Hi Ben, There is one point missing in the document "STS_Setup_mannul.doc", really sorry for my colleague's carelessness.
It needs to patch the OpenSSO to retrieve SSOToken correctly on trader_client side. The patch is provided by Jiandong Guo and really address the problem. I attached the patch file with this mail. To use it, you need to: 1. extract the jar file using winrar 2. copy the RPSigninResponse.class file to the same folder of same path in openssoclientsdk,jar, and replace the original one (you can simply drag the file into the folder if using winrar) After patching the opensso, redeploy the applications again using ant task 'redeploy', then everything should be OK. HTH. --Ming Jin On Tue, Oct 6, 2009 at 5:07 AM, Ben Dewey <[email protected]> wrote: > Ming, > > > There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token > Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document > STS_Setup_manual.doc, where the Login URL should be like > http://openssohost:openssoport > /opensso/WSFederationServlet/metaAlias/Fedsp.* > > > What url do you use? > > My url for this step is: > http://sp.stonehenge.com:8090/opensso/WSFederationServlet/metaAlias/Fedsp > > > Can you verify the configurations of SP&IdP by opening > https://openssohost:openssoSecurityPort > /opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort > /opensso? > > What's the result? > > When going to > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://idp.stonehenge.com:8183/opensso > > I login using User0 and xxx and I get a message that says Logged In > > Just to recap, I'm able to login to the trader_client app, redirect to SP > and then to IDP, and when I get directed back to the trader_client I receive > an exception of: > > javax.servlet.ServletException: AmAgentFilter: An exception has occured > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid > session ID. > > Also, This is my fedsp.xml config file, is it right? > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <Federation FederationID="Fedsp" xmlns=" > http://schemas.xmlsoap.org/ws/2006/12/federation";> > <TokenIssuerName>Fedsp</TokenIssuerName> > <TokenIssuerEndpoint> > <ns1:Address xmlns:ns1="http://www.w3.org/2005/08/addressing";> > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp > </ns1:Address> > </TokenIssuerEndpoint> > <SingleSignOutNotificationEndpoint> > <ns2:Address xmlns:ns2="http://www.w3.org/2005/08/addressing";> > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp > </ns2:Address> > </SingleSignOutNotificationEndpoint> > </Federation> > > -Ben Dewey > > > -----Original Message----- > From: Ming Jin [mailto:[email protected]] > Sent: Wednesday, September 30, 2009 7:15 PM > To: [email protected] > Subject: Re: Metro CBS > > Hi Ben, > There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token > Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document > STS_Setup_manual.doc, where the Login URL should be like > http://openssohost:openssoport > /opensso/WSFederationServlet/metaAlias/Fedsp.* > > What url do you use? > > Can you verify the configurations of SP&IdP by opening > https://openssohost:openssoSecurityPort > /opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort > /opensso? > What's the result? > > BTW, you need to change the above URLs to the host and port you used. > > > On Wed, Sep 30, 2009 at 11:36 PM, Ben Dewey <[email protected]> wrote: > > > Here are the setting from my agent properties > > > > # > > # LOGIN URL > > # Specifies the login URLs to be used by the Agent to redirect > > # incoming users without sufficient credentials to the OpenSSO > > # authentication service. > > # Hot-Swap Enabled: Yes > > # > > com.sun.identity.agents.config.login.url[0] = > > http://sp.stonehenge.com:8090/opensso/UI/Login > > > > # > > # LOGOUT URL > > # Specifies the logout URLs to be used by the Agent to log out > > # the authenticated users from the OpenSSO authentication service. > > # Hot-Swap Enabled: Yes > > # > > com.sun.identity.agents.config.logout.url[0] = > > http://sp.stonehenge.com:8090/opensso/UI/Logout > > > > > > > > -----Original Message----- > > From: Ming Jin [mailto:[email protected]] > > Sent: Wednesday, September 30, 2009 6:24 PM > > To: [email protected] > > Subject: Re: Metro CBS > > > > Ben, > > What is the SSO login url in agent's configuration in OpenSSO? > > https://sp.stonehenge.com:8181/opensso/fedlet? > > > > > > > > On Wed, Sep 30, 2009 at 9:33 PM, Ben Dewey <[email protected]> wrote: > > > > > Ming, > > > > > > I have setup everything for the Passive STS based on the STS manual, > > > unfortunately I think I still missing something. > > > > > > 1. I access http://www.stonehenge.com:8092/trader_client > > > > > > 2. I get directed to https://sp.stonehenge.com:8181/opensso/fedlet > > > > > > 3. I get directed to https://idp.stonehenge.com:8183/opensso/fedlet > > > > > > 4. I get directed to https://idp.stonehenge.com:8183/opensso/UI/login > > > > > > 5. I login using User0 and xxx > > > > > > 6. I get directed back to the trader client page with an 'Invalid > session > > > ID' error below [1] > > > > > > Any idea what I'm missing? > > > > > > - Ben Dewey > > > > > > > > > [1]: HTTP Status 500 - > > > > > > type Exception report > > > > > > message > > > descriptionThe server encountered an internal error () that prevented > it > > > from fulfilling this request. > > > > > > exception > > > javax.servlet.ServletException: AmAgentFilter: An exception has occured > > > > > > root cause > > > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid > > > session ID. > > > > > > root cause > > > com.iplanet.sso.SSOException: Invalid session ID. > > > > > > > > > > > -- > > Ming Jin > > > > Consultant > > Thoughtworks, Inc > > Twitter: https://twitter.com/mingjin > > > > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc > Twitter: https://twitter.com/mingjin > -- Ming Jin Consultant Thoughtworks, Inc Twitter: https://twitter.com/mingjin
opensso_fix.jar
Description: application/java-archive
