-
1. Re: JBoss Identity + JDK 1.5
cracker_jack_04 Dec 9, 2009 2:26 PM (in response to cracker_jack_04)I think I left out a few details.. The examples that I was talkiing about are the JBoss AS based examples listed at http://www.jboss.org/community/wiki/JBossIdentityFederationSampleApplications. Also, the redirect to the idp login page happens fine. It is after signing in at the idp login page that I face this exception.
-
2. Re: JBoss Identity + JDK 1.5
marcelkolsteren Dec 9, 2009 3:52 PM (in response to cracker_jack_04)I just tried the combination JBoss AS 5.1.0.GA, JDK 1.5.0_19 (Apple) and JBID 1.0.0.beta1. I experienced no problems when running the sample application fed-example-1.0.0.beta1.ear (Seam SP and Tomcat valve based IDP).
-
3. Re: JBoss Identity + JDK 1.5
marcelkolsteren Dec 9, 2009 5:49 PM (in response to cracker_jack_04)I tried JBoss AS 4.2.2 with JDK 1.5, I get the same exception that you mentioned. The exception doesn't really pinpoint the problem. My guess is that a problem occurs when the IDP tries to sign the outgoing message that is returned to the SP. A workaround (if changing the AS and JDK version is no option) is to turn off the signing. This can be done by changing the context.xml file in the WEB-INF dir of the IDP (idp-sig-no-val.war):
Note that the sample SP of 1.0.0.beta1 doesn't validate incoming signatures anyway (signatureRequired property of samlAuthenticationFilter component is false). This is bad practice, and has already been fixed in the latest version of the sample app. So my workaround comes with a warning: not signing messages at the IDP side, and not validating them at the SP side introduces a security risk. -
4. Re: JBoss Identity + JDK 1.5
marcelkolsteren Dec 9, 2009 5:52 PM (in response to cracker_jack_04)The change that is needed in the context.xml didn't come through in my previous post. A parameter signOutgoingMessages needs to be added to the IDPWebBrowserSSOValve:
<Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" signOutgoingMessages="false"/>
-
5. Re: JBoss Identity + JDK 1.5
cracker_jack_04 Dec 14, 2009 3:23 PM (in response to marcelkolsteren)Marcel, Thanks much man!