Ming, I replaced that file and restarted domain1 and I'm still receiving the same 'Invalid session ID' message.
-Ben Dewey -----Original Message----- From: Ming Jin [mailto:[email protected]] Sent: Wednesday, October 07, 2009 2:55 AM To: [email protected] Subject: Re: Metro CBS Sorry, the jar file to replace the original file is the openfedlib.jar which you can find under ${glassfish_home}\domains\${sp_domain}\applications\j2ee-modules\opensso\WEB-INF\lib. For example, let's say you installed opensso as SP in domain1, then the address should be: ${glassfish_home}\domains\domain1\applications\j2ee-modules\opensso\WEB-INF\lib you need to restart the sp_domain to make it take effect. --Ming Jin On Wed, Oct 7, 2009 at 3:58 AM, Ben Dewey <[email protected]> wrote: > Sorry again, the appserver_v9_agent_3 file referenced in the README.txt is > actually 20090801 or Aug 01. This nightly build is no longer available at > [1]. I've actually been using a file I downloaded Sept 16, I'm not sure > which nightly that is and I've also checked the one I emailed 0908 (Sept 8). > > Neither of this builds have the path referenced in your email instructions. > Do you have a mirror of 0801 with that file or a fix for a build that is > later then Sept 01? > > [1] http://download.java.net/general/opensso/nightly/ > > -----Original Message----- > From: Ben Dewey [mailto:[email protected]] > Sent: Tuesday, October 06, 2009 10:49 PM > To: [email protected] > Subject: RE: Metro CBS > > Ming, > > Correction, For this dependency I'm using appserver_v9_agent_3 from the > following zip: > > > http://download.java.net/general/opensso/nightly/20090908.1/j2eeagents/appserver_v9_agent_3.zip > > -Ben Dewey > > -----Original Message----- > From: Ben Dewey [mailto:[email protected]] > Sent: Tuesday, October 06, 2009 10:42 PM > To: [email protected] > Subject: RE: Metro CBS > > Ming, > > The opensso_fix file you sent was in the path > > com\sun\identity\wsfederation\servlet\ > > and the openssoclientsdk.jar file only has the following paths: > > com\sun\identity\wsfederation\common\ > com\sun\identity\wsfederation\meta\ > > There is no to “replace with the original one”. Do I have the wrong > openssoclientsdk? I’m using opensso_enterprise_80.zip. > > -Ben Dewey > > > From: Ming Jin [mailto:[email protected]] > Sent: Tuesday, October 06, 2009 5:20 PM > To: [email protected] > Subject: Re: Metro CBS > > Hi Ben, > > There is one point missing in the document "STS_Setup_mannul.doc", really > sorry for my colleague's carelessness. > > It needs to patch the OpenSSO to retrieve SSOToken correctly on > trader_client side. The patch is provided by Jiandong Guo and really address > the problem. I attached the patch file with this mail. > > To use it, you need to: > 1. extract the jar file using winrar > 2. copy the RPSigninResponse.class file to the same folder of same path in > openssoclientsdk,jar, and replace the original one > (you can simply drag the file into the folder if using winrar) > > After patching the opensso, redeploy the applications again using ant task > 'redeploy', then everything should be OK. > > HTH. > > --Ming Jin > On Tue, Oct 6, 2009 at 5:07 AM, Ben Dewey <[email protected]<mailto: > [email protected]>> wrote: > Ming, > > > There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token > Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document > STS_Setup_manual.doc, where the Login URL should be like > http://openssohost:openssoport > /opensso/WSFederationServlet/metaAlias/Fedsp.* > > > What url do you use? > My url for this step is: > http://sp.stonehenge.com:8090/opensso/WSFederationServlet/metaAlias/Fedsp > > > Can you verify the configurations of SP&IdP by opening > https://openssohost:openssoSecurityPort > /opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort > /opensso? > > What's the result? > When going to > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://idp.stonehenge.com:8183/opensso > > I login using User0 and xxx and I get a message that says Logged In > > Just to recap, I'm able to login to the trader_client app, redirect to SP > and then to IDP, and when I get directed back to the trader_client I receive > an exception of: > > javax.servlet.ServletException: AmAgentFilter: An exception has occured > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid > session ID. > Also, This is my fedsp.xml