7 Replies Latest reply on Sep 24, 2010 8:50 AM by marcelkolsteren

    Seam samples

    rafael.oliveira

      Hello,

       

      First I'm sorry my English.
      I configured everything and I executed these steps:
      follow the link to the private page; the browser is redirected to the login page of the identity provider
      supply your credentials
      on this step private page is shown, with your username. After click to login button, this error occur:
      HTTP Status 404 - /idp/
      14:09:42,658 ERROR [JAXBUtil] SAX Fatal Error:Line Number=1 Col Number=62 Public ID=null System ID=http://address.br/index.html exc=White spaces are required between publicId and systemId.
      14:09:42,660 ERROR [IDPRedirectValve] Exception:
      org.jboss.identity.federation.core.exceptions.ParsingException: org.xml.sax.SAXParseException: White spaces are required between publicId and systemId.
      at org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve.send(IDPRedirectValve.java:229)
      at org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve.invoke(IDPRedirectValve.java:146)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)

      First I'm sorry my English.

       

      I'm trying run the sample of this link: http://community.jboss.org/wiki/seamintegrationwithjbossidentity

       

      I configured everything and I executed these steps:

       

      - open http://localhost:8080/sp1/PublicPage.seam

      - follow the link to the private page; the browser is redirected to the login page of the identity provider

      - supply your credentials

       

      on this step: private page is shown, with your username. After click to login button, this error occur:

      HTTP Status 404 - /idp/

      14:09:42,658 ERROR [JAXBUtil] SAX Fatal Error:Line Number=1 Col Number=62 Public ID=null System ID=http://address.br/index.html exc=White spaces are required between publicId and systemId.

      14:09:42,660 ERROR [IDPRedirectValve] Exception:

      org.jboss.identity.federation.core.exceptions.ParsingException: org.xml.sax.SAXParseException: White spaces are required between publicId and systemId.

      at org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve.send(IDPRedirectValve.java:229)

      at org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve.invoke(IDPRedirectValve.java:146)

      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

      at java.lang.Thread.run(Thread.java:619)

       

      The private page doesn't appear.

       

      Can anyone help me?

       

      Regards

      Rafael

        • 1. Re: Seam samples
          marcelkolsteren

          Hi Rafael,

           

          I don't know what goes wrong there. Did you modify the example or did you use it "as-is"? I wonder where that "http://address.br/index.html" comes from.

           

          But even more important: did you see the comment at the end of the article, indicating that there has been some evolution? Maybe I should make this more clear in the header of the article, but there is a newer PicketLink Seam module, that is much better than the examples that you tried. It is explained here:

           

          How to add SAML and OpenID authentication to your Seam application

           

          There are also two examples of using this Seam module in combination with SAML Identity Providers:

           

          External authentication example using OpenSSO

          External authentication example using SSOCircle

           

          So I'd advise you to have a look at those articles.

           

          Regards,

          Marcel Kolsteren

          • 2. Re: Seam samples
            rafael.oliveira

            Thank you for the quickly reply

            Is there any tutorial to create my own IDP?

            What should I configure?

             

            Regards

            Rafael.

            • 3. Re: Seam samples
              marcelkolsteren

              Hi Rafael,

               

              I'm sorry, but in order to give a good answer I need to have more background information.

               

              What is your end goal? Is it to build your own Seam-based SAML identity provider? Or do you want your Seam application to use an external SAML identity provider? Or something else?

               

              Regards,

              Marcel

              • 4. Re: Seam samples
                rafael.oliveira

                I want to build my own Seam-based SAML IDP and I want my Seam application use it.

                 

                Regards

                Rafael

                • 5. Re: Seam samples
                  marcelkolsteren

                  Ok, in that case I need to disappoint you. With the Seam PicketLink module you can only turn your Seam application into a SAML service provider, not into a SAML identity provider.

                   

                  Fortunately, Seam 3 will have SAML and OpenID support. Not sure yet whether it will be in the first Seam 3 release, but we're working on it currently. Seam 3 will not only support the service provider side, it will support the identity provider side as well:

                   

                  http://www.sfwk.org/Seam3/SecurityModule

                   

                  If you checkout the latest snapshot of Seam 3, you can already play around with sample applications for a SAML SP and a SAML IDP. However, there is not much documentation yet (only Javadoc and sample application readme files), and the code base is still changing. I don't know if you would feel comfortable with such a deep dive. And maybe you're not ready yet for using CDI/Weld and Java EE 6. But at least you're informed now about what is the roadmap for the Seam SAML support.

                  • 6. Re: Seam samples
                    rafael.oliveira

                    In that case what do you recommend?

                    I try to run the example using OpenSSO, but I didn't found the link to download.

                    I was wondering in use JOSSO, what do you think?

                     

                    Regards

                    Rafael

                    • 7. Re: Seam samples
                      marcelkolsteren

                      I advise to stick to the PicketLink Seam module (version 1.0.4.final).

                       

                      Which example do you mean? And do you mean that a link is broken? Which link exactly?

                       

                      I have no experience with JOSSO. I just read on the JOSSO website that they added SAMLv2 support in July 2010, so you'll be an early adopter if you choose to use it. :-)