Hello,
On my tomcat hosting a RP application I am trying to authenticate
against a SAML IDP so I am trying to use Fediz tomcat 8 plugin (1.4.3).
Authentication fails with this log:
May 11, 2018 11:22:14 AM
org.apache.cxf.fediz.core.processor.SAMLProcessorImpl processRelayState
SEVERE: Missing Request State
May 11, 2018 11:22:14 AM org.apache.cxf.fediz.core.handler.SigninHandler
handleRequest
SEVERE: Federation processing failed: The request was invalid or malformed
I checked in the code and it fails because request state in
org.apache.cxf.fediz.core.processor.FedizRequest is null, but it seems
with SAML protocol
org.apache.cxf.fediz.core.processor.FedizRequest.setRequestState(RequestState)
is never called in the code, so I am wondering how it can be different
from null and how saml authentication can work with this plugin
For a simpler setup I tried with samling (a serverless SAML idp for
test) same error (obviously).
My config file:
<FedizConfig>
<contextConfig name="/myApp">
<audienceUris>
<audienceItem>http://localhost:8080/myApp/</audienceItem>
</audienceUris>
<certificateStores>
<trustManager>
<keyStore file="/opt/tomcat/.keystore"
password="changeit" type="JKS" />
</trustManager>
</certificateStores>
<trustedIssuers>
<issuer certificateValidation="PeerTrust" />
</trustedIssuers>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="samlProtocolType" version="2.0">
<issuer>https://capriza.github.io/samling/samling.html</issuer>
<roleURI>groups</roleURI>
</protocol>
</contextConfig>
</FedizConfig>
By the past I successfully managed to configure federation
authentication with fediz tomcat 8 plugin (the noticeable change in this
config is <protocol
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="*federationProtocolType*") and I am wondering if fediz tomcat
8 plugin is supported with samlProtocolType as protocol type, and if yes
how ?
Thanks for your help,
Arnaud
