Re: WARNING: Unexpected error forwarding to login page

Glen Mazza Wed, 15 Aug 2012 06:14:24 -0700

I haven't tried that yet but you'll have to update the URLs in twoplaces in the tomcat-rp/conf/fediz-config.xml if you change the endpointURLs, also look at the configuration files and application codeprimarily in the tomcat-rp instance to make sure other URLs have beenupdated there as well.


Glen


On 08/15/2012 05:22 AM, 杨华杰 wrote:

Hi Glen

Sorry to keep sending your email.

But it seems like I can only browse the application through localhost, I
tried to use the ip / another host, both can not access the
fedizhelloworld<https://localhost:8443/fedizhelloworld/secure/fedservlet>,
it show the error 403 first, after a refresh it show error 401.


Regards,
Hua jie

On Wed, Aug 15, 2012 at 5:12 PM, 杨华杰 <[email protected]> wrote:

Hi Glen

I have another question:

I see the tag saml2 in this page
https://localhost:8443/fedizhelloworld/secure/fedservlet

But I saw fediz support saml 1.x in the introduce page, how should I
verify the SAML 1.x token.   I am new to this.


Regards,
Hua JIe


On Wed, Aug 15, 2012 at 5:07 PM, 杨华杰 <[email protected]> wrote:

Hi Glen

I make it works. I found there is no key file in
the apache-fediz-1.0.0.zip file.

Most difficulties is the port no and which tomcat instances should I
deploy the war files.

Thank you for your help

Regards,
Hua JIe


On Wed, Aug 15, 2012 at 9:37 AM, 杨华杰 <[email protected]> wrote:

Thank you Glen, it's good to hear that.

I will try again of the configuration this weekend.


On Wed, Aug 15, 2012 at 12:10 AM, Glen Mazza <[email protected]> wrote:

Gina, another CXF user, said she was able to get Fediz to work with
ADFS (http://cxf.547215.n5.nabble.**com/template/NamlServlet.jtp?**
macro=search_page&node=547215&**query=gina+fediz+adfs&days=0<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=search_page&node=547215&query=gina+fediz+adfs&days=0>),
but I have not tested this myself.

Glen


On 08/13/2012 11:38 PM, 杨华杰 wrote:

Hi Glen

Here is the authentication that sharepoint support:
http://technet.microsoft.com/**en-us/library/cc262350.aspx#**section1<http://technet.microsoft.com/en-us/library/cc262350.aspx#section1>


Regards,
Hua JIe
On Tue, Aug 14, 2012 at 9:51 AM, 杨华杰 <[email protected]> wrote:

  Hi Glen

Thanks for your follow up. I didn't do #1, I download the binary file
directly.

I will download 1.0.1 and try again. By the way, did you try to make
fediz
working with sharepoint authentication? Sharepoint support claimed
   authentication, saml 1.x.  I am appreciate if your time. Thank you
again.

Regards,
Hua JIe


On Tue, Aug 14, 2012 at 5:12 AM, Glen Mazza <[email protected]>
wrote:

  Hi Hua Jie, I think the samples hardcode specific port numbers

(following
the instructions), assuming the two or three Tomcat instance setup,
so if
you try to put all on one Tomcat alone, you might have to go through
each
of the apps to make sure all the port numbers were updated.  (Also, I
haven't tested yet, but the Fediz plugin that needs to be installed
on
Tomcat-RP might conflict with the Fediz IDP & STS if you put them on
the
same Tomcat instance.)

I'm glad #2 works for you, but did you do #1 below?  The keystores
and
example READMEs, again, have been *radically* improved in the trunk
version.  The sample keystores and trust relationships are not
defined in
1.0 as they are in 1.0.1 
(http://svn.apache.org/viewvc/****<http://svn.apache.org/viewvc/**>
cxf/fediz/trunk/examples/****samplekeys/****
HowToGenerateKeysREADME.html?****
view=co<http://svn.apache.org/**viewvc/cxf/fediz/trunk/**
examples/samplekeys/**HowToGenerateKeysREADME.html?**view=co<http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co>

<-- You see, much of the important information in the last two
columns are
lost when you try a one-Tomcat solution.

Regards,
Glen



On 08/12/2012 11:19 PM, 杨华杰 wrote:

  Hi Glen

Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I
will
learn more from the example if it is working.


