-
45. Re: PicketLink 2.0.2.Final is released
Anil, I have a coworker who would really like to try out the PL PDP service, I see two possible alternatives while SECURITY-653 is open:
1.) Would you know of the most recent PL and JBoss AS server versions whose PDP service will work?
2.) (preferable) SECURITY-653 (actually the bug it references) suggests that if I keep the policy configuration *outside* of the WAR (say in the configuration folder), that things should work. Is that the case? If so, do you or anyone else know how I can configure the PDP to read its policy information outside of the WAR (say in the standalone/configuration folder)? This is what within-WAR configuration looks like: https://community.jboss.org/wiki/XACMLCachingForPerformance#Case_1__Use_the_Decision_Caching_System_As_Is, but I am not sure how to configure it to look out-of-war.
Thanks,
Glen -
46. Re: PicketLink 2.0.2.Final is released
Glen Mazza wrote:
Anil, I have a coworker who would really like to try out the PL PDP service, I see two possible alternatives while SECURITY-653 is open:
1.) Would you know of the most recent PL and JBoss AS server versions whose PDP service will work?
2.) (preferable) SECURITY-653 (actually the bug it references) suggests that if I keep the policy configuration *outside* of the WAR (say in the configuration folder), that things should work. Is that the case? If so, do you or anyone else know how I can configure the PDP to read its policy information outside of the WAR (say in the standalone/configuration folder)? This is what within-WAR configuration looks like: https://community.jboss.org/wiki/XACMLCachingForPerformance#Case_1__Use_the_Decision_Caching_System_As_Is, but I am not sure how to configure it to look out-of-war.
Thanks,
Glen1) We have tested in AS5 and 6 at the moment. We will soon get to 7.1.x
2) The bug is caused by the url being a vfs url while the JDK File construct needs file:/
Regarding placing the config file in the standalone/configuration directory, there is a system property available ${jboss.server.config.dir}, but I am unsure if it will work without trying.
The bug fix is pretty simple but I need to find a few minutes to code it in.
Glen, has Talend given a thought on having committers in the PicketLink umbrella of oss projects?
-
47. Re: PicketLink 2.0.2.Final is released
Thanks--I'll try doing the config outside-of-WAR to see if that's a workable bandaid for the time being. As for Talend, for possible partnerships you'd need to chat offline with my manager Dan Kulp. :) But personally speaking, I don't think I have time to be committing things (maybe that could change in a few months), I'm just trying to see how things work and give you feedback where your documentation notes could use improvement. I want to test the PL STS with a CXF WSC and CXF WSP to check interoperability, also my coworker Colm is doing something with XACML support in CXF right now and so a working PDP is useful for his testing.
-
48. Re: PicketLink 2.0.2.Final is released
I've made these changes to the module.xml file for both the sun.jdk and org.picketlink, but I'm still having classpath issues. I'm using Picketlink 2.0.2.Final in JBoss AS 7.1.1.Final in standalone. The only change I made to the sample war files was to change the SPPostSignatureFormAuthenticator to an SPRedirectSignatureForAuthenticator in the sales-post-sig.war. Here's the stack trace:
13:13:59,678 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--127.0.0.1-8080-1) An exception or error occurred in the container during the request processing: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/dom/DOMSignContext
at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:266) [picketlink-fed-2.0.2.Final.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:160) [picketlink-fed-2.0.2.Final.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:140) [picketlink-fed-2.0.2.Final.jar:]
at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.getErrorResponse(IDPWebRequestUtil.java:384) [picketlink-fed-2.0.2.Final.jar:]
at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:351) [picketlink-bindings-2.0.2.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_29]
Here's my module.xml for sun.jdk:
<module xmlns="urn:jboss:module:1.1" name="sun.jdk">
<resources>
<!-- currently jboss modules has not way of importing services from
classes.jar so we duplicate them here -->
<resource-root path="service-loader-resources"/>
</resources>
<dependencies>
<system export="true">
<paths>
<path name="com/sun/script/javascript"/>
<path name="com/sun/jndi/dns"/>
<path name="com/sun/jndi/ldap"/>
<path name="com/sun/jndi/url"/>
<path name="com/sun/jndi/url/dns"/>
<path name="com/sun/security/auth"/>
<path name="com/sun/security/auth/login"/>
<path name="com/sun/security/auth/module"/>
<path name="sun/misc"/>
<path name="sun/io"/>
<path name="sun/nio"/>
<path name="sun/nio/ch"/>
<path name="sun/security"/>
<path name="sun/security/krb5"/>
<path name="sun/util"/>
<path name="sun/util/calendar"/>
<path name="sun/util/locale"/>
<path name="sun/security/provider"/>
<path name="javax/xml/crypto/dsig"/>
<path name="javax/xml/crypto"/>
<path name="org/jcp/xml/dsig/internal/dom"/>
<path name="META-INF/services"/>
</paths>
<exports>
<include-set>
<path name="META-INF/services"/>
</include-set>
</exports>
</system>
</dependencies>
</module>
And here's my module.xml for org.picketlink:
<module xmlns="urn:jboss:module:1.1" name="org.picketlink">
<resources>
<resource-root path="picketlink-fed-2.0.2.Final.jar"/>
<resource-root path="picketlink-bindings-2.0.2.Final.jar"/>
<resource-root path="picketlink-bindings-jboss-2.0.2.Final.jar"/>
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.security.auth.message.api"/>
<module name="javax.security.jacc.api"/>
<module name="javax.transaction.api"/>
<module name="javax.xml.bind.api"/>
<module name="javax.xml.stream.api"/>
<module name="javax.servlet.api"/>
<module name="org.jboss.common-core"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.as.web"/>
<module name="org.jboss.security.xacml"/>
<module name="org.picketbox"/>
<module name="javax.xml.ws.api"/>
<module name="org.apache.log4j"/>
<!--module name="org.apache.santuario.xmlsec"/-->
<module name="sun.jdk"/>
</dependencies>
</module>
-
49. Re: PicketLink 2.0.2.Final is released
Hi Karen,
Try do add the following path in the module.xml of the sun.jdk module:
<path name="javax/xml/crypto/dsig/dom"/>
Regards.
