Hi Glen
Thanks for your patient. It's very details. But currently I don't know
which step is wrong.
The step where you're not using a different Tomcat instance to host
the
IDP compared to the one hosting the RP applications, as given in the
directions. Also, that you're not going sequentially as I recommended
below, and testing at each point before proceeding on to the next step.
Doing it all at once and saying "it doesn't work" doesn't help you
when
you need to retrace back to try to figure out what is going wrong.
(Why
deploy the RP apps if you haven't first checked the IDP STS works, for
example.)
I can access the web service through http and https.
That's why I want to ask a working tomcat, at least I can make it
works. I
also think one tomcat setup is also much easier for beginners.
Well, maybe someone else can provide you a single Tomcat setup.
Sorry, I
see a single Tomcat setup as easier only for those beginners who don't
care
to learn anything (necessary keystore/truststore relationships between
apps
and between servlet containers, required setup of relying party Tomcat
instance, Tomcat IDP instance), and doing more harm than good in
learning a
distributed deployment and understanding the deployment requirements
for
each portion.
I have one question here, is the https mandatory, I don't need
security
like that.
Yes, so the usernames and passwords sent are secure, possibly other
reasons as well. Even with HTTP alone, you will still need
message-layer
encryption for the SAML tokens being sent, requiring application
keystores
at least.
I just want to make it work first.
Well, if you would just follow the instructions given below and on the
website, you'll get it to "work first" pretty rapidly (and learn a lot
in
the process.)
Regards,
Glen
Thank you again for your
time, really appreciate.
Regards,
Hua Jie
On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]>
wrote:
Hi Hua Jie,
I don't have a one-Tomcat solution, I'm not sure how useful such a
setup
would be. Our Fediz samples use a two-Tomcat setup (three for the
more
advanced wsClientWebapp sample) in order to try to mimic an actual
production environment. I'd recommend following the documentation
closely,
using the two or three Tomcat setup as it suggests, and make sure it
works,
then look at reducing the number of Tomcats if you wish.
Sending you a working Tomcat is not going to help you, a web page
that
just says "Hello World!" is useless. Rather, it's working through
the
sample and getting it to work on your machine that is the important
point.
I've requested Fediz 1.0.1--which has much better READMEs and clearer
keystore configuration rules--to be released. In the meantime, I'd
recommend:
1.) Downloading and building (mvn clean install) the trunk branch of
Fediz
instead of using the Fediz 1.0 distribution:
http://cxf.apache.org/fediz.*
*html#Fediz-Building <http://cxf.apache.org/fediz.***
*html#Fediz-Building<http://cxf.apache.org/fediz.**html#Fediz-Building>
<http://**cxf.apache.org/fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building>
.
Follow the READMEs in the trunk versions instead.
2.) First get the IDP / IDP STS instance working on Tomcat #1 using
these
instructions:
http://cxf.apache.org/fediz-******idp.html<http://cxf.apache.org/fediz-****idp.html>
<http://cxf.apache.**org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html>
<http://cxf.apache.**org/**fediz-idp.html<http://cxf.**
apache.org/fediz-idp.html <http://cxf.apache.org/fediz-idp.html>>
.
Don't do anything else until you can view the STS WSDL at
http://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl>
<ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl>
<ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht**
tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl>
**as
stated on that page. If you can't view the WSDL, nothing else will
work.
3.) Next, configure Tomcat #2 as the Relying Party instance:
http://cxf.apache.org/fediz-******tomcat.html<http://cxf.apache.org/fediz-****tomcat.html>
<http://cxf.**apache.org/fediz-**tomcat.html<http://cxf.apache.org/fediz-**tomcat.html>
**>
<http://cxf.apache.**org/**fediz-tomcat.html<http://cxf.**
apache.org/fediz-tomcat.html<http://cxf.apache.org/fediz-tomcat.html>
.
For running the samples, all you need to do are the Installation
and
HTTPS
Configuration parts at the top.
4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure
the
sample works--follow that sample's README.
5.) Next, run the wsclientWebapp sample--you'll need to create a
third
Tomcat instance to run the web service provider--follow the
wsclientWebapp
sample README for full instructions.
If you can get to step #5, you're in good shape with Fediz (just make
sure
for production you use your own keystores and not the sample ones
provided.)
Regards,
Glen
On 08/12/2012 03:40 AM, 杨华杰 wrote:
Hi
Anyone have a idea about this
Regards,
Hua JIe
On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote:
Hi
I followed the readme to configure the example.(but I configure the
example and the IDP in the same tomcat)
I am able to view the web service.
But when I access the link
https://localhost:8443/******fedizhelloworld/secure/******
fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet>
<https://localhost:**8443/**fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet>
<https://localhost:**8443/**fedizhelloworld/secure/****fedservlet<
https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet>
I always get this error
WARNING: Unexpected error forwarding to login page
java.lang.NullPointerException
at
org.apache.catalina.******authenticator.******FormAuthenticator.**
forwardToLoginPage(******FormAuthenticator.java:322)
at
org.apache.catalina.******authenticator.******
FormAuthenticator.****
authenticate(*
*FormAuthenticator.java:245)
at
org.apache.catalina.******authenticator.******
AuthenticatorBase.invoke(**
AuthenticatorBase.java:528)
at
org.apache.cxf.fediz.tomcat.******FederationAuthenticator.******
invoke(**
FederationAuthenticator.java:******180)
at
org.apache.catalina.core.******StandardHostValve.invoke(**
StandardHostValve.java:127)
at
org.apache.catalina.valves.******ErrorReportValve.invoke(**
ErrorReportValve.java:102)
at
org.apache.catalina.core.******StandardEngineValve.invoke(**
StandardEngineValve.java:109)
at
org.apache.catalina.connector.******CoyoteAdapter.service(**
CoyoteAdapter.java:291)
at
org.apache.coyote.http11.******Http11Processor.process(**
Http11Processor.java:859)
at
org.apache.coyote.http11.******Http11Protocol$****
Http11ConnectionHandler.**
process(Http11Protocol.java:******602)
at org.apache.tomcat.util.net.******JIoEndpoint$Worker.run(**
JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.******java:662)
Aug 6, 2012 10:01:37 PM
org.apache.catalina.******authenticator.******FormAuthenticator
forwardToLoginPage
WARNING: Unexpected error forwarding to login page
Can someone send me a working tomcat and send it to me? It will be
much
easier to explore the example.
This is the first time to post questions on the mail list.
Yesterday I
file a bug to the jira
Regards,
Prince
