5 Replies Latest reply on Dec 14, 2009 3:23 PM by cracker_jack_04

    JBoss Identity + JDK 1.5

    cracker_jack_04 Dec 9, 2009 2:24 PM

      env : JBoss 4.2.2 + JBoss Identity 1.0.0 Beta1

      I am trying to get the integration of JBoss-Identity with our seam based application. The examples work fine with a jave 6 installation. But our Production env is based on JDK 1.5. When I try to get the examples working with a JDK 1.5 I am getting the following error.

      
11:21:09,001 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.IllegalArgumentException: responseType is null
 at org.jboss.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:274)
 at org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:308)
 at org.jboss.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:57)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:595)


      Any idea as to what could cause this? Does JBoss Identity have a strict dependency on Java 1.6?

      Thanks in advance

      • 2511 Views
      • Tags:
        • 1. Re: JBoss Identity + JDK 1.5
          cracker_jack_04 Dec 9, 2009 2:26 PM (in response to cracker_jack_04)

          I think I left out a few details.. The examples that I was talkiing about are the JBoss AS based examples listed at http://www.jboss.org/community/wiki/JBossIdentityFederationSampleApplications. Also, the redirect to the idp login page happens fine. It is after signing in at the idp login page that I face this exception.

            • Actions
          • 2. Re: JBoss Identity + JDK 1.5
            marcelkolsteren
            marcelkolsteren Dec 9, 2009 3:52 PM (in response to cracker_jack_04)

            I just tried the combination JBoss AS 5.1.0.GA, JDK 1.5.0_19 (Apple) and JBID 1.0.0.beta1. I experienced no problems when running the sample application fed-example-1.0.0.beta1.ear (Seam SP and Tomcat valve based IDP).

              • Actions
            • 3. Re: JBoss Identity + JDK 1.5
              marcelkolsteren
              marcelkolsteren Dec 9, 2009 5:49 PM (in response to cracker_jack_04)

              I tried JBoss AS 4.2.2 with JDK 1.5, I get the same exception that you mentioned. The exception doesn't really pinpoint the problem. My guess is that a problem occurs when the IDP tries to sign the outgoing message that is returned to the SP. A workaround (if changing the AS and JDK version is no option) is to turn off the signing. This can be done by changing the context.xml file in the WEB-INF dir of the IDP (idp-sig-no-val.war):



              Note that the sample SP of 1.0.0.beta1 doesn't validate incoming signatures anyway (signatureRequired property of samlAuthenticationFilter component is false). This is bad practice, and has already been fixed in the latest version of the sample app. So my workaround comes with a warning: not signing messages at the IDP side, and not validating them at the SP side introduces a security risk.

                • Actions
              • 4. Re: JBoss Identity + JDK 1.5
                marcelkolsteren
                marcelkolsteren Dec 9, 2009 5:52 PM (in response to cracker_jack_04)

                The change that is needed in the context.xml didn't come through in my previous post. A parameter signOutgoingMessages needs to be added to the IDPWebBrowserSSOValve:

                <Valve className="org.jboss.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" signOutgoingMessages="false"/>


                  • Actions
                • 5. Re: JBoss Identity + JDK 1.5
                  cracker_jack_04 Dec 14, 2009 3:23 PM (in response to marcelkolsteren)
                  Marcel, Thanks much man!
                    • Actions