Hi, You've uncovered a bug in Fediz 1.0.1 - it always assumed that a NameFormat is present, whereas it's optional as you point out. It's been fixed for 1.0.2 here:
https://issues.apache.org/jira/browse/FEDIZ-26 Colm. On Thu, Sep 20, 2012 at 2:56 PM, frank <franks...@gmail.com> wrote: > Hi, > > I am having some issues with the Fediz plugin in combination with a > Microsoft WIF based STS. From the stack trace it doesn't become clear > what the underlying issue is, but it may have something to do with the > absence of the NameFormat attribute in the Attribute element. > > In SAML2 the attribute is optional, so is it perhaps the case that > Fediz (plugin) assumes that it is always present? Possibly, the issue > is completely different, but I do not have a good clue as to how I can > pinpoint it. > > The stack trace below shows the situation. So it seems that the error > is caused on line 323 in SAMLTokenValidator.java in the > parseClaimsInAssertion function. As far as I can make out this line > contains the following code: > > if (attribute.getNameFormat().equals(ClaimTypes.URI_BASE.toString()) > && !attrName.isAbsolute()) { > > Any ideas on what's going on here? > > Cheers, > > Frank > ============== stack trace ============================ > 17:26:13.856 [http-apr-8080-exec-4] DEBUG > o.a.c.f.core.saml.SAMLTokenValidator - parsing attribute: > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name > > 17:26:13.856 [http-apr-8080-exec-4] WARN > o.a.c.f.core.FederationProcessorImpl - Failed to validate token > > java.lang.NullPointerException: null > > at > org.apache.cxf.fediz.core.saml.SAMLTokenValidator.parseClaimsInAssertion(SAMLTokenValidator.java:323) > ~[fediz-core-1.0.1.jar:1.0.1] > > at > org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessToken(SAMLTokenValidator.java:172) > ~[fediz-core-1.0.1.jar:1.0.1] > > at > org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInRequest(FederationProcessorImpl.java:168) > [fediz-core-1.0.1.jar:1.0.1] > > at > org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(FederationProcessorImpl.java:70) > [fediz-core-1.0.1.jar:1.0.1] > > at > org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(FederationAuthenticator.java:339) > [fediz-tomcat-1.0.1.jar:1.0.1] > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544) > [catalina.jar:7.0.29] > > at > org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(FederationAuthenticator.java:180) > [fediz-tomcat-1.0.1.jar:1.0.1] > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > [catalina.jar:7.0.29] > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > [catalina.jar:7.0.29] > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > [catalina.jar:7.0.29] > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > [catalina.jar:7.0.29] > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > [catalina.jar:7.0.29] > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001) > [tomcat-coyote.jar:7.0.29] > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585) > [tomcat-coyote.jar:7.0.29] > > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1770) > [tomcat-coyote.jar:7.0.29] > > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > Source) [na:1.6.0_33] > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown > Source) [na:1.6.0_33] > > at java.lang.Thread.run(Unknown Source) [na:1.6.0_33] > > 17:26:13.856 [http-apr-8080-exec-4] ERROR o.a.c.a.FormAuthenticator - > Federation processing failed: Security token has been revoked > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
