Ming, The opensso_fix file you sent was in the path
com\sun\identity\wsfederation\servlet\ and the openssoclientsdk.jar file only has the following paths: com\sun\identity\wsfederation\common\ com\sun\identity\wsfederation\meta\ There is no to “replace with the original one”. Do I have the wrong openssoclientsdk? I’m using opensso_enterprise_80.zip. -Ben Dewey From: Ming Jin [mailto:[email protected]] Sent: Tuesday, October 06, 2009 5:20 PM To: [email protected] Subject: Re: Metro CBS Hi Ben, There is one point missing in the document "STS_Setup_mannul.doc", really sorry for my colleague's carelessness. It needs to patch the OpenSSO to retrieve SSOToken correctly on trader_client side. The patch is provided by Jiandong Guo and really address the problem. I attached the patch file with this mail. To use it, you need to: 1. extract the jar file using winrar 2. copy the RPSigninResponse.class file to the same folder of same path in openssoclientsdk,jar, and replace the original one (you can simply drag the file into the folder if using winrar) After patching the opensso, redeploy the applications again using ant task 'redeploy', then everything should be OK. HTH. --Ming Jin On Tue, Oct 6, 2009 at 5:07 AM, Ben Dewey <[email protected]<mailto:[email protected]>> wrote: Ming, > There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document STS_Setup_manual.doc, where the Login URL should be like http://openssohost:openssoport/opensso/WSFederationServlet/metaAlias/Fedsp.* > What url do you use? My url for this step is: http://sp.stonehenge.com:8090/opensso/WSFederationServlet/metaAlias/Fedsp > Can you verify the configurations of SP&IdP by opening https://openssohost:openssoSecurityPort/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort/opensso? > What's the result? When going to https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://idp.stonehenge.com:8183/opensso I login using User0 and xxx and I get a message that says Logged In Just to recap, I'm able to login to the trader_client app, redirect to SP and then to IDP, and when I get directed back to the trader_client I receive an exception of: javax.servlet.ServletException: AmAgentFilter: An exception has occured javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid session ID. Also, This is my fedsp.xml config file, is it right? <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Federation FederationID="Fedsp" xmlns="http://schemas.xmlsoap.org/ws/2006/12/federation";> <TokenIssuerName>Fedsp</TokenIssuerName> <TokenIssuerEndpoint> <ns1:Address xmlns:ns1="http://www.w3.org/2005/08/addressing";>https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp</ns1:Address> </TokenIssuerEndpoint> <SingleSignOutNotificationEndpoint> <ns2:Address xmlns:ns2="http://www.w3.org/2005/08/addressing";>https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp</ns2:Address> </SingleSignOutNotificationEndpoint> </Federation> -Ben Dewey -----Original Message----- From: Ming Jin [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, September 30, 2009 7:15 PM To: [email protected]<mailto:[email protected]> Subject: Re: Metro CBS Hi Ben, There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document STS_Setup_manual.doc, where the Login URL should be like http://openssohost:openssoport/opensso/WSFederationServlet/metaAlias/Fedsp.* What url do you use? Can you verify the configurations of SP&IdP by opening https://openssohost:openssoSecurityPort/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort/opensso? What's the result? BTW, you need to change the above URLs to the host and port you used. On Wed, Sep 30, 2009 at 11:36 PM, Ben Dewey <[email protected]<mailto:[email protected]>> wrote: > Here are the setting from my agent properties > > # > # LOGIN URL > # Specifies the login URLs to be used by the Agent to redirect > # incoming users without sufficient credentials to the OpenSSO > # authentication service. > # Hot-Swap Enabled: Yes > # > com.sun.identity.agents.config.login.url[0] = > http://sp.stonehenge.com:8090/opensso/UI/Login > > # > # LOGOUT URL > # Specifies the logout URLs to be used by the Agent to log out > # the authenticated users from the OpenSSO authentication service. > # Hot-Swap Enabled: Yes > # > com.sun.identity.agents.config.logout.url[0] = > http://sp.stonehenge.com:8090/opensso/UI/Logout > > > > -----Original Message----- > From: Ming Jin [mailto:[email protected]<mailto:[email protected]>] > Sent: Wednesday, September 30, 2009 6:24 PM > To: > [email protected]<mailto:[email protected]> > Subject: Re: Metro CBS > > Ben, > What is the SSO login url in agent's configuration in OpenSSO? > https://sp.stonehenge.com:8181/opensso/fedlet? > > > > On Wed, Sep 30, 2009 at 9:33 PM, Ben Dewey > <[email protected]<mailto:[email protected]>> wrote: > > > Ming, > > > > I have setup everything for the Passive STS based on the STS manual, > > unfortunately I think I still missing something. > > > > 1. I access http://www.stonehenge.com:8092/trader_client > > > > 2. I get directed to https://sp.stonehenge.com:8181/opensso/fedlet > > > > 3. I get directed to https://idp.stonehenge.com:8183/opensso/fedlet > > > > 4. I get directed to https://idp.stonehenge.com:8183/opensso/UI/login > > > > 5. I login using User0 and xxx > > > > 6. I get directed back to the trader client page with an 'Invalid session > > ID' error below [1] > > > > Any idea what I'm missing? > > > > - Ben Dewey > > > > > > [1]: HTTP Status 500 - > > > > type Exception report > > > > message > > descriptionThe server encountered an internal error () that prevented it > > from fulfilling this request. > > > > exception > > javax.servlet.ServletException: AmAgentFilter: An exception has occured > > > > root cause > > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid > > session ID. > > > > root cause > > com.iplanet.sso.SSOException: Invalid session ID. > > > > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc > Twitter: https://twitter.com/mingjin > -- Ming Jin Consultant Thoughtworks, Inc Twitter: https://twitter.com/mingjin -- Ming Jin Consultant Thoughtworks, Inc Twitter: https://twitter.com/mingjin