I do see the wsdl from
http://localhost:8080/fediz-****idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl>
<**http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl>

I don't know which step I did wrong. The only tip I have is the
error
message from the page and log.


Regards,
Hua JIe

On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <[email protected]> wrote:

   Hi Glen

I am beginner in this SAML settup, probabily also impatient. But I
already
tried to follow your document three times and I still didn't make
it
work.
Could you help me of this?

Regards,
Hua JIe

On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]>
wrote:

   On 08/12/2012 09:42 PM, 杨华杰 wrote:

   Hi Glen

Thanks for your patient. It's very details. But currently I
don't know
which step is wrong.

   The step where you're not using a different Tomcat instance to
host

the
IDP compared to the one hosting the RP applications, as given in
the
directions.  Also, that you're not going sequentially as I
recommended
below, and testing at each point before proceeding on to the next
step.
    Doing it all at once and saying "it doesn't work" doesn't help
you
when
you need to retrace back to try to figure out what is going wrong.
   (Why
deploy the RP apps if you haven't first checked the IDP STS
works, for
example.)


    I can access the web service through http and https.

      That's why I want to ask a working tomcat, at least I can

make it
works. I
also think one tomcat setup is also much easier for beginners.

   Well, maybe someone else can provide you a single Tomcat setup.

Sorry, I
see a single Tomcat setup as easier only for those beginners who
don't
care
to learn anything (necessary keystore/truststore relationships
between
apps
and between servlet containers, required setup of relying party
Tomcat
instance, Tomcat IDP instance), and doing more harm than good in
learning a
distributed deployment and understanding the deployment
requirements
for
each portion.




   I have one question here, is the https mandatory, I don't need

security
like that.

   Yes, so the usernames and passwords sent are secure, possibly
other

reasons as well.  Even with HTTP alone, you will still need
message-layer
encryption for the SAML tokens being sent, requiring application
keystores
at least.



    I just want to make it work first.
Well, if you would just follow the instructions given below and
on the
website, you'll get it to "work first" pretty rapidly (and learn
a lot
in
the process.)

Regards,
Glen


    Thank you again for your

  time, really appreciate.


Regards,
Hua Jie

On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]>
wrote:

    Hi Hua Jie,

  I don't have a one-Tomcat solution, I'm not sure how useful

such a
setup
would be.  Our Fediz samples use a two-Tomcat setup (three for
the
more
advanced wsClientWebapp sample) in order to try to mimic an
actual
production environment.  I'd recommend following the
documentation
closely,
using the two or three Tomcat setup as it suggests, and make
sure it
works,
then look at reducing the number of Tomcats if you wish.

Sending you a working Tomcat is not going to help you, a web
page
that
just says "Hello World!" is useless.  Rather, it's working
through
the
sample and getting it to work on your machine that is the
important
point.

I've requested Fediz 1.0.1--which has much better READMEs and
clearer
keystore configuration rules--to be released.  In the meantime,
I'd
recommend:

1.) Downloading and building (mvn clean install) the trunk
branch of
Fediz
instead of using the Fediz 1.0 distribution:
http://cxf.apache.org/fediz.*
*html#Fediz-Building 
<http://cxf.apache.org/fediz.*****<http://cxf.apache.org/fediz.***>
*html#Fediz-Building<http://**cxf.apache.org/fediz.**html#**
Fediz-Building<http://cxf.apache.org/fediz.**html#Fediz-Building>
<http://**cxf.apache.org/**fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#**Fediz-Building>
<ht**tp://cxf.apache.org/fediz.**html#Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building>
   .
     Follow the READMEs in the trunk versions instead.

2.) First get the IDP / IDP STS instance working on Tomcat #1
using
these
instructions:  
http://cxf.apache.org/fediz-********idp.html<http://cxf.apache.org/fediz-******idp.html>
<http://cxf.**apache.org/fediz-****idp.html<http://cxf.apache.org/fediz-****idp.html>
<http://cxf.apache.**org/**fediz-**idp.html<http://cxf.**
apache.org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html>
   <http://cxf.apache.**org/****fediz-idp.html<http://cxf.**
apache.org/fediz-idp.html <http://cxf.apache.org/fediz-**
idp.html <http://cxf.apache.org/fediz-idp.html>>>


   .
Don't do anything else until you can view the STS WSDL at
http://localhost:9080/********fedizidpsts/STSService?wsdl<http://localhost:9080/******fedizidpsts/STSService?wsdl>
<ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl>
<ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<ht**
tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl>
   <ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<**
ht**

tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht**
tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl>

**as
stated on that page.  If you can't view the WSDL, nothing else

will
work.


