Hi Glen Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I will learn more from the example if it is working.
I do see the wsdl from http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl I don't know which step I did wrong. The only tip I have is the error message from the page and log. Regards, Hua JIe On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <[email protected]> wrote: > Hi Glen > > I am beginner in this SAML settup, probabily also impatient. But I already > tried to follow your document three times and I still didn't make it work. > Could you help me of this? > > Regards, > Hua JIe > > On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]> wrote: > >> On 08/12/2012 09:42 PM, 杨华杰 wrote: >> >>> Hi Glen >>> >>> Thanks for your patient. It's very details. But currently I don't know >>> which step is wrong. >>> >> >> The step where you're not using a different Tomcat instance to host the >> IDP compared to the one hosting the RP applications, as given in the >> directions. Also, that you're not going sequentially as I recommended >> below, and testing at each point before proceeding on to the next step. >> Doing it all at once and saying "it doesn't work" doesn't help you when >> you need to retrace back to try to figure out what is going wrong. (Why >> deploy the RP apps if you haven't first checked the IDP STS works, for >> example.) >> >> >> I can access the web service through http and https. >>> That's why I want to ask a working tomcat, at least I can make it >>> works. I >>> also think one tomcat setup is also much easier for beginners. >>> >> >> Well, maybe someone else can provide you a single Tomcat setup. Sorry, I >> see a single Tomcat setup as easier only for those beginners who don't care >> to learn anything (necessary keystore/truststore relationships between apps >> and between servlet containers, required setup of relying party Tomcat >> instance, Tomcat IDP instance), and doing more harm than good in learning a >> distributed deployment and understanding the deployment requirements for >> each portion. >> >> >> >> >>> >>> I have one question here, is the https mandatory, I don't need security >>> like that. >>> >> >> Yes, so the usernames and passwords sent are secure, possibly other >> reasons as well. Even with HTTP alone, you will still need message-layer >> encryption for the SAML tokens being sent, requiring application keystores >> at least. >> >> >> >> I just want to make it work first. >>> >> >> Well, if you would just follow the instructions given below and on the >> website, you'll get it to "work first" pretty rapidly (and learn a lot in >> the process.) >> >> Regards, >> Glen >> >> >> Thank you again for your >>> time, really appreciate. >>> >>> >>> Regards, >>> Hua Jie >>> >>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]> wrote: >>> >>> Hi Hua Jie, >>>> >>>> I don't have a one-Tomcat solution, I'm not sure how useful such a setup >>>> would be. Our Fediz samples use a two-Tomcat setup (three for the more >>>> advanced wsClientWebapp sample) in order to try to mimic an actual >>>> production environment. I'd recommend following the documentation >>>> closely, >>>> using the two or three Tomcat setup as it suggests, and make sure it >>>> works, >>>> then look at reducing the number of Tomcats if you wish. >>>> >>>> Sending you a working Tomcat is not going to help you, a web page that >>>> just says "Hello World!" is useless. Rather, it's working through the >>>> sample and getting it to work on your machine that is the important >>>> point. >>>> >>>> I've requested Fediz 1.0.1--which has much better READMEs and clearer >>>> keystore configuration rules--to be released. In the meantime, I'd >>>> recommend: >>>> >>>> 1.) Downloading and building (mvn clean install) the trunk branch of >>>> Fediz >>>> instead of using the Fediz 1.0 distribution: >>>> http://cxf.apache.org/fediz.* >>>> *html#Fediz-Building >>>> <http://cxf.apache.org/fediz.