Hi Glen Thanks for your follow up. I didn't do #1, I download the binary file directly.
I will download 1.0.1 and try again. By the way, did you try to make fediz working with sharepoint authentication? Sharepoint support claimed authentication, saml 1.x. I am appreciate if your time. Thank you again. Regards, Hua JIe On Tue, Aug 14, 2012 at 5:12 AM, Glen Mazza <[email protected]> wrote: > Hi Hua Jie, I think the samples hardcode specific port numbers (following > the instructions), assuming the two or three Tomcat instance setup, so if > you try to put all on one Tomcat alone, you might have to go through each > of the apps to make sure all the port numbers were updated. (Also, I > haven't tested yet, but the Fediz plugin that needs to be installed on > Tomcat-RP might conflict with the Fediz IDP & STS if you put them on the > same Tomcat instance.) > > I'm glad #2 works for you, but did you do #1 below? The keystores and > example READMEs, again, have been *radically* improved in the trunk > version. The sample keystores and trust relationships are not defined in > 1.0 as they are in 1.0.1 (http://svn.apache.org/viewvc/** > cxf/fediz/trunk/examples/**samplekeys/**HowToGenerateKeysREADME.html?** > view=co<http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co>) > <-- You see, much of the important information in the last two columns are > lost when you try a one-Tomcat solution. > > Regards, > Glen > > > > On 08/12/2012 11:19 PM, 杨华杰 wrote: > >> Hi Glen >> >> Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I will >> learn more from the example if it is working. >> >> >> I do see the wsdl from >> http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl> >> >> I don't know which step I did wrong. The only tip I have is the error >> message from the page and log. >> >> >> Regards, >> Hua JIe >> >> On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <[email protected]> wrote: >> >> Hi Glen >>> >>> I am beginner in this SAML settup, probabily also impatient. But I >>> already >>> tried to follow your document three times and I still didn't make it >>> work. >>> Could you help me of this? >>> >>> Regards, >>> Hua JIe >>> >>> On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]> wrote: >>> >>> On 08/12/2012 09:42 PM, 杨华杰 wrote: >>>> >>>> Hi Glen >>>>> >>>>> Thanks for your patient. It's very details. But currently I don't know >>>>> which step is wrong. >>>>> >>>>> The step where you're not using a different Tomcat instance to host >>>> the >>>> IDP compared to the one hosting the RP applications, as given in the >>>> directions. Also, that you're not going sequentially as I recommended >>>> below, and testing at each point before proceeding on to the next step. >>>> Doing it all at once and saying "it doesn't work" doesn't help you >>>> when >>>> you need to retrace back to try to figure out what is going wrong. (Why >>>> deploy the RP apps if you haven't first checked the IDP STS works, for >>>> example.) >>>> >>>> >>>> I can access the web service through http and https. >>>> >>>>> That's why I want to ask a working tomcat, at least I can make it >>>>> works. I >>>>> also think one tomcat setup is also much easier for beginners. >>>>> >>>>> Well, maybe someone else can provide you a single Tomcat setup. >>>> Sorry, I >>>> see a single Tomcat setup as easier only for those beginners who don't >>>> care >>>> to learn anything (necessary keystore/truststore relationships between >>>> apps >>>> and between servlet containers, required setup of relying party Tomcat >>>> instance, Tomcat IDP instance), and doing more harm than good in >>>> learning a >>>> distributed deployment and understanding the deployment requirements for >>>> each portion. >>>> >>>> >>>> >>>> >>>> I have one question here, is the https mandatory, I don't need security >>>>> like that. >>>>> >>>>> Yes, so the usernames and passwords sent are secure, possibly other >>>> reasons as well. Even with HTTP alone, you will still need >>>> message-layer >>>> encryption for the SAML tokens being sent, requiring application >>>> keystores >>>> at least. >>>> >>>> >>>> >>>> I just want to make it work first. >>>> Well, if you would just follow the instructions given below and on the >>>> website, you'll get it to "work first" pretty rapidly (and learn a lot >>>> in >>>> the process.) >>>> >>>> Regards, >>>> Glen >>>> >>>> >>>> Thank you again for your >>>> >>>>> time, really appreciate. >>>>> >>>>> >>>>> Regards, >>>>> Hua Jie >>>>> >>>>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]> >>>>> wrote: >>>>> >>>>> Hi Hua Jie, >>>>> >>>>>> I don't have a one-Tomcat solution, I'm not sure how useful such a >>>>>> setup >>>>>> would be. Our Fediz samples use a two-Tomcat setup (three for the >>>>>> more >>>>>> advanced wsClientWebapp sample) in order to try to mimic an actual >>>>>> production environment. I'd recommend following the documentation >>>>>> closely, >>>>>> using the two or three Tomcat setup as it suggests, and make sure it >>>>>> works, >>>>>> then look at reducing the number of Tomcats if you wish. >>>>>> >>>>>> Sending you a working Tomcat is not going to help you, a web page that >>>>>> just says "Hello World!" is useless. Rather, it's working through the >>>>>> sample and getting it to work on your machine that is the important >>>>>> point. >>>>>> >>>>>> I've requested Fediz 1.0.1--which has much better READMEs and clearer >>>>>> keystore configuration rules--to be released. In the meantime, I'd >>>>>> recommend: >>>>>> >>>>>> 1.) Downloading and building (mvn clean install) the trunk branch of >>>>>> Fediz >>>>>> instead of using the Fediz 1.0 distribution: >>>>>> http://cxf.apache.org/fediz.