5 Replies Latest reply on Mar 3, 2011 12:26 PM by anil.saldhana

    Unable to get the webapps-assembly to work

    olof.sandell

      Hello,

      I'm evaluating different SSO-solutions, and PicketLink seems like a nice project.

      Unfortunately I hit some problems right away. I downloaded and installed the latest PicketLink

      https://repository.jboss.org/nexus/content/groups/public/org/picketlink/picketlink-build-jbas/1.0.4.final/picketlink-build-jbas-1.0.4.final.zip

      and the latest sample zip

      https://repository.jboss.org/nexus/content/groups/public/org/picketlink/picketlink-fed-webapps-assembly/1.0.4.final/picketlink-fed-webapps-assembly-1.0.4.final.zip

      and deployed them on my server JBoss AS 6.0.0.final.

       

      When I try to access /sales/ I get the following exception:

      17:27:51,149 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]] REQUEST URI       =/sales/

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]           authType=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]  characterEncoding=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]      contentLength=-1

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]        contentType=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]        contextPath=/sales

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             cookie=JSESSIONID=633899DAD2CCAE518AED51846D391230

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=host=localhost:8080

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=user-agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=accept-language=en-us,en;q=0.7,sv-se;q=0.3

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=accept-encoding=gzip,deflate

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=accept-charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=keep-alive=115

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=connection=keep-alive

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=cookie=JSESSIONID=633899DAD2CCAE518AED51846D391230

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             header=cache-control=max-age=0

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             locale=en_US

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             method=GET

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]           pathInfo=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]           protocol=HTTP/1.1

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]        queryString=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]         remoteAddr=127.0.0.1

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]         remoteHost=127.0.0.1

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]         remoteUser=null

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]] requestedSessionId=633899DAD2CCAE518AED51846D391230

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]             scheme=http

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]         serverName=localhost

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]         serverPort=8080

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]        servletPath=/index.jsp

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]]           isSecure=false

      17:27:51,165 INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/sales]] ---------------------------------------------------------------

      17:27:51,196 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing: java.lang.NoSuchMethodError: org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.authenticate(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;Lorg/apache/catalina/deploy/LoginConfig;)Z

          at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.authenticate(BaseFormAuthenticator.java:137) [:1.0.4.final]

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.Final]

          at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:151) [:6.0.0.Final]

          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]

          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]

          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]

          at java.lang.Thread.run(Thread.java:662) [:1.6.0_23]

       

      If I instead try to access /idp/ I get prompted for username/password and supply the username and password found in the user.properties file (tomcat/tomcat)

       

      Then I get another exception:

      17:50:28,347 ERROR [org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve] No SAML Request or Response Message

      17:50:28,644 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing: java.lang.IllegalArgumentException: responseType is null

          at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:410) [:1.0.4.final]

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:704) [:1.0.4.final]

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59) [:1.0.4.final]

          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]

          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]

          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]

          at java.lang.Thread.run(Thread.java:662) [:1.6.0_23]

       

      I hope I’m making a stupid beginners mistake, but I can’t really see how. Any assistance would be much appreciated!

        • 1. Unable to get the webapps-assembly to work
          anil.saldhana

          This may be related to the method changes that have happened in the tomcat space due to Servlet3.  I have not tested PL against AS6 yet.  Something I need to do.  My tests have been against AS5.1

          • 2. Unable to get the webapps-assembly to work
            anil.saldhana

            By the way, test against the PicketLinkv2 builds and tell me what the behavior is.

            • 3. Unable to get the webapps-assembly to work
              olof.sandell

              Hello

              I have now verified that PL 1.04 works perfectly in AS5.1, with the exact same setup as in AS6, so I guess we can conclude that the problem is due to some change in AS6.

              I’ve also tried with PL2 on AS6, but I get the same exception.

               

              I’ve done some initial analysis on the difference between 5.1 and 6 and found that FormAuthenticator.class in AS5.1 got the method

              public boolean authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig config)

                  throws IOException

              but in AS6 it has changed to

              public boolean authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)

                  throws IOException

              Since your method in BaseFormAuthenticator takes a HttpServletResponse and cast it into a Response, that implementation will not be found, causing the NoSuchMethodError

               

               

              I added the following methods to org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.java

              public boolean authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig config)

              throws IOException {

                 

                  return super.authenticate(request, (javax.servlet.http.HttpServletResponse) response, config);

               

              public void register(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, java.security.Principal principal, String form, String username, String password) {

                 

                  super.register(request, (javax.servlet.http.HttpServletResponse) response, principal, form, username, password);

              }

               

              and now it works in AS6.

              Do you have any plans to adapt PL to AS6 in the near future?

              I’m supposed to deliver my solution in just a couple of weeks, and AS6 is the version I have to work with.

              • 4. Unable to get the webapps-assembly to work
                anil.saldhana

                Thanks for the pointers. Definitely we will adapt PL to AS6.  But we are not doing any formal PL release in the next 2 weeks. As we have been doing, we will put out PL2 builds that do incremental bug fixes. Once we are fairly confident that most of the bugs have been fixed (thanks a lot to the community), we will release PL2.

                • 5. Unable to get the webapps-assembly to work
                  anil.saldhana

                  The build (3mar2011) and later should have the changes necessary that it works on both JBAS5.x and JBAS6.

                  The JIRA that you may be interested in is https://issues.jboss.org/browse/PLFED-154