PicketLink 2.1.7 Final - Service Provider could not handle the request
ravi.gandhi Sep 6, 2013 3:33 AMHi, I am trying to use JBoss test application as Service provider to talk to SSO Easy as IDP Server.
JBoss 6.0.0 Final
Java 1.6.30
PicketLink 2.1.7 Final
PicketLink JARS used: picketlink-core-2.1.7.Final.jar and picketlink-jbas5-2.1.7.Final.jar
When I run test home page, http://localhost:8080/helloworld/Hello it is re-directed to IDP Login Page.
Username password are authenticated at login page and user is directed back to http://localhost:8080/helloworld/Hello but with below exception in JBoss,
browser page is blank and server.log has this error
2013-09-06 17:05:01,523 ERROR [org.picketlink.identity.federation] (http-0.0.0.0-8080-1) Service Provider could not handle the request.: java.lang.NullPointerException
at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881) [:1.6.0_30]
at org.apache.catalina.session.StandardSession.setNote(StandardSession.java:899) [:6.0.0.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.handleSAMLResponse(AbstractSPFormAuthenticator.java:505) [:2.1.7.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:319) [:2.1.7.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [:2.1.7.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]
2013-09-06 17:05:02,402 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/helloworld].[jsp]] (http-0.0.0.0-8080-1) Servlet.service() for servlet jsp threw exception: java.lang.NullPointerException
at org.apache.jsp.error_jsp._jspService(error_jsp.java:71)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [:6.0.0.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [:1.0.0.Final]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369) [:6.0.0.Final]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) [:6.0.0.Final]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:253) [:6.0.0.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [:1.0.0.Final]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:734) [:6.0.0.Final]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:541) [:6.0.0.Final]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:479) [:6.0.0.Final]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:407) [:6.0.0.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:331) [:2.1.7.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [:2.1.7.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]
2013-09-06 17:05:02,441 ERROR [org.picketlink.identity.federation] (http-0.0.0.0-8080-1) Error forwarding to the error page: /error.jsp
Context.xml contents,
<?xml version="1.0" encoding="UTF-8"?> <Context> <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator" /> </Context>
Jboss-web.xml contents,
<jboss-web> <security-domain>java:/jaas/Test</security-domain> </jboss-web>
picketlink.xml contents,
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" BindingType="POST"> <IdentityURL>http://<IDP-SERVER NAME>/ExampleIdentityProvider</IdentityURL> <ServiceURL>http://aud24902rw:8080/helloworld/Hello</ServiceURL> </PicketLinkSP> <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> </Handlers> </PicketLink>
web.xml
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <servlet> <servlet-name>HelloWorld</servlet-name> <jsp-file>/index.jsp</jsp-file> </servlet> <servlet> <servlet-name>Logout</servlet-name> <jsp-file>/logout.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>HelloWorld</servlet-name> <url-pattern>/Hello</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Logout</servlet-name> <url-pattern>/Logout</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>SonoraResourceCollection</web-resource-name> <url-pattern>/Hello</url-pattern> </web-resource-collection> <auth-constraint> <role-name>SonoraSecurityRole</role-name> </auth-constraint> </security-constraint> <login-config> <!--Uncomment below lines for basic authentication--> <!--<auth-method>BASIC</auth-method>--> <auth-method>FORM</auth-method> <realm-name>QSuper SSO</realm-name> <form-login-config> <form-login-page>/index.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>SonoraSecurityRole</role-name> </security-role> </web-app>
login-config.xml snippet
<application-policy name = "Test"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </application-policy>
I have users.properties and roles.properties in class path. users.properties is empty whereas roles.properties content are as follows,
tomcat=manager,employee,sales idp-user=SonoraSecurityRole,HttpInvoker,manager,employee,sales SONORA=SonoraSecurityRole,HttpInvoker,manager,employee,sales
Am I doing something wrong? Previously I was getting “HTTP Status 403 - Access to the requested resource has been denied" response. I believe that somehow roles are not picked up.
Please help.
Thank you.
-
login-config.xml 9.2 KB
-
PicketLink 2.1.7 JARS.zip 1.1 MB
-
test.ear.zip 4.5 KB