Pedro Igor
-
50. Re: PicketLink 2.0.2.Final is released
Unfortunately, that just starts spewing all sorts of other classpath errors:
14:49:04,218 SEVERE [com.sun.org.apache.xml.internal.security.Init] (http--127.0.0.1-8080-1) Bad: : java.lang.RuntimeException: java.lang.ClassNotFoundException: com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode from [Module "deployment.idp-sig.war:main" from Service Module Loader]
at com.sun.org.apache.xml.internal.security.transforms.Transform.register(Transform.java:280) [rt.jar:1.6.0_29]
at com.sun.org.apache.xml.internal.security.Init.init(Init.java:235) [rt.jar:1.6.0_29]
at org.jcp.xml.dsig.internal.dom.ApacheTransform.<clinit>(ApacheTransform.java:37) [rt.jar:1.6.0_29]
at java.lang.Class.forName0(Native Method) [rt.jar:1.6.0_29]
at java.lang.Class.forName(Class.java:169) [rt.jar:1.6.0_29]
at java.security.Provider$Service.getImplClass(Provider.java:1260) [rt.jar:1.6.0_29]
at java.security.Provider$Service.newInstance(Provider.java:1220) [rt.jar:1.6.0_29]
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220) [rt.jar:1.6.0_29]
at javax.xml.crypto.dsig.TransformService.getInstance(TransformService.java:145) [xmlsec-1.5.1.jar:1.5.1]
at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:233) [rt.jar:1.6.0_29]
at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:270) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:160) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:140) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.getErrorResponse(IDPWebRequestUtil.java:384) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:351) [picketlink-bindings-2.0.2.final-updated.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_29]
Caused by: java.lang.ClassNotFoundException: com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode from [Module "deployment.idp-sig.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:423)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at java.lang.Class.forName0(Native Method) [rt.jar:1.6.0_29]
at java.lang.Class.forName(Class.java:247) [rt.jar:1.6.0_29]
at com.sun.org.apache.xml.internal.security.transforms.Transform.register(Transform.java:277) [rt.jar:1.6.0_29]
... 24 more
14:49:04,287 ERROR [stderr] (http--127.0.0.1-8080-1) java.lang.RuntimeException: java.lang.ClassNotFoundException: com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode from [Module "deployment.idp-sig.war:main" from Service Module Loader]
14:49:04,290 ERROR [stderr] (http--127.0.0.1-8080-1) at com.sun.org.apache.xml.internal.security.transforms.Transform.register(Transform.java:280)
14:49:04,292 ERROR [stderr] (http--127.0.0.1-8080-1) at com.sun.org.apache.xml.internal.security.Init.init(Init.java:235)
14:49:04,294 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jcp.xml.dsig.internal.dom.ApacheTransform.<clinit>(ApacheTransform.java:37)
14:49:04,296 ERROR [stderr] (http--127.0.0.1-8080-1) at java.lang.Class.forName0(Native Method)
14:49:04,297 ERROR [stderr] (http--127.0.0.1-8080-1) at java.lang.Class.forName(Class.java:169)
14:49:04,298 ERROR [stderr] (http--127.0.0.1-8080-1) at java.security.Provider$Service.getImplClass(Provider.java:1260)
14:49:04,299 ERROR [stderr] (http--127.0.0.1-8080-1) at java.security.Provider$Service.newInstance(Provider.java:1220)
14:49:04,301 ERROR [stderr] (http--127.0.0.1-8080-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
14:49:04,302 ERROR [stderr] (http--127.0.0.1-8080-1) at javax.xml.crypto.dsig.TransformService.getInstance(TransformService.java:145)
14:49:04,304 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:233)
14:49:04,305 ERROR [stderr] (http--127.0.0.1-8080-1) at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:270)
14:49:04,307 ERROR [stderr] (http--127.0.0.1-8080-1) at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:160)
14:49:04,309 ERROR [stderr] (http--127.0.0.1-8080-1) at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:140)
14:49:04,310 ERROR [stderr] (http--127.0.0.1-8080-1) at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.getErrorResponse(IDPWebRequestUtil.java:384)
14:49:04,312 ERROR [stderr] (http--127.0.0.1-8080-1) at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:351)
14:49:04,314 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
14:49:04,316 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
14:49:04,317 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
14:49:04,319 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
14:49:04,320 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
14:49:04,322 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
14:49:04,323 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
14:49:04,324 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
14:49:04,326 ERROR [stderr] (http--127.0.0.1-8080-1) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
14:49:04,328 ERROR [stderr] (http--127.0.0.1-8080-1) at java.lang.Thread.run(Thread.java:662)
