Oh, sorry for that. good night.
On Mon, Aug 13, 2012 at 11:18 AM, Glen Mazza <[email protected]> wrote: > The instructions below are the only thing I know--if you have specific > problems when trying to follow them, please just keep asking in this > mailing list. Start with Step #1, Step #2, then... Just saying "it won't > work" doesn't help, I need more info about where the exact problem for you > is occurring. > > But sorry, bedtime for me though... (I'm Washington DC-based.) > > Glen > > > On 08/12/2012 11:07 PM, 杨华杰 wrote: > >> Hi Glen >> >> I am beginner in this SAML settup, probabily also impatient. But I already >> tried to follow your document three times and I still didn't make it work. >> Could you help me of this? >> >> Regards, >> Hua JIe >> >> On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]> wrote: >> >> On 08/12/2012 09:42 PM, 杨华杰 wrote: >>> >>> Hi Glen >>>> >>>> Thanks for your patient. It's very details. But currently I don't know >>>> which step is wrong. >>>> >>>> The step where you're not using a different Tomcat instance to host the >>> IDP compared to the one hosting the RP applications, as given in the >>> directions. Also, that you're not going sequentially as I recommended >>> below, and testing at each point before proceeding on to the next step. >>> Doing it all at once and saying "it doesn't work" doesn't help you when >>> you need to retrace back to try to figure out what is going wrong. (Why >>> deploy the RP apps if you haven't first checked the IDP STS works, for >>> example.) >>> >>> >>> I can access the web service through http and https. >>> >>>> That's why I want to ask a working tomcat, at least I can make it >>>> works. I >>>> also think one tomcat setup is also much easier for beginners. >>>> >>>> Well, maybe someone else can provide you a single Tomcat setup. Sorry, >>> I >>> see a single Tomcat setup as easier only for those beginners who don't >>> care >>> to learn anything (necessary keystore/truststore relationships between >>> apps >>> and between servlet containers, required setup of relying party Tomcat >>> instance, Tomcat IDP instance), and doing more harm than good in >>> learning a >>> distributed deployment and understanding the deployment requirements for >>> each portion. >>> >>> >>> >>> >>> I have one question here, is the https mandatory, I don't need security >>>> like that. >>>> >>>> Yes, so the usernames and passwords sent are secure, possibly other >>> reasons as well. Even with HTTP alone, you will still need message-layer >>> encryption for the SAML tokens being sent, requiring application >>> keystores >>> at least. >>> >>> >>> >>> I just want to make it work first. >>> Well, if you would just follow the instructions given below and on the >>> website, you'll get it to "work first" pretty rapidly (and learn a lot in >>> the process.) >>> >>> Regards, >>> Glen >>> >>> >>> Thank you again for your >>> >>>> time, really appreciate. >>>> >>>> >>>> Regards, >>>> Hua Jie >>>> >>>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]> wrote: >>>> >>>> Hi Hua Jie, >>>> >>>>> I don't have a one-Tomcat solution, I'm not sure how useful such a >>>>> setup >>>>> would be. Our Fediz samples use a two-Tomcat setup (three for the more >>>>> advanced wsClientWebapp sample) in order to try to mimic an actual >>>>> production environment. I'd recommend following the documentation >>>>> closely, >>>>> using the two or three Tomcat setup as it suggests, and make sure it >>>>> works, >>>>> then look at reducing the number of Tomcats if you wish. >>>>> >>>>> Sending you a working Tomcat is not going to help you, a web page that >>>>> just says "Hello World!" is useless. Rather, it's working through the >>>>> sample and getting it to work on your machine that is the important >>>>> point. >>>>> >>>>> I've requested Fediz 1.0.1--which has much better READMEs and clearer >>>>> keystore configuration rules--to be released. In the meantime, I'd >>>>> recommend: >>>>> >>>>> 1.) Downloading and building (mvn clean install) the trunk branch of >>>>> Fediz >>>>> instead of using the Fediz 1.0 distribution: >>>>> http://cxf.apache.org/fediz.* >>>>> *html#Fediz-Building <http://cxf.apache.org/fediz.*** >>>>> *html#Fediz-Building<http://cxf.apache.org/fediz.**html#Fediz-Building> >>>>> <http://**cxf.apache.org/fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building> >>>>> > >>>>> >>>>> . >>>>>> >>>>> Follow the READMEs in the trunk versions instead. >>>>> >>>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using >>>>> these >>>>> instructions: >>>>> http://cxf.apache.org/fediz-******idp.html<http://cxf.apache.org/fediz-****idp.html> >>>>> <http://cxf.apache.