* >>>>>> *html#Fediz-Building <http://cxf.apache.org/fediz.*** >>>>>> *html#Fediz-Building<http://cxf.apache.org/fediz.**html#Fediz-Building> >>>>>> <http://**cxf.apache.org/fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building> >>>>>> > >>>>>> >>>>>> . >>>>>>> >>>>>> Follow the READMEs in the trunk versions instead. >>>>>> >>>>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using >>>>>> these >>>>>> instructions: >>>>>> http://cxf.apache.org/fediz-******idp.html<http://cxf.apache.org/fediz-****idp.html> >>>>>> <http://cxf.apache.**org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html> >>>>>> > >>>>>> <http://cxf.apache.**org/**fediz-idp.html<http://cxf.** >>>>>> apache.org/fediz-idp.html <http://cxf.apache.org/fediz-idp.html>> >>>>>> >>>>>> . >>>>>>> >>>>>> Don't do anything else until you can view the STS WSDL at >>>>>> http://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl> >>>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl> >>>>>> > >>>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht** >>>>>> tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl> >>>>>> >>**as >>>>>> >>>>>> stated on that page. If you can't view the WSDL, nothing else will >>>>>> work. >>>>>> >>>>>> >>>>>> 3.) Next, configure Tomcat #2 as the Relying Party instance: >>>>>> http://cxf.apache.org/fediz-******tomcat.html<http://cxf.apache.org/fediz-****tomcat.html> >>>>>> <http://cxf.**apache.org/fediz-**tomcat.html<http://cxf.apache.org/fediz-**tomcat.html> >>>>>> **> >>>>>> <http://cxf.apache.**org/**fediz-tomcat.html<http://cxf.** >>>>>> apache.org/fediz-tomcat.html<http://cxf.apache.org/fediz-tomcat.html> >>>>>> > >>>>>> >>>>>> . >>>>>>> >>>>>> For running the samples, all you need to do are the Installation >>>>>> and >>>>>> HTTPS >>>>>> Configuration parts at the top. >>>>>> >>>>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure >>>>>> the >>>>>> sample works--follow that sample's README. >>>>>> >>>>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a third >>>>>> Tomcat instance to run the web service provider--follow the >>>>>> wsclientWebapp >>>>>> sample README for full instructions. >>>>>> >>>>>> If you can get to step #5, you're in good shape with Fediz (just make >>>>>> sure >>>>>> for production you use your own keystores and not the sample ones >>>>>> provided.) >>>>>> >>>>>> Regards, >>>>>> Glen >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On 08/12/2012 03:40 AM, 杨华杰 wrote: >>>>>> >>>>>> Hi >>>>>> >>>>>>> Anyone have a idea about this >>>>>>> >>>>>>> Regards, >>>>>>> Hua JIe >>>>>>> >>>>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote: >>>>>>> >>>>>>> Hi >>>>>>> >>>>>>> I followed the readme to configure the example.(but I configure the >>>>>>>> example and the IDP in the same tomcat) >>>>>>>> >>>>>>>> I am able to view the web service. >>>>>>>> >>>>>>>> But when I access the link >>>>>>>> https://localhost:8443/******fedizhelloworld/secure/****** >>>>>>>> fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet> >>>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet> >>>>>>>> > >>>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet< >>>>>>>> https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet> >>>>>>>> > >>>>>>>> >>>>>>>> >>>>>>>> I always get this error >>>>>>>> >>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>> java.lang.NullPointerException >>>>>>>> at >>>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator.** >>>>>>>> forwardToLoginPage(******FormAuthenticator.java:322) >>>>>>>> at >>>>>>>> org.apache.catalina.******authenticator.****** >>>>>>>> FormAuthenticator.**** >>>>>>>> authenticate(* >>>>>>>> *FormAuthenticator.java:245) >>>>>>>> at >>>>>>>> org.apache.catalina.******authenticator.****** >>>>>>>> AuthenticatorBase.invoke(** >>>>>>>> AuthenticatorBase.java:528) >>>>>>>> at >>>>>>>> org.apache.cxf.fediz.tomcat.******FederationAuthenticator.****** >>>>>>>> invoke(** >>>>>>>> FederationAuthenticator.java:******180) >>>>>>>> at >>>>>>>> org.apache.catalina.core.******StandardHostValve.invoke(** >>>>>>>> StandardHostValve.java:127) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.******ErrorReportValve.invoke(** >>>>>>>> ErrorReportValve.java:102) >>>>>>>> at >>>>>>>> org.apache.catalina.core.******StandardEngineValve.invoke(** >>>>>>>> StandardEngineValve.java:109) >>>>>>>> at >>>>>>>> org.apache.catalina.connector.******CoyoteAdapter.service(** >>>>>>>> CoyoteAdapter.java:291) >>>>>>>> at >>>>>>>> org.apache.coyote.http11.******Http11Processor.process(** >>>>>>>> Http11Processor.java:859) >>>>>>>> at >>>>>>>> org.apache.coyote.http11.******Http11Protocol$**** >>>>>>>> Http11ConnectionHandler.** >>>>>>>> process(Http11Protocol.java:******602) >>>>>>>> at org.apache.tomcat.util.net.******JIoEndpoint$Worker.run(** >>>>>>>> JIoEndpoint.java:489) >>>>>>>> at java.lang.Thread.run(Thread.******java:662) >>>>>>>> >>>>>>>> >>>>>>>> Aug 6, 2012 10:01:37 PM >>>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator >>>>>>>> >>>>>>>> >>>>>>>> forwardToLoginPage >>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Can someone send me a working tomcat and send it to me? It will be >>>>>>>> much >>>>>>>> easier to explore the example. >>>>>>>> >>>>>>>> This is the first time to post questions on the mail list. >>>>>>>> Yesterday I >>>>>>>> file a bug to the jira >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> Prince >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >
