1 2 Previous Next 17 Replies Latest reply on Apr 1, 2010 5:02 PM by bernard.tison

"Signature received from SP is null" with sample app.

ivanlatysh Feb 24, 2010 11:51 AM

Hello All!

I am experiencing a problem evaluating the product. I can't get the sample app working, at all.

Here is what has been done:

* download JBoss-5.1.0.GA

* download "picketlink-build-jbas-1.0.2.zip" and unzipped libs into /server/default/lib

picketlink-bindings-1.0.2.jar, picketlink-bindings-jboss-1.0.2.jar, picketlink-fed-1.0.2.jar, picketlink-idm-1.0.0.GA.jar

* download "idp-1.0.2.war" and "employee-1.0.0.war" unzipped them into "idp.war" and "employee.war" in the /deploy folder.

* Updated "<security-domain>java:/jaas/jmx-console</security-domain>" and garanted "manager" role to the default "admin" user.

And here is problems began.

Started the server, trying to log-in, getting an error:

11:33:20,829 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

so idp.war is missing security config, copying jboss-web.xml from sales.war to idp.war

Rebooting the server and hitting the wall again:

2010-02-24 11:09:43,362 DEBUG [org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve] (http-127.0.0.1-8080-1) SP Sent::Method = GET
SAMLRequest=hdFRT4MwEAfwr7LU59IDygYNLJnuwSUzLhv6aoCdGwm0s1dEv73o5kxMnI93+V3/uWuqKVSzzu31Gl86JDd6axtNamhnrLNamYLqoSxaJOUqtZndLVXggTpY40xlGnYcuIwLIrSuNpqdnw8ytnfuoITo+97rQ8/YnQgAQEAiBrSlenf1w+Uf3BcgPznqatCz75wbo6lr0W7QvtYVPqyX5/nGVEWzN+RUDDEIbA+NeUcUbLSYZ2wxfwrGE78si2ceRwlyCZjweDtBPpYylhAV0XhSDpiow4UmV2iXsQB84BDwQOa+ryBRMvR8GXKIFAAbrU7Huq71tta7y8cqj4jUbZ6v+Op+k7PRI1oa1hqCPGDT9CvcTv/ZKBUnl4rfvzz9AA==
SAMLResponse=null
true

2010-02-24 11:09:47,418 DEBUG [org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve] (http-127.0.0.1-8080-1) SP Sent::Method = POST
SAMLRequest=null
SAMLResponse=null
true

2010-02-24 11:09:47,480 DEBUG [org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve] (http-127.0.0.1-8080-1) SP Sent::Method = GET
SAMLRequest=hdFRT4MwEAfwr7LU59IDygYNLJnuwSUzLhv6aoCdGwm0s1dEv73o5kxMnI93+V3/uWuqKVSzzu31Gl86JDd6axtNamhnrLNamYLqoSxaJOUqtZndLVXggTpY40xlGnYcuIwLIrSuNpqdnw8ytnfuoITo+97rQ8/YnQgAQEAiBrSlenf1w+Uf3BcgPznqatCz75wbo6lr0W7QvtYVPqyX5/nGVEWzN+RUDDEIbA+NeUcUbLSYZ2wxfwrGE78si2ceRwlyCZjweDtBPpYylhAV0XhSDpiow4UmV2iXsQB84BDwQOa+ryBRMvR8GXKIFAAbrU7Huq71tta7y8cqj4jUbZ6v+Op+k7PRI1oa1hqCPGDT9CvcTv/ZKBUnl4rfvzz9AA==
SAMLResponse=null
true

2010-02-24 11:09:47,496 ERROR [org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve] (http-127.0.0.1-8080-1) Signature received from SP is null:127.0.0.1
2010-02-24 11:09:47,589 DEBUG [org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve] (http-127.0.0.1-8080-1) SP Sent::Method = GET
SAMLRequest=null
SAMLResponse=vZPbauMwEIZfxWivZR18iCMcQ7ahEOgBNktvF9keN14cyUhj0sevnKZNL7rp3d6NRt/8o38GlcYn6hf40RoP0cthMF6F1IpMziirfR+O+gBeYaN26/s7JWOuRmfRNnYgbwXXYe09OOytIR/yckX2iKNi7Hg8xscktu6ZSc4540sWoNb3zz8uePoPXDCezjiYJtDbzYpsN38yLpK8Sxq6yJqMpqIFWnOdhKOE5TLNNSxkgL2fYGs8aoMrIrnglEsq099CKL5U6SLOhKA8U5yT6AmcD+8PXMxJVZ5qXXV+0mAbPeytR1XwgrO+HVnJzkg5D3eHGif/Ob6xLURPepjg+uT8iVbrCffmVvcDtIRVJfssun4f7sV+AlJ2Nc1FK2iqZUp1UeS00FleNEW9yPPsv9nfTfVfaLAqH4K37Sa6te6g8brpOdO3tDuhapx7ewSDs/Wz3o01XT9fz77vAfe2va7ZHFQN2oEjX2psNOroweJPCF3h23kE8tE8unWH4L6D53190fGSDdHHDs+7ff+N1Ss=
true
[skipped a dozen of redirects]

2010-02-24 11:09:47,839 ERROR [org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve] (http-127.0.0.1-8080-1) Signature received from SP is null:127.0.0.1

Can anybody help me to get sample apps working ?

1. Re: "Signature received from SP is null" with sample app.

anil.saldhana Feb 24, 2010 11:31 PM (in response to ivanlatysh)

There are xxx-sig.war downloads that deal with signatures.

http://jboss.org/picketlink/downloads.html
Actions
2. Re: "Signature received from SP is null" with sample app.

ivanlatysh Feb 25, 2010 12:25 AM (in response to anil.saldhana)

But I don't want to use signatures, this why I took the "employee-1.0.0.war".
Actions
3. Re: "Signature received from SP is null" with sample app.

ivanlatysh Feb 25, 2010 6:50 PM (in response to anil.saldhana)

Can you tell me if those sample apps suppose to work ?
If not, where should I look to see it working without signatures ?
Actions
4. Re: "Signature received from SP is null" with sample app.

ivanlatysh Feb 27, 2010 1:20 AM (in response to ivanlatysh)

Anybody can shed a light on this subject, cause it looks like I am alone here ...
Actions
5. Re: "Signature received from SP is null" with sample app.

anil.saldhana Feb 28, 2010 10:58 PM (in response to ivanlatysh)

Take idp-1.0.2.war, sales-1.0.2.war and employee-1.0.2.war which will not involve signatures.

http://jboss.org/picketlink/downloads.html
Actions
6. Re: "Signature received from SP is null" with sample app.

ivanlatysh Mar 1, 2010 12:08 AM (in response to anil.saldhana)

I have tried that, it does not work.

After ging through the source code I find out why it does not work.

in "idp-1.0.2.war" in "context.xml" you have:
<Valve className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" signOutgoingMessages="false"/>
when shold be:
<Valve className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" signOutgoingMessages="false" ignoreIncomingSignatures="true"/>
It is related to JBID-160.

After aplying the fixes, it looks very promising, but ....
00:02:56,724 TRACE [SPRedirectFormAuthenticator] Server Exception:
java.lang.ClassCastException: org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler$1 cannot be cast to org.apache.catalina.realm.GenericPrincipal
    at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.authenticate(SPRedirectFormAuthenticator.java:262)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Unknown Source)
00:02:56,724 TRACE [SPRedirectFormAuthenticator] Server Exception:
java.lang.ClassCastException: org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler$1 cannot be cast to org.apache.catalina.realm.GenericPrincipal
    at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.authenticate(SPRedirectFormAuthenticator.java:262)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Unknown Source)

I have checked the source, and there is the blind cast on line 262.

Sorry, but can you actually run samples yourself !?
Actions
7. Re: "Signature received from SP is null" with sample app.

anil.saldhana Mar 1, 2010 9:45 AM (in response to ivanlatysh)

If you are running in JBoss AS, then you need to configure a security domain and also a SAML Login Module whose details are in the user guide. Let me verify and get back with details.
Actions
8. Re: "Signature received from SP is null" with sample app.

ivanlatysh Mar 1, 2010 9:50 AM (in response to anil.saldhana)

I did that, as it is described in the guide.
See my first message, I am using standard "jmx-console" jaas config.

And I can see that it has been configured correctly, since when I put the wrong username and password I am getting login error page, and I see the error message only when I supply the correct credentials.
Actions
9. Re: "Signature received from SP is null" with sample app.

anil.saldhana Mar 3, 2010 3:31 PM (in response to ivanlatysh)

I have reproduced the issue and I have fixes. I will be releasing 1.0.3 soon (matter of days) which will have the fixes.
Actions
10. Re: "Signature received from SP is null" with sample app.

ivanlatysh Mar 3, 2010 4:02 PM (in response to anil.saldhana)

Thank you !

I will give it another try as soon as the new version is released.
Actions
11. Re: "Signature received from SP is null" with sample app.

anil.saldhana Mar 8, 2010 3:29 PM (in response to ivanlatysh)

http://community.jboss.org/wiki/CheatsheetPicketLinkandJBossAS

No special configuration needed. Two zip files applied to JBAS should get the samples on display.
Actions
12. Re: "Signature received from SP is null" with sample app.

ivanlatysh Mar 8, 2010 3:41 PM (in response to anil.saldhana)

Thank you, I will give it a shot tonight.
Actions
13. Re: "Signature received from SP is null" with sample app.

anil.saldhana Mar 9, 2010 5:46 PM (in response to ivanlatysh)

If something does not work, provide us the feedback.

Thanks for the earlier feedback you have given us.
Actions
14. Re: "Signature received from SP is null" with sample app.

bernard.tison Mar 18, 2010 5:06 AM (in response to anil.saldhana)

Anil,

the ClassCastException Ivan is seeing is the same as the one I encountered when trying out the sample apps on JBoss AS 5.1 (see http://community.jboss.org/thread/148064?tstart=0).

java.lang.ClassCastException: org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler$1 cannot be cast to org.apache.catalina.realm.GenericPrincipal

I tried again on a fresh install of JBoss AS 5.1, following the instructions at http://community.jboss.org/wiki/CheatsheetPicketLinkandJBossAS, but the error remains.

Bernard
Actions

1 2 Previous Next

Go to original post