.8.0_241-b08 > > > > The following error appears in catalina.out under tomcat 8. It does > > not mention the null. We tried it under tomcat 7 as well, and that is > > where it mentions the null. > > > > 17-Mar-2021 11:12:54.039 INFO [main] > > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > > ["http-nio-3787"] > > 17-Mar-2021 11:12:54.048 SEVERE [main] > > org.apache.catalina.core.StandardService.initInternal Failed to > > initialize connector [Connector[HTTP/1.1-3787]] > > > > This line says that 3787 is the port indeed. > Are you sure it is not bound? > 100% sure, unless there's an invisible process using it. netstat and fuser both show nothing. > > org.apache.catalina.LifecycleException: Protocol handler > > initialization failed > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1032) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:5 > 52) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:84 > 8) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:639) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:662) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j > ava:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303) > > at > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) > > Caused by: java.net.BindException: Address already in use > > at sun.nio.ch.Net.bind0(Native Method) > > at sun.nio.ch.Net.bind(Net.java:433) > > at sun.nio.ch.Net.bind(Net.java:425) > > at sun.nio.ch > > .ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:220) > > at sun.nio.ch > > .ServerSocketAdaptor.bind(ServerSocketAdaptor.java:85) > > at org.apache.tomcat.util.net > > .NioEndpoint.bind(NioEndpoint.java:221) > > at org.apache.tomcat.util.net > > .AbstractEndpoint.init(AbstractEndpoint.java:1118) > > at org.apache.tomcat.util.net > > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:223) > > at > > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:587) > > at > > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protoc > ol.java:74) > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1030) > > ... 13 more > > > > > > > > > > > I know how to fix the infamous "Address already in use (Bind failed)" > > > > problem when there is another process already listening on a port. > > > > However, I have confirmed with netstat and fuser that there is no > > > > other process listening on that port. Could the problem be that > > > > the host address is null for some reason? I don't recall seeing > > > > that before, and Google diving came up dry. > > > > > > > > -Eric > > > > > > > > > > > > > > > > Disclaimer : This email and any files transmitted with it are > > > > confidential and intended solely for intended recipients. If you > > > > are not the named addressee you should not
Re: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
Eric and Martin, On 3/17/21 15:35, Martin Grigorov wrote: On Wed, Mar 17, 2021, 20:27 Eric Robinson wrote: From: Martin Grigorov Sent: Wednesday, March 17, 2021 12:45 PM To: Tomcat Users List Subject: Re: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ??? Hi, On Wed, Mar 17, 2021, 19:34 Eric Robinson wrote: Getting error: java.net.BindException: Address already in use (Bind failed) :3787 Please paste more lines of the exception. Also please tell us which version of JDK/JRE you use. This exception is very cryptic and does not usually tell which address is in use. I.e. 3787 is not the port, as you might think. Most probably it is a line in some class. Tomcat: Apache Tomcat/8.5.51 JVM: 1.8.0_241-b08 The following error appears in catalina.out under tomcat 8. It does not mention the null. We tried it under tomcat 7 as well, and that is where it mentions the null. 17-Mar-2021 11:12:54.039 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-3787"] 17-Mar-2021 11:12:54.048 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-3787]] This line says that 3787 is the port indeed. Are you sure it is not bound? Also, please post your s from conf/server.xml. You mentioned ":3787" in your error message but I don't see that in the exception. Are you sure you are posting everything? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
On Wed, Mar 17, 2021, 20:27 Eric Robinson wrote: > > From: Martin Grigorov > > Sent: Wednesday, March 17, 2021 12:45 PM > > To: Tomcat Users List > > Subject: Re: Wait... NULL address in java.net.BindException: Address > already > > in use (Bind failed) ??? > > > > Hi, > > > > On Wed, Mar 17, 2021, 19:34 Eric Robinson > > wrote: > > > > > Getting error: > > > > > > java.net.BindException: Address already in use (Bind failed) > > > :3787 > > > > > > > Please paste more lines of the exception. > > Also please tell us which version of JDK/JRE you use. > > This exception is very cryptic and does not usually tell which address > is in use. > > I.e. 3787 is not the port, as you might think. Most probably it is a > line in some > > class. > > > > Tomcat: Apache Tomcat/8.5.51 > JVM: 1.8.0_241-b08 > > The following error appears in catalina.out under tomcat 8. It does not > mention the null. We tried it under tomcat 7 as well, and that is where it > mentions the null. > > 17-Mar-2021 11:12:54.039 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio-3787"] > 17-Mar-2021 11:12:54.048 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal Failed to initialize > connector [Connector[HTTP/1.1-3787]] > This line says that 3787 is the port indeed. Are you sure it is not bound? org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1032) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:848) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:639) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:662) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) > Caused by: java.net.BindException: Address already in use > at sun.nio.ch.Net.bind0(Native Method) > at sun.nio.ch.Net.bind(Net.java:433) > at sun.nio.ch.Net.bind(Net.java:425) > at sun.nio.ch > .ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:220) > at sun.nio.ch > .ServerSocketAdaptor.bind(ServerSocketAdaptor.java:85) > at org.apache.tomcat.util.net > .NioEndpoint.bind(NioEndpoint.java:221) > at org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1118) > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:223) > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:587) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1030) > ... 13 more > > > > > > > I know how to fix the infamous "Address already in use (Bind failed)" > > > problem when there is another process already listening on a port. > > > However, I have confirmed with netstat and fuser that there is no > > > other process listening on that port. Could the problem be that the > > > host address is null for some reason? I don't recall seeing that > > > before, and Google diving came up dry. > > > > > > -Eric > > > > > > > > > > > > Disclaimer : This email and any files transmitted with it are > > > confidential and intended solely for intended recipients. If you are > > > not the named addressee you should not disseminate, distribute, copy or > > alter this email. > > > Any views or opinions presented in this email are solely those of the > > > author and might not represent those of Physician Select Management. > > > Warning: Although Physician Select Management has taken reasonable > > > precautions to ensure no viruses are present in this email, the > > > company cannot accept responsibility for any loss or damage arising > > > from the use of this email or attachments. > > > > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended
RE: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
> From: Martin Grigorov > Sent: Wednesday, March 17, 2021 12:45 PM > To: Tomcat Users List > Subject: Re: Wait... NULL address in java.net.BindException: Address already > in use (Bind failed) ??? > > Hi, > > On Wed, Mar 17, 2021, 19:34 Eric Robinson > wrote: > > > Getting error: > > > > java.net.BindException: Address already in use (Bind failed) > > :3787 > > > > Please paste more lines of the exception. > Also please tell us which version of JDK/JRE you use. > This exception is very cryptic and does not usually tell which address is in > use. > I.e. 3787 is not the port, as you might think. Most probably it is a line in > some > class. > Tomcat: Apache Tomcat/8.5.51 JVM: 1.8.0_241-b08 The following error appears in catalina.out under tomcat 8. It does not mention the null. We tried it under tomcat 7 as well, and that is where it mentions the null. 17-Mar-2021 11:12:54.039 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-3787"] 17-Mar-2021 11:12:54.048 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-3787]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1032) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:848) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Catalina.load(Catalina.java:639) at org.apache.catalina.startup.Catalina.load(Catalina.java:662) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) Caused by: java.net.BindException: Address already in use at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:433) at sun.nio.ch.Net.bind(Net.java:425) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:220) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:85) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:221) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1118) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:223) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:587) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1030) ... 13 more > > > I know how to fix the infamous "Address already in use (Bind failed)" > > problem when there is another process already listening on a port. > > However, I have confirmed with netstat and fuser that there is no > > other process listening on that port. Could the problem be that the > > host address is null for some reason? I don't recall seeing that > > before, and Google diving came up dry. > > > > -Eric > > > > > > > > Disclaimer : This email and any files transmitted with it are > > confidential and intended solely for intended recipients. If you are > > not the named addressee you should not disseminate, distribute, copy or > alter this email. > > Any views or opinions presented in this email are solely those of the > > author and might not represent those of Physician Select Management. > > Warning: Although Physician Select Management has taken reasonable > > precautions to ensure no viruses are present in this email, the > > company cannot accept responsibility for any loss or damage arising > > from the use of this email or attachments. > > Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions
Re: [OT] Working with SAML