**html#Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building> >>>> >. >>>> >>>> Follow the READMEs in the trunk versions instead. >>>> >>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using >>>> these >>>> instructions: >>>> http://cxf.apache.org/fediz-****idp.html<http://cxf.apache.org/fediz-**idp.html> >>>> <http://cxf.apache.**org/fediz-idp.html<http://cxf.apache.org/fediz-idp.html> >>>> >. >>>> >>>> Don't do anything else until you can view the STS WSDL at >>>> http://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl> >>>> <ht**tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl>>as >>>> stated on that page. If you can't view the WSDL, nothing else will work. >>>> >>>> >>>> 3.) Next, configure Tomcat #2 as the Relying Party instance: >>>> http://cxf.apache.org/fediz-****tomcat.html<http://cxf.apache.org/fediz-**tomcat.html> >>>> <http://cxf.apache.**org/fediz-tomcat.html<http://cxf.apache.org/fediz-tomcat.html> >>>> >. >>>> >>>> For running the samples, all you need to do are the Installation and >>>> HTTPS >>>> Configuration parts at the top. >>>> >>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure the >>>> sample works--follow that sample's README. >>>> >>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a third >>>> Tomcat instance to run the web service provider--follow the >>>> wsclientWebapp >>>> sample README for full instructions. >>>> >>>> If you can get to step #5, you're in good shape with Fediz (just make >>>> sure >>>> for production you use your own keystores and not the sample ones >>>> provided.) >>>> >>>> Regards, >>>> Glen >>>> >>>> >>>> >>>> >>>> On 08/12/2012 03:40 AM, 杨华杰 wrote: >>>> >>>> Hi >>>>> >>>>> Anyone have a idea about this >>>>> >>>>> Regards, >>>>> Hua JIe >>>>> >>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote: >>>>> >>>>> Hi >>>>> >>>>>> >>>>>> I followed the readme to configure the example.(but I configure the >>>>>> example and the IDP in the same tomcat) >>>>>> >>>>>> I am able to view the web service. >>>>>> >>>>>> But when I access the link >>>>>> https://localhost:8443/****fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet> >>>>>> <https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet> >>>>>> > >>>>>> >>>>>> >>>>>> I always get this error >>>>>> >>>>>> WARNING: Unexpected error forwarding to login page >>>>>> java.lang.NullPointerException >>>>>> at >>>>>> org.apache.catalina.****authenticator.****FormAuthenticator.** >>>>>> forwardToLoginPage(****FormAuthenticator.java:322) >>>>>> at >>>>>> org.apache.catalina.****authenticator.****FormAuthenticator.**** >>>>>> authenticate(* >>>>>> *FormAuthenticator.java:245) >>>>>> at >>>>>> org.apache.catalina.****authenticator.****AuthenticatorBase.invoke(** >>>>>> AuthenticatorBase.java:528) >>>>>> at >>>>>> org.apache.cxf.fediz.tomcat.****FederationAuthenticator.****invoke(** >>>>>> FederationAuthenticator.java:****180) >>>>>> at >>>>>> org.apache.catalina.core.****StandardHostValve.invoke(** >>>>>> StandardHostValve.java:127) >>>>>> at >>>>>> org.apache.catalina.valves.****ErrorReportValve.invoke(** >>>>>> ErrorReportValve.java:102) >>>>>> at >>>>>> org.apache.catalina.core.****StandardEngineValve.invoke(** >>>>>> StandardEngineValve.java:109) >>>>>> at >>>>>> org.apache.catalina.connector.****CoyoteAdapter.service(** >>>>>> CoyoteAdapter.java:291) >>>>>> at >>>>>> org.apache.coyote.http11.****Http11Processor.process(** >>>>>> Http11Processor.java:859) >>>>>> at >>>>>> org.apache.coyote.http11.****Http11Protocol$**** >>>>>> Http11ConnectionHandler.** >>>>>> process(Http11Protocol.java:****602) >>>>>> at org.apache.tomcat.util.net.****JIoEndpoint$Worker.run(** >>>>>> JIoEndpoint.java:489) >>>>>> at java.lang.Thread.run(Thread.****java:662) >>>>>> >>>>>> Aug 6, 2012 10:01:37 PM >>>>>> org.apache.catalina.****authenticator.****FormAuthenticator >>>>>> >>>>>> forwardToLoginPage >>>>>> WARNING: Unexpected error forwarding to login page >>>>>> >>>>>> >>>>>> >>>>>> Can someone send me a working tomcat and send it to me? It will be >>>>>> much >>>>>> easier to explore the example. >>>>>> >>>>>> This is the first time to post questions on the mail list. Yesterday I >>>>>> file a bug to the jira >>>>>> >>>>>> >>>>>> >>>>>> Regards, >>>>>> Prince >>>>>> >>>>>> >>>>>> >> >
