NAMESPACE_ERR when parsing SAML response
jonananas Apr 12, 2011 2:23 PMI am trying to use SSOCircle as IDP with my seam application using PL2.
But when parsing the SAML Response I get the exception below.
The problem seems to be that setAttributeNS() expect Signature to be prefixed with xmlns, and throws because it's not?
What is TransformerUtil trying to accomplish?
{code}
19:47:25,045 DEBUG [TransformerUtil$PicketLinkStaxToDOMTransformer] setAttributeNS params: http://www.w3.org/2000/xmlns/ Signature http://www.w3.org/2000/09/xmldsig#
19:47:25,061 ERROR [TransformerUtil$PicketLinkStaxToDOMTransformer] setAttributeNS threw
org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.
at org.apache.xerces.dom.AttrNSImpl.setName(Unknown Source)
at org.apache.xerces.dom.AttrNSImpl.<init>(Unknown Source)
at org.apache.xerces.dom.CoreDocumentImpl.createAttributeNS(Unknown Source)
at org.apache.xerces.dom.ElementImpl.setAttributeNS(Unknown Source)
at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLinkStaxToDOMTransformer.handleStartElement(TransformerUtil.java:341)
at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLinkStaxToDOMTransformer.transform(TransformerUtil.java:178)
at org.picketlink.identity.federation.core.util.TransformerUtil.transform(TransformerUtil.java:118)
at org.picketlink.identity.federation.core.parsers.util.StaxParserUtil.getDOMElement(StaxParserUtil.java:134)
at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:130)
at org.picketlink.identity.federation.core.parsers.saml.SAMLResponseParser.parse(SAMLResponseParser.java:83)
at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:91)
at org.picketlink.identity.federation.core.parsers.AbstractParser.parse(AbstractParser.java:91)
at org.picketlink.identity.seam.federation.SamlMessageReceiver.getSamlResponse(SamlMessageReceiver.java:249)
at org.picketlink.identity.seam.federation.SamlMessageReceiver.handleIncomingSamlMessage(SamlMessageReceiver.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
at org.picketlink.identity.seam.federation.SamlMessageReceiver_$$_javassist_seam_11.handleIncomingSamlMessage(SamlMessageReceiver_$$_javassist_seam_11.java:65532)
at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:156)
at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.access$000(ExternalAuthenticationFilter.java:65)
at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter$1.process(ExternalAuthenticationFilter.java:109)
at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:102)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at com.metria.myapp.web.filter.RendererFilter.doFilter(RendererFilter.java:74)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
at com.metria.myapp.web.filter.SessionIdFilter.doFilter(SessionIdFilter.java:77)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.__invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
19:47:25,155 DEBUG [SamlMessageReceiver] Received from IDP: <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:8080/myapp/AssertionConsumerService.seam" ID="s2f35d6a77fe692e42c49e8cc0822e368a349844da" InResponseTo="ID_5ab09c2a-d8cc-40f9-9b15-1f42d9577c2e" IssueInstant="2011-04-12T17:47:29Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://idp.ssocircle.com</saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2d2406839b9cf26fff1b2cecf2bd0aa1157e4cd93" IssueInstant="2011-04-12T17:47:29Z" Version="2.0">
<saml:Issuer>http://idp.ssocircle.com</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#s2d2406839b9cf26fff1b2cecf2bd0aa1157e4cd93">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>U5FEjHcQf5ZXTTDZUM0xJg7ZXDw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
gFXV2RekL32L6HEf8gsjVRzAzUlkTdTAaWXEk/tGSKiwbPpDUg+DCM/4KVGaBEGlDM1C/LhXSf1X
IozvfMgj9VqIcGg4URWNCdRCTer+xgYm9ORuZMAe8QZrvg6DLaqa5iWs3Bn42bGGVzXCWb4F8aUk
Uxga77VO5hyMITJ+bHM=
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIB8TCCAVqgAwIBAgIFAIxwZnIwDQYJKoZIhvcNAQEEBQAwLjELMAkGA1UEBhMCREUxEjAQBgNV
BAoTCVNTT0NpcmNsZTELMAkGA1UEAxMCQ0EwHhcNMDkwMjIyMTUwNDI0WhcNMTEwNTIyMTUwNDI0
WjBLMQswCQYDVQQGEwJERTESMBAGA1UEChMJU1NPQ2lyY2xlMQwwCgYDVQQLEwNpZHAxGjAYBgNV
BAMTEWlkcC5zc29jaXJjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbzDRkudC/
aC2gMqRVVaLdPJJEwpFB4o71fR5bnNd2ocnnNzJ/W9CoCargzKx+EJ4Nm3vWmX/IZRCFvrvy9C78
fP1cmt6Sa091K9luaMAyWn7oC8h/YBXH7rB42tdvWLY4Kl9VJy6UCclvasyrfKx+SR4KU6zCsM62
2Kvp5wW67QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAGyaydfJHDkm77C39gq9bBb7OqK8OXEUTbIM
p8PDJZzIf9QkpkE7gHGcWctRKi7fNdONulc5kn2K2nbvCGrbWsWQvr/DA0bjkBrK8OeWpRhLe7fl
+JUgsErMcDIzRTmjNpZzUZp+WESRHV1j3SIcfY4tJM2uMt4Sc/afVnl5P6wL
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature><saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="http://idp.ssocircle.com">l+7K5TYByCFCeab6KSA+Edv5ATvX</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="ID_5ab09c2a-d8cc-40f9-9b15-1f42d9577c2e" NotOnOrAfter="2011-04-12T17:57:29Z" Recipient="http://localhost:8080/myapp/AssertionConsumerService.seam"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2011-04-12T17:37:29Z" NotOnOrAfter="2011-04-12T17:57:29Z">
<saml:AudienceRestriction>
<saml:Audience>http://localhost:8080/myapp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2011-04-12T17:47:28Z" SessionIndex="s26668733a300b1219f39cb3cdc602bdfb679e4604"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
{code}