On 17.03.2021 17:49, Christopher Schultz wrote: André, On 3/16/21 18:21, André Warnier (tomcat/perl) wrote: Alternatively, see this : https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo Thanks for mentioning this. I looked at Shibboleth. Their web site says "version 3 is deprecated" and "version 4 is undocumented". We've been using versions 2 and 3 without problems. I don't know what version 4 brings, that is not in the others but nevertheless helpful. We've set up one (our own) IdP (the SAML "identity provider", where the clients really login), and several SP (Service Provider), which interact with our own IdP or with other people's IdP's (of various brands/makes/types). It's all a bit of work to set up, but once set up it hasn't given us any more hassle. The documentation for versions 2 and 3 is very extensive, and quite complex, which I believe is kind of unavoidable considering that SAML itself is one of these things designed by a committee. (We also have our own summarised installation and setup documentation, so if you want any tips, just ask) :( That's not exactly encouraging. Thanks, -chris On 16.03.2021 21:18, Christopher Schultz wrote: Robert, On 3/16/21 14:33, Robert Turner wrote: Chris, I'm not sure if it will do what you want, but when sourcing Java-based SAML libraries for our use as an SP, I too found that most of the libraries were much larger and more complicated that I thought necessary. We went with the (limited but simple to use) OneLogin libraries for our use case. It doesn't do everything by any means, but was considerably smaller and simpler than most packages out there. I did see the OneLogin library. You mean this one, right? https://github.com/onelogin/java-saml Is there anything tied to any particular service for that? Or do they simply give-away their library for use anywhere? Thanks, -chris On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < ch...@christopherschultz.net> wrote: All, I've got a system which is accepting one-legged, signed SAML responses from trusted third parties and going all the right things. It's working great. It's time to look at doing the opposite: assembling our own SAML responses, signing them, and sending them to another party. I'm sure I could manually create a DOM document with all the right namespaces, add the various values that I need, and then use XML DSIG using the bits and pieces that are provided by Java directly, but there's got to be a nice compact library that doesn't require me to download the entire internet in order to use in my product. Any recommendations? Thanks, -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
Hi, On Wed, Mar 17, 2021, 19:34 Eric Robinson wrote: > Getting error: > > java.net.BindException: Address already in use (Bind failed) :3787 > Please paste more lines of the exception. Also please tell us which version of JDK/JRE you use. This exception is very cryptic and does not usually tell which address is in use. I.e. 3787 is not the port, as you might think. Most probably it is a line in some class. > I know how to fix the infamous "Address already in use (Bind failed)" > problem when there is another process already listening on a port. However, > I have confirmed with netstat and fuser that there is no other process > listening on that port. Could the problem be that the host address is null > for some reason? I don't recall seeing that before, and Google diving came > up dry. > > -Eric > > > > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended recipients. If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the > author and might not represent those of Physician Select Management. > Warning: Although Physician Select Management has taken reasonable > precautions to ensure no viruses are present in this email, the company > cannot accept responsibility for any loss or damage arising from the use of > this email or attachments. >
Wait... NULL address in java.net.BindException: Address already in use (Bind failed) ???
Getting error: java.net.BindException: Address already in use (Bind failed) :3787 I know how to fix the infamous "Address already in use (Bind failed)" problem when there is another process already listening on a port. However, I have confirmed with netstat and fuser that there is no other process listening on that port. Could the problem be that the host address is null for some reason? I don't recall seeing that before, and Google diving came up dry. -Eric Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
Re: [OT] Working with SAML
Luis, On 3/17/21 09:39, Luis Rodríguez Fernández wrote: Hello Chris, - Manually create DOM: agree with you, I would not go in that direction. I did it years ago when I developed a logout servlet for weblogic. You can have a look at the code here [1] and feel my pain :) - Library: I remember testing opensaml [2], it was the most popular at that time but it is not supported anymore :( I am not sure what's your scenario, perhaps it is very specific and you do not have any other choice than get your hands dirty and implement something on your own. However if what you have in mind fits in this diagram [3] and you are running in tomcat :) I would use keycloak [4], for us is working great. In the diagram, I want to perform step #5 and then have the UA perform step 6 (well, I'll arrange for the UA to redirect, of course). I'm not performing the authentication; I'm performing the signing and another system is doing the authentication. I've already implemented my own SP receiver for step #6, manually. Key-selection sucks BTW when the SAML response doesn't contain any KeyInfo. Thanks, -chris [1] https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo [2] https://stackoverflow.com/a/9080912/637409 [3] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline [4] https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter El mar, 16 mar 2021 a las 23:22, André Warnier (tomcat/perl) () escribió: Alternatively, see this : https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo On 16.03.2021 21:18, Christopher Schultz wrote: Robert, On 3/16/21 14:33, Robert Turner wrote: Chris, I'm not sure if it will do what you want, but when sourcing Java-based SAML libraries for our use as an SP, I too found that most of the libraries were much larger and more complicated that I thought necessary. We went with the (limited but simple to use) OneLogin libraries for our use case. It doesn't do everything by any means, but was considerably smaller and simpler than most packages out there. I did see the OneLogin library. You mean this one, right? https://github.com/onelogin/java-saml Is there anything tied to any particular service for that? Or do they simply give-away their library for use anywhere? Thanks, -chris On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < ch...