Token validation errors - Possibly due to missing NameFormat attribute

Thu, 20 Sep 2012 06:57:01 -0700 

Hi,

I am having some issues with the Fediz plugin in combination with a
Microsoft WIF based STS. From the stack trace it doesn't become clear
what the underlying issue is, but it may have something to do with the
absence of the NameFormat attribute in the Attribute element.

In SAML2 the attribute is optional, so is it perhaps the case that
Fediz (plugin) assumes that it is always present? Possibly, the issue
is completely different, but I do not have a good clue as to how I can
pinpoint it.

The stack trace below shows the situation. So it seems that the error
is caused on line 323 in SAMLTokenValidator.java in the
parseClaimsInAssertion function. As far as I can make out this line
contains the following code:

if (attribute.getNameFormat().equals(ClaimTypes.URI_BASE.toString())
                    && !attrName.isAbsolute()) {

Any ideas on what's going on here?

Cheers,

Frank
============== stack trace ============================
17:26:13.856 [http-apr-8080-exec-4] DEBUG
o.a.c.f.core.saml.SAMLTokenValidator - parsing attribute:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

17:26:13.856 [http-apr-8080-exec-4] WARN
o.a.c.f.core.FederationProcessorImpl - Failed to validate token

java.lang.NullPointerException: null

        at 
org.apache.cxf.fediz.core.saml.SAMLTokenValidator.parseClaimsInAssertion(SAMLTokenValidator.java:323)
~[fediz-core-1.0.1.jar:1.0.1]

        at 
org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessToken(SAMLTokenValidator.java:172)
~[fediz-core-1.0.1.jar:1.0.1]

        at 
org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInRequest(FederationProcessorImpl.java:168)
[fediz-core-1.0.1.jar:1.0.1]

        at 
org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(FederationProcessorImpl.java:70)
[fediz-core-1.0.1.jar:1.0.1]

        at 
org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(FederationAuthenticator.java:339)
[fediz-tomcat-1.0.1.jar:1.0.1]

        at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
[catalina.jar:7.0.29]

        at 
org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(FederationAuthenticator.java:180)
[fediz-tomcat-1.0.1.jar:1.0.1]

        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
[catalina.jar:7.0.29]

        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
[catalina.jar:7.0.29]

        at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
[catalina.jar:7.0.29]

        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
[catalina.jar:7.0.29]

        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
[catalina.jar:7.0.29]

        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
[tomcat-coyote.jar:7.0.29]

        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
[tomcat-coyote.jar:7.0.29]

        at 
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1770)
[tomcat-coyote.jar:7.0.29]

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source) [na:1.6.0_33]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source) [na:1.6.0_33]

        at java.lang.Thread.run(Unknown Source) [na:1.6.0_33]

17:26:13.856 [http-apr-8080-exec-4] ERROR o.a.c.a.FormAuthenticator -
Federation processing failed: Security token has been revoked

Reply via email to