-
1. Re: PicketLink v2 Builds
Hi,
I installed this one but even after fixing compile errors I get an error trying to use JAXB to load IdP metadata:
org.picketlink.identity.federation.core.exceptions.ConfigurationException: com.sun.xml.bind.v2.runtime.IllegalAnnotationsException: 1 counts of IllegalAnnotationExceptions
org.picketlink.identity.xmlsec.w3.xmldsig.CanonicalizationMethodType does not have a no-arg default constructor.
this problem is related to the following location:
at org.picketlink.identity.xmlsec.w3.xmldsig.CanonicalizationMethodType
at public org.picketlink.identity.xmlsec.w3.xmldsig.CanonicalizationMethodType org.picketlink.identity.xmlsec.w3.xmldsig.SignedInfoType.getCanonicalizationMethod()
at org.picketlink.identity.xmlsec.w3.xmldsig.SignedInfoType
at public org.picketlink.identity.xmlsec.w3.xmldsig.SignedInfoType org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType.getSignedInfo()
at org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType
at public org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType.getSignature()
at org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntitiesDescriptorType
The line of code I am using that triggers this is:
JAXBContext xmlContext = JAXBContext.newInstance(EntitiesDescriptorType.class);
Any chance of putting a no-arg constructor on that class? Or am I using the wrong class for this purpose?
-
2. Re: PicketLink v2 Builds
Dobes, you should not use JAXB.
If you have a stream, you can use the SAMLParser class to parse a stream and cast it to the object you want.
If you are constructing metadata manually, then use new.
-
3. Re: PicketLink v2 Builds
Hi,
I'll try that. I haven't found any docs on how to use that, is there a source distribution I can use so that I can read the sources to figure things out?
Seems like the first problem I am having is an error "unsupported extensions"...
java.lang.RuntimeException: Unknown Extensions at org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser.parseIDPSSODescriptor(SAMLEntityDescriptorParser.java:356) at org.picketlink.identity.federation.core.parsers.saml.metadata.SAMLEntityDescriptorParser.parse(SAMLEntityDescriptorParser.java:113) at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:113) at org.picketlink.identity.federation.core.parsers.AbstractParser.parse(AbstractParser.java:91)
-
4. Re: PicketLink v2 Builds
Dobes,
the workspace is here: http://anonsvn.jboss.org/repos/picketlink/federation/trunk/
Our parsers throw exceptions when they cannot understand some elements. This is our way of knowing when we have not handled something. Would you be kind to create a JIRA issue with the sample metadata file? You can mask or change sensitive information from the md file. I can get a new build asap.
-
5. Re: PicketLink v2 Builds
Added as https://issues.jboss.org/browse/PLINK-46
Would it be difficult to include the source code in the next build, either right in the jar files or as a source jar?
Possibly I can get the source from that SVN repo and build the jars myself ... I'll take a look at that option too.
-
6. Re: PicketLink v2 Builds
Since the changes were minimal, I made the bug fix and is attached as jar to the JIRA issue: https://issues.jboss.org/browse/PLFED-139
Thanks for the JIRA issue and the metadata file. The problem was that we were not handling the optional metadata extensions element. Also there was the other bug in KeyTypes "use" optional element.
-
7. PicketLink v2 Builds
Just one small issue:
It seems that the openid4java.jar is missing in the build. The deployment of idp.war and idp-sig.war failed with message
2011-03-01 08:56:27,080 ERROR [org.apache.catalina.core.StandardContext] (main) Context [/idp-sig] startup failed due to previous errors
java.lang.NoClassDefFoundError: org/openid4java/message/ParameterList
After I added the jar, everything works fine.
-
8. Re: PicketLink v2 Builds
My SAML-Token from Shibboleth contains an element "SubjectLocality" in the AuthnStatement:
{code}
<saml2:AuthnStatement AuthnInstant="2011-03-01T10:04:20.847Z" SessionIndex="3f15ff676d6cf951ccc59366600072f95ba0e9342edb3aa33f0be062df8bbd4e">
<saml2:SubjectLocality Address="127.0.0.1"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
{code}
This results in the following exception
{code}
2011-03-01 11:04:21,194 TRACE [org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator] (http-127.0.0.1-8080-1) Server Exception:
java.lang.RuntimeException: Unknown tag:SubjectLocality
at org.picketlink.identity.federation.core.parsers.util.SAMLParserUtil.parseAuthnStatement(SAMLParserUtil.java:271)
at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:157)
at org.picketlink.identity.federation.core.parsers.saml.SAMLResponseParser.parse(SAMLResponseParser.java:83)
at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:91)
at org.picketlink.identity.federation.core.parsers.AbstractParser.parse(AbstractParser.java:91)
at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.getSAML2ObjectFromStream(SAML2Response.java:347)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:116)
at org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator.authenticate(SPPostFormAuthenticator.java:205)
{code}
I have seen in the code, that it expects the element AuthnContext to be the first element after AuthnStatement. I think this did not happen with the picketlink-1.0.4-final release. Is this a bug in V2?
