I solved the problem. It seems I had to totally delete the endpoints from the
cxf-transport.xml file and keep only the one in ldap.xml that uses the
"jaasUTValidator". That hasn't been so clear to me from the documentation..
Anyways, now my user is getting authenticated from LDAP but the process
isn't moving further and in the IDP Server log I get the bellow messages:
(Any ideas on what might be the problem would be deeply appreciated)
------------------------------------
[LdapLoginModule] authentication-only mode; SSL disabled
[LdapLoginModule] user provider:
ldap://localhost:389/ou=Users,dc=ldap,dc=fediz
[LdapLoginModule] attempting to authenticate user: bob
[LdapLoginModule] authentication succeeded
[LdapLoginModule] added LdapPrincipal
"cn=bob,ou=Users,dc=ldap,dc=fediz"
to Subject
[LdapLoginModule] added UserPrincipal "bob" to Subject
2014-09-30 01:36:03,495 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Parsing RequestSecurityToken
2014-09-30 01:36:03,500 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Found AppliesTo element
2014-09-30 01:36:03,500 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Found TokenType:
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
2014-09-30 01:36:03,500 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Found KeyType:
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
2014-09-30 01:36:03,501 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Found Renewing token
2014-09-30 01:36:03,501 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.request.RequestParser - Received Context attribute: null
2014-09-30 01:36:03,501 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - Parsing AppliesTo element
2014-09-30 01:36:03,502 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - Found EndpointReference
element
2014-09-30 01:36:03,502 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - Found address element
2014-09-30 01:36:03,502 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - The AppliesTo address that
has been received is: urn:fediz:idp
2014-09-30 01:36:03,503 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.service.StaticService - Address urn:fediz:idp matches
with pattern .*
2014-09-30 01:36:03,503 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.SAMLTokenProvider - Handling token of
type:
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
2014-09-30 01:36:03,505 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.DefaultSubjectProvider - Creating new
subject with principal name: bob
2014-09-30 01:36:05,128 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.SAMLTokenProvider - SAMLRealm signature
keystore used
2014-09-30 01:36:05,128 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signature alias is
null so using default alias: realma
2014-09-30 01:36:05,129 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.SAMLTokenProvider - Creating SAML Token
2014-09-30 01:36:05,129 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.token.provider.SAMLTokenProvider - Signing SAML Token
2014-09-30 01:36:05,249 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.TokenIssueOperation - Encrypting Issued Token:
false
2014-09-30 01:36:05,251 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - Token lifetime creation:
2014-09-29T22:36:05.114Z
2014-09-30 01:36:05,251 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.operation.AbstractOperation - Token lifetime expiration:
2014-09-29T22:56:05.114Z
2014-09-30 01:36:05,252 [http-bio-9443-exec-7] DEBUG
org.apache.cxf.sts.event.map.MapEventLogger - 9/30/14 1:36:05
AM;SUCCESS;1814ms;127.0.0.1;58074;Issue;https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransportUT;REALMA;bob;<null>;<null>;<null>;<null>;<null>;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;urn:fediz:idp;<null>;<null>;<null>;<null>;
2014-09-30 01:36:05,351 [http-bio-9443-exec-7] INFO
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS -
Outbound Message
[...]
2014-09-30 01:36:05,453 [http-bio-9443-exec-2] INFO
org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction - HRDS
is null (Mock).
2014-09-30 01:36:05,456 [http-bio-9443-exec-2] INFO
org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - Token
[IDP_TOKEN=_3AE8B363924DC7A4C114120301649871] for realm
[urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
2014-09-30 01:36:05,462 [http-bio-9443-exec-2] INFO
org.apache.cxf.fediz.service.idp.beans.STSClientAction - STS WSDL URL
updated to
https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport?wsdl
2014-09-30 01:36:05,501 [http-bio-9443-exec-9] WARN
org.apache.cxf.transport.servlet.ServletController - Can't find the the
request for
https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport's Observer
2014-09-30 01:36:05,644 [http-bio-9443-exec-7] WARN
org.apache.cxf.transport.servlet.ServletController - Can't find the the
request for
https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport's Observer
--
View this message in context:
http://cxf.547215.n5.nabble.com/Use-Fediz-with-LDAP-tp5748800p5749343.html
Sent from the cxf-user mailing list archive at Nabble.com.