config file, is it right? > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <Federation FederationID="Fedsp" xmlns=" > http://schemas.xmlsoap.org/ws/2006/12/federation";> > <TokenIssuerName>Fedsp</TokenIssuerName> > <TokenIssuerEndpoint> > <ns1:Address xmlns:ns1="http://www.w3.org/2005/08/addressing";> > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp > </ns1:Address> > </TokenIssuerEndpoint> > <SingleSignOutNotificationEndpoint> > <ns2:Address xmlns:ns2="http://www.w3.org/2005/08/addressing";> > https://sp.stonehenge.com:8181/opensso/WSFederationServlet/metaAlias/Fedsp > </ns2:Address> > </SingleSignOutNotificationEndpoint> > </Federation> > > -Ben Dewey > > > -----Original Message----- > From: Ming Jin [mailto:[email protected]<mailto:[email protected]>] > Sent: Wednesday, September 30, 2009 7:15 PM > To: [email protected]<mailto: > [email protected]> > Subject: Re: Metro CBS > > Hi Ben, > There is a step "Change ‘OpenSSO Login URL’ under Login URL to SP Token > Issuer Endpoint URL" in "*Setup Policy Agent in OpenSSO" in the document > STS_Setup_manual.doc, where the Login URL should be like > http://openssohost:openssoport > /opensso/WSFederationServlet/metaAlias/Fedsp.* > > What url do you use? > > Can you verify the configurations of SP&IdP by opening > https://openssohost:openssoSecurityPort > /opensso/WSFederationServlet/metaAlias/Fedsp?goto=https://openssohost:openssoSecurityPort > /opensso? > What's the result? > > BTW, you need to change the above URLs to the host and port you used. > > > On Wed, Sep 30, 2009 at 11:36 PM, Ben Dewey <[email protected]<mailto: > [email protected]>> wrote: > > > Here are the setting from my agent properties > > > > # > > # LOGIN URL > > # Specifies the login URLs to be used by the Agent to redirect > > # incoming users without sufficient credentials to the OpenSSO > > # authentication service. > > # Hot-Swap Enabled: Yes > > # > > com.sun.identity.agents.config.login.url[0] = > > http://sp.stonehenge.com:8090/opensso/UI/Login > > > > # > > # LOGOUT URL > > # Specifies the logout URLs to be used by the Agent to log out > > # the authenticated users from the OpenSSO authentication service. > > # Hot-Swap Enabled: Yes > > # > > com.sun.identity.agents.config.logout.url[0] = > > http://sp.stonehenge.com:8090/opensso/UI/Logout > > > > > > > > -----Original Message----- > > From: Ming Jin [mailto:[email protected]<mailto:[email protected]>] > > Sent: Wednesday, September 30, 2009 6:24 PM > > To: [email protected]<mailto: > [email protected]> > > Subject: Re: Metro CBS > > > > Ben, > > What is the SSO login url in agent's configuration in OpenSSO? > > https://sp.stonehenge.com:8181/opensso/fedlet? > > > > > > > > On Wed, Sep 30, 2009 at 9:33 PM, Ben Dewey <[email protected]<mailto: > [email protected]>> wrote: > > > > > Ming, > > > > > > I have setup everything for the Passive STS based on the STS manual, > > > unfortunately I think I still missing something. > > > > > > 1. I access http://www.stonehenge.com:8092/trader_client > > > > > > 2. I get directed to https://sp.stonehenge.com:8181/opensso/fedlet > > > > > > 3. I get directed to https://idp.stonehenge.com:8183/opensso/fedlet > > > > > > 4. I get directed to https://idp.stonehenge.com:8183/opensso/UI/login > > > > > > 5. I login using User0 and xxx > > > > > > 6. I get directed back to the trader client page with an 'Invalid > session > > > ID' error below [1] > > > > > > Any idea what I'm missing? > > > > > > - Ben Dewey > > > > > > > > > [1]: HTTP Status 500 - > > > > > > type Exception report > > > > > > message > > > descriptionThe server encountered an internal error () that prevented > it > > > from fulfilling this request. > > > > > > exception > > > javax.servlet.ServletException: AmAgentFilter: An exception has occured > > > > > > root cause > > > javax.servlet.ServletException: com.iplanet.sso.SSOException: Invalid > > > session ID. > > > > > > root cause > > > com.iplanet.sso.SSOException: Invalid session ID. > > > > > > > > > > > -- > > Ming Jin > > > > Consultant > > Thoughtworks, Inc > > Twitter: https://twitter.com/mingjin > > > > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc > Twitter: https://twitter.com/mingjin > > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc > Twitter: https://twitter.com/mingjin > -- Ming Jin Consultant Thoughtworks, Inc Twitter: https://twitter.com/mingjin
