-
1. Re: SAML Attributes with Multiple Values
tim.kutz Feb 22, 2013 4:01 PM (in response to tim.kutz)I attempted to update to the snapshot version in the message above, but it appears to be an older snapshot - versioned as 2.1.0-SNAPSHOT - while the codebase in git is 2.1.6. This fix should, then, be in my deployed version, already, but I'm still getting an error, and it's source is unclear.
My deployment is JBoss 7.1.1.Final, with PicketLink 2.1.6.
When running using the JBossAppServerAttributeManager, the login works, but only single values are published for multi-valued attributes within the LDAP store. I cribbed from that class, and modified it to handle multiple values, but even on a user with no multiple values present, I get the following error:
15:56:32,018 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--0.0.0.0-8080-1) An exception or error occurred in the container during the request processing: java.lang.RuntimeException: PLFED000092: Null Value: responseType
at org.picketlink.identity.federation.PicketLinkLoggerImpl.nullValueError(PicketLinkLoggerImpl.java:106) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:194) [picketlink-core-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:645) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.invoke(AbstractIDPValve.java:383) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:57) [picketlink-jbas7-2.1.6.Final.jar:2.1.6.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0]
Using the debugger, I've successfully stepped through the replacement AttributeManager, and it appears to be working correctly. The error happens later, and from the error message, appears unrelated to the AttributeManager directly. Can anyone shed some light on this?
-
2. Re: SAML Attributes with Multiple Values
tim.kutz Feb 28, 2013 12:58 PM (in response to tim.kutz)The error above is resulting from a swallowed exception. I've opened a Jira case for it,https://issues.jboss.org/browse/PLFED-385 , in hopes that at least the error messages can be sorted out better. More details are in the issue tracker, but the short version is that when an exception occurs in marshalling the SAML Assertions, which in my case resulted from passing one or more attribute values downstream from the AttributeManager that are not supported, the swallowed exception results in a null being returned instead of a Document. Further downstream, that Document is inspected for type, and when null, produces the exception shown above.