-
9. PicketLink v2 Builds
https://issues.jboss.org/browse/PLFED-152
It should be fixed very shortly and a new build will arrive this week.
-
10. Re: PicketLink v2 Builds
https://issues.jboss.org/browse/PLFED-152 is fixed in trunk. It should be reflected in the build attachment after 28 Feb 2011.
-
11. Re: PicketLink v2 Builds
What version of JBAS server do I need to run this version of PL V2 -- will 6.0 final do it or do I need version 7?
-
-
13. Re: PicketLink v2 Builds
Hello, I'm getting errors running "mvn clean install" on the two Picketlink projects referenced in this post. Do I need to add SNAPSHOT repositories to my settings.xml (or anything else)?
When running http://anonsvn.jboss.org/repos/picketlink/federation/trunk/, it fails on "core":
[INFO] PicketLink Federation- Parent ..................... SUCCESS [0.814s]
[INFO] PicketLink Federation XML Security Model .......... SUCCESS [2.540s]
[INFO] PicketLink Federation Model ....................... SUCCESS [6.896s]
[INFO] PicketLink Federation Core ........................ FAILURE [14.430s]
[INFO] PicketLink Federation Consolidated API ............ SKIPPED
[INFO] PicketLink Federation Web ......................... SKIPPED
....
With this error message:
[ERROR] Failed to execute goal on project picketlink-fed-core: Could not resolve dependencies for project org.picketlink:picketlink-fed-core:jar:2.0.0-SNAPSHOT: Failed to collect dependencies for [org.picketlink:picketlink-fed-model:jar:2.0.0-SNAPSHOT (compile), org.picketlink:picketlink-xmlsec-model:jar:2.0.0-SNAPSHOT (compile), apache-log4j:log4j:jar:1.2.14 (compile), org.apache:xmlsec:jar:1.4.3 (compile), apache-logging:commons-logging-api:jar:1.0.3 (compile), org.jboss.security:jbossxacml:jar:2.0.4 (compile), org.jboss.security:jboss-security-spi:jar:2.0.4 (compile), javax.servlet:servlet-api:jar:2.4 (compile), org.jboss.security:jbosssx:jar:2.0.4 (compile), javax.persistence:persistence-api:jar:1.0 (compile), org.apache.tomcat:annotations-api:jar:6.0.18 (provided), junit:junit:jar:4.4 (test), org.mockito:mockito-all:jar:1.8.0 (test), xmlunit:xmlunit:jar:1.1 (test), apache-xalan:xalan:jar:2.7.1.patch01-brew (test), apache-xalan:serializer:jar:2.7.1.patch01-brew (test), org.openid4java:openid4java-nodeps:jar:0.9.5 (compile), commons-httpclient:commons-httpclient:jar:3.1 (test)]: Failed to read artifact descriptor for apache-log4j:log4j:jar:1.2.14: Could not transfer artifact apache-log4j:log4j:pom:1.2.14 from/to repository.jboss.org (http://repository.jboss.org/maven2/): Access denied to: http://repository.jboss.org/maven2/apache-log4j/log4j/1.2.14/log4j-1.2.14.pom -> [Help 1]
[ERROR]
When running mvn clean install from http://anonsvn.jboss.org/repos/picketlink/trust/trunk/, it fails on trust for JBossWS:
[INFO] Reactor Summary:
[INFO]
[INFO] PicketLink Trust - Parent ......................... SUCCESS [1.116s]
[INFO] PicketLink Trust for JBossWS ...................... FAILURE [0.154s]
[INFO] PicketLink Trust - Aggregator ..................... SKIPPED
[INFO] ------------------------------------------------------------------------
Error message:
[ERROR] Failed to execute goal on project picketlink-trust-jbossws: Could not resolve dependencies for project org.picketlink:picketlink-trust-jbossws:jar:2.0.0-SNAPSHOT: The following artifacts could not be resolved: org.picketlink:picketlink-fed:jar:2.0.0-SNAPSHOT, org.picketlink:picketlink-bindings-jboss:jar:2.0.0-SNAPSHOT: Failure to find org.picketlink:picketlink-fed:jar:2.0.0-SNAPSHOT in http://repository.jboss.org/nexus/content/groups/public/ was cached in the local repository, resolution will not be reattempted until the update interval of jboss-public-repository-group has elapsed or updates are forced -> [Help 1]
-