**org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html> >>>>> > >>>>> <http://cxf.apache.**org/**fediz-idp.html<http://cxf.** >>>>> apache.org/fediz-idp.html <http://cxf.apache.org/fediz-idp.html>> >>>>> >>>>> . >>>>>> >>>>> Don't do anything else until you can view the STS WSDL at >>>>> http://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl> >>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl> >>>>> > >>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht** >>>>> tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl> >>>>> >>**as >>>>> >>>>> stated on that page. If you can't view the WSDL, nothing else will >>>>> work. >>>>> >>>>> >>>>> 3.) Next, configure Tomcat #2 as the Relying Party instance: >>>>> http://cxf.apache.org/fediz-******tomcat.html<http://cxf.apache.org/fediz-****tomcat.html> >>>>> <http://cxf.**apache.org/fediz-**tomcat.html<http://cxf.apache.org/fediz-**tomcat.html> >>>>> **> >>>>> <http://cxf.apache.**org/**fediz-tomcat.html<http://cxf.** >>>>> apache.org/fediz-tomcat.html <http://cxf.apache.org/fediz-tomcat.html> >>>>> > >>>>> >>>>> . >>>>>> >>>>> For running the samples, all you need to do are the Installation and >>>>> HTTPS >>>>> Configuration parts at the top. >>>>> >>>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure the >>>>> sample works--follow that sample's README. >>>>> >>>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a third >>>>> Tomcat instance to run the web service provider--follow the >>>>> wsclientWebapp >>>>> sample README for full instructions. >>>>> >>>>> If you can get to step #5, you're in good shape with Fediz (just make >>>>> sure >>>>> for production you use your own keystores and not the sample ones >>>>> provided.) >>>>> >>>>> Regards, >>>>> Glen >>>>> >>>>> >>>>> >>>>> >>>>> On 08/12/2012 03:40 AM, 杨华杰 wrote: >>>>> >>>>> Hi >>>>> >>>>>> Anyone have a idea about this >>>>>> >>>>>> Regards, >>>>>> Hua JIe >>>>>> >>>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote: >>>>>> >>>>>> Hi >>>>>> >>>>>> I followed the readme to configure the example.(but I configure the >>>>>>> example and the IDP in the same tomcat) >>>>>>> >>>>>>> I am able to view the web service. >>>>>>> >>>>>>> But when I access the link >>>>>>> https://localhost:8443/******fedizhelloworld/secure/******fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet> >>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet> >>>>>>> > >>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet< >>>>>>> https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet> >>>>>>> > >>>>>>> >>>>>>> >>>>>>> I always get this error >>>>>>> >>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>> java.lang.NullPointerException >>>>>>> at >>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator.** >>>>>>> forwardToLoginPage(******FormAuthenticator.java:322) >>>>>>> at >>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator.**** >>>>>>> authenticate(* >>>>>>> *FormAuthenticator.java:245) >>>>>>> at >>>>>>> org.apache.catalina.******authenticator.****** >>>>>>> AuthenticatorBase.invoke(** >>>>>>> AuthenticatorBase.java:528) >>>>>>> at >>>>>>> org.apache.cxf.fediz.tomcat.******FederationAuthenticator.****** >>>>>>> invoke(** >>>>>>> FederationAuthenticator.java:******180) >>>>>>> at >>>>>>> org.apache.catalina.core.******StandardHostValve.invoke(** >>>>>>> StandardHostValve.java:127) >>>>>>> at >>>>>>> org.apache.catalina.valves.******ErrorReportValve.invoke(** >>>>>>> ErrorReportValve.java:102) >>>>>>> at >>>>>>> org.apache.catalina.core.******StandardEngineValve.invoke(** >>>>>>> StandardEngineValve.java:109) >>>>>>> at >>>>>>> org.apache.catalina.connector.******CoyoteAdapter.service(** >>>>>>> CoyoteAdapter.java:291) >>>>>>> at >>>>>>> org.apache.coyote.http11.******Http11Processor.process(** >>>>>>> Http11Processor.java:859) >>>>>>> at >>>>>>> org.apache.coyote.http11.******Http11Protocol$**** >>>>>>> Http11ConnectionHandler.** >>>>>>> process(Http11Protocol.java:******602) >>>>>>> at org.apache.tomcat.util.net.******JIoEndpoint$Worker.run(** >>>>>>> JIoEndpoint.java:489) >>>>>>> at java.lang.Thread.run(Thread.******java:662) >>>>>>> >>>>>>> >>>>>>> Aug 6, 2012 10:01:37 PM >>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator >>>>>>> >>>>>>> >>>>>>> forwardToLoginPage >>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>> >>>>>>> >>>>>>> >>>>>>> Can someone send me a working tomcat and send it to me? It will be >>>>>>> much >>>>>>> easier to explore the example. >>>>>>> >>>>>>> This is the first time to post questions on the mail list. Yesterday >>>>>>> I >>>>>>> file a bug to the jira >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Prince >>>>>>> >>>>>>> >>>>>>> >>>>>>> >