14:49:04,329 ERROR [stderr] (http--127.0.0.1-8080-1) Caused by: java.lang.ClassNotFoundException: com.sun.org.apache.xml.internal.security.transforms.implementations.TransformBase64Decode from [Module "deployment.idp-sig.war:main" from Service Module Loader]
14:49:04,331 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
14:49:04,333 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
14:49:04,334 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
14:49:04,336 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:423)
14:49:04,338 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
14:49:04,339 ERROR [stderr] (http--127.0.0.1-8080-1) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
14:49:04,341 ERROR [stderr] (http--127.0.0.1-8080-1) at java.lang.Class.forName0(Native Method)
14:49:04,342 ERROR [stderr] (http--127.0.0.1-8080-1) at java.lang.Class.forName(Class.java:247)
14:49:04,343 ERROR [stderr] (http--127.0.0.1-8080-1) at com.sun.org.apache.xml.internal.security.transforms.Transform.register(Transform.java:277)
14:49:04,345 ERROR [stderr] (http--127.0.0.1-8080-1) ... 24 more
14:49:04,355 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--127.0.0.1-8080-1) An exception or error occurred in the container during the request processing: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/keyinfo/KeyInfoFactory
at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:287) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:160) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:140) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.getErrorResponse(IDPWebRequestUtil.java:384) [picketlink-fed-2.0.2.final-updated.jar:]
at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:351) [picketlink-bindings-2.0.2.final-updated.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_29]
Caused by: java.lang.ClassNotFoundException: javax.xml.crypto.dsig.keyinfo.KeyInfoFactory from [Module "org.picketlink:main" from local module loader @3f64b09c (roots: C:\jboss\jboss-as-7.1.1.Final\modules)]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:423)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
... 15 more
-
51. Re: PicketLink 2.0.2.Final is released
Hi Karen,
I'll take a look at this more deeply.
Thanks.
Pedro Igor
-
52. Re: PicketLink 2.0.2.Final is released
Pedro, why not just zip up your AS instance and give it to Karen.
-
53. Re: PicketLink 2.0.2.Final is released
It's not an emergency or anything. I'm in the process of reverting back to 7.1.0.Final but with the Picketlink 2.0.2 jars. I'll let you know if that works.
-
54. Re: PicketLink 2.0.2.Final is released
Picketlink 2.0.2 works just fine with JBoss 7.1.0.Final. Both with certs and without. Both Post and Redirects.
I'd like to have the latest 7.1.1, so it would be good to get the classpath issues sorted out, but I'm ok for now.
-
55. Re: PicketLink 2.0.2.Final is released
Karen,
Try to replace your module.xml of the sun.jdk module with the one I have attached (module-sun-jdk.xml).
I have also attached the module.xml of the org.picketlink module (module-picketlink.xml). Please replace it too.
When using the SP examples with signature support, make sure the keystore is located inside the WAR in WEB-INF/classes/jbid_test_keystore.jks. You can copy this file from the idp-sig.war.
Please let me know if everything worked as expected. Otherwise I'll share my AS 7.1.1.Final installation with you.
Thanks.
Pedro Igor
-
56. Re: PicketLink 2.0.2.Final is released
Anil,
I've created a new article about updating JBoss AS 7.1.1.Final to 2.0.2 version of PL.
https://community.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711
Regards.
Pedro Igor
-
-
59. Re: PicketLink 2.0.2.Final is released
Found this thread while I tried to get SAML authentication to work with JBoss 7.1.1 (and the included picketlink version 2.0.2).
I followed the workaround/solution by chaning the module definitions for picketlink and sun jdk but when the SAML authentication is invoked it still throws this exception:
Caused by: java.lang.ClassCastException: org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to javax.xml.crypto.dsig.XMLSignatureFactory
at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance(XMLSignatureFactory.java:202) [xmlsec-1.5.1.jar:1.5.1]
at javax.xml.crypto.dsig.XMLSignatureFactory.getInstance(XMLSignatureFactory.java:250) [xmlsec-1.5.1.jar:1.5.1]
at org.jboss.seam.security.external.saml.SamlSignatureUtilForPostBinding.getXMLSignatureFactory(SamlSignatureUtilForPostBinding.java:71) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]
at org.jboss.seam.security.external.saml.SamlSignatureUtilForPostBinding.init(SamlSignatureUtilForPostBinding.java:56) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]
I am using the seam-security-external module (version 3.1.0.Final) which is based on picketlink to do the saml authentication. Does anyone have an idea on what could (still) be wrong?