3.) Next, configure Tomcat #2 as the Relying Party instance:
http://cxf.apache.org/fediz-********tomcat.html<http://cxf.apache.org/fediz-******tomcat.html>
<http://cxf.**apache.org/fediz-****tomcat.**html<http://cxf.apache.org/fediz-****tomcat.html>
<http://cxf.**apache.org/**fediz-**tomcat.html<http://apache.org/fediz-**tomcat.html>
<http://**cxf.apache.org/fediz-**tomcat.**html<http://cxf.apache.org/fediz-**tomcat.html>
**>
<http://cxf.apache.**org/****fediz-tomcat.html<http://cxf.****
apache.org/fediz-tomcat.html<h**ttp://cxf.apache.org/fediz-**
tomcat.html <http://cxf.apache.org/fediz-tomcat.html>>

   .
     For running the samples, all you need to do are the
Installation
and
HTTPS
Configuration parts at the top.

4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make
sure
the
sample works--follow that sample's README.

5.) Next, run the wsclientWebapp sample--you'll need to create a
third
Tomcat instance to run the web service provider--follow the
wsclientWebapp
sample README for full instructions.

If you can get to step #5, you're in good shape with Fediz
(just make
sure
for production you use your own keystores and not the sample
ones
provided.)

Regards,
Glen




On 08/12/2012 03:40 AM, 杨华杰 wrote:

    Hi

  Anyone have a idea about this

Regards,
Hua JIe

On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote:

     Hi

   I followed the readme to configure the example.(but I
configure the

example and the IDP in the same tomcat)

I am able to view the web service.

But when I access the link
https://localhost:8443/********fedizhelloworld/secure/******<https://localhost:8443/******fedizhelloworld/secure/******>
fedservlet<https://localhost:**8443/****fedizhelloworld/**
secure/****fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet>
<https://localhost:**8443/****fedizhelloworld/secure/******
fedservlet<https://localhost:**8443/**fedizhelloworld/secure/
****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet>
<https://localhost:**8443/****fedizhelloworld/secure/******
fedservlet<

https://localhost:**8443/**fedizhelloworld/secure/****
fedservlet<https://localhost:**8443/fedizhelloworld/secure/**
fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet>
I always get this error

WARNING: Unexpected error forwarding to login page
java.lang.NullPointerException
at
org.apache.catalina.********authenticator.********
FormAuthenticator.**
forwardToLoginPage(********FormAuthenticator.java:322)
at
org.apache.catalina.********authenticator.******
FormAuthenticator.****
authenticate(*
*FormAuthenticator.java:245)
at
org.apache.catalina.********authenticator.******
AuthenticatorBase.invoke(**
AuthenticatorBase.java:528)
at
org.apache.cxf.fediz.tomcat.****
****FederationAuthenticator.********
invoke(**
FederationAuthenticator.java:********180)
at
org.apache.catalina.core.********StandardHostValve.invoke(**
StandardHostValve.java:127)
at
org.apache.catalina.valves.********ErrorReportValve.invoke(**
ErrorReportValve.java:102)
at
org.apache.catalina.core.*******
*StandardEngineValve.invoke(**
StandardEngineValve.java:109)
at
org.apache.catalina.connector.**
******CoyoteAdapter.service(**
CoyoteAdapter.java:291)
at
org.apache.coyote.http11.********Http11Processor.process(**
Http11Processor.java:859)
at
org.apache.coyote.http11.********Http11Protocol$****
Http11ConnectionHandler.**
process(Http11Protocol.java:********602)
at org.apache.tomcat.util.net.*****
***JIoEndpoint$Worker.run(**
JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.********java:662)



Aug 6, 2012 10:01:37 PM
org.apache.catalina.********authenticator.********
FormAuthenticator



forwardToLoginPage
WARNING: Unexpected error forwarding to login page



Can someone send me a working tomcat and send it to me? It
will be
much
easier to explore the example.

This is the first time to post questions on the mail list.
Yesterday I
file a bug to the jira



Regards,
Prince

Re: WARNING: Unexpected error forwarding to login page

Reply via email to