@christopherschultz.net> wrote: All, I've got a system which is accepting one-legged, signed SAML responses from trusted third parties and going all the right things. It's working great. It's time to look at doing the opposite: assembling our own SAML responses, signing them, and sending them to another party. I'm sure I could manually create a DOM document with all the right namespaces, add the various values that I need, and then use XML DSIG using the bits and pieces that are provided by Java directly, but there's got to be a nice compact library that doesn't require me to download the entire internet in order to use in my product. Any recommendations? Thanks, -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Working with SAML
André, On 3/16/21 18:21, André Warnier (tomcat/perl) wrote: Alternatively, see this : https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo Thanks for mentioning this. I looked at Shibboleth. Their web site says "version 3 is deprecated" and "version 4 is undocumented". :( That's not exactly encouraging. Thanks, -chris On 16.03.2021 21:18, Christopher Schultz wrote: Robert, On 3/16/21 14:33, Robert Turner wrote: Chris, I'm not sure if it will do what you want, but when sourcing Java-based SAML libraries for our use as an SP, I too found that most of the libraries were much larger and more complicated that I thought necessary. We went with the (limited but simple to use) OneLogin libraries for our use case. It doesn't do everything by any means, but was considerably smaller and simpler than most packages out there. I did see the OneLogin library. You mean this one, right? https://github.com/onelogin/java-saml Is there anything tied to any particular service for that? Or do they simply give-away their library for use anywhere? Thanks, -chris On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < ch...@christopherschultz.net> wrote: All, I've got a system which is accepting one-legged, signed SAML responses from trusted third parties and going all the right things. It's working great. It's time to look at doing the opposite: assembling our own SAML responses, signing them, and sending them to another party. I'm sure I could manually create a DOM document with all the right namespaces, add the various values that I need, and then use XML DSIG using the bits and pieces that are provided by Java directly, but there's got to be a nice compact library that doesn't require me to download the entire internet in order to use in my product. Any recommendations? Thanks, -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Working with SAML
Hello Chris, - Manually create DOM: agree with you, I would not go in that direction. I did it years ago when I developed a logout servlet for weblogic. You can have a look at the code here [1] and feel my pain :) - Library: I remember testing opensaml [2], it was the most popular at that time but it is not supported anymore :( I am not sure what's your scenario, perhaps it is very specific and you do not have any other choice than get your hands dirty and implement something on your own. However if what you have in mind fits in this diagram [3] and you are running in tomcat :) I would use keycloak [4], for us is working great. Hope it helps, Luis [1] https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo [2] https://stackoverflow.com/a/9080912/637409 [3] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline [4] https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter El mar, 16 mar 2021 a las 23:22, André Warnier (tomcat/perl) () escribió: > Alternatively, see this : > https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo > > On 16.03.2021 21:18, Christopher Schultz wrote: > > Robert, > > > > On 3/16/21 14:33, Robert Turner wrote: > >> Chris, > >> > >> I'm not sure if it will do what you want, but when sourcing Java-based > SAML > >> libraries for our use as an SP, I too found that most of the libraries > were > >> much larger and more complicated that I thought necessary. We went with > the > >> (limited but simple to use) OneLogin libraries for our use case. It > doesn't > >> do everything by any means, but was considerably smaller and simpler > than > >> most packages out there. > > > > I did see the OneLogin library. You mean this one, right? > > https://github.com/onelogin/java-saml > > > > Is there anything tied to any particular service for that? Or do they > simply give-away > > their library for use anywhere? > > > > Thanks, > > -chris > > > >> On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > >>> All, > >>> > >>> I've got a system which is accepting one-legged, signed SAML responses > >>> from trusted third parties and going all the right things. It's working > >>> great. > >>> > >>> It's time to look at doing the opposite: assembling our own SAML > >>> responses, signing them, and sending them to another party. > >>> > >>> I'm sure I could manually create a DOM document with all the right > >>> namespaces, add the various values that I need, and then use XML DSIG > >>> using the bits and pieces that are provided by Java directly, but > >>> there's got to be a nice compact library that doesn't require me to > >>> download the entire internet in order to use in my product. > >>> > >>> Any recommendations? > >>> > >>> Thanks, > >>> -chris > >>> > >>> - > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett