5 Replies Latest reply on Nov 3, 2014 4:28 PM by whennemuth

    Service provider configuration under Tomcat for picketlink?

    whennemuth

      I have set up my IDP under JBoss.

      It is working fine.

      I now want to set up my SP under tomcat running separately.

      I haven't been able to find any examples on how to do this, so I started to wing it.

      I have been trying to adapt the following two links for tomcat:

      The steps I have taken are as follows:

      1) Placed picketlink.xml in my WEB-INF dir with the following content:

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">

        <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"

        ServerEnvironment="tomcat" BindingType="POST">

        <IdentityURL>${idp.url::http://localhost:8080/idp/}</IdentityURL>

        <ServiceURL>${portal2.url::http://localhost:8181/portal2/}</ServiceURL>

        </PicketLinkSP>

        <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">

        <Handler

        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />

        <Handler

        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />

        <Handler

        class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />

        </Handlers>

      </PicketLink>

      2) Put a security constraint in my web.xml file as follows:

        <security-constraint>

          <web-resource-collection>

            <web-resource-name>Manager command</web-resource-name>

            <url-pattern>/services/admin/*</url-pattern>

          </web-resource-collection>

          <auth-constraint>

            <role-name>manager</role-name>

            <role-name>Sales</role-name>

            <role-name>Employee</role-name>

          </auth-constraint>

        </security-constraint>

      3) Put all of the picketlink jars and their javax/javaee6 dependencies on the classpath

      4) Placed the appropriate valve in my context.xml file:

      <?xml version='1.0' encoding='utf-8'?>

      <Context

        displayName="abbdevportal2"

        docBase="C:/whennemuth/workspaces/abb_workspace/ABBWeb2/ABBWeb-TRUNK/target/abbdevportal2"

        reloadable="true"

        path="">

           <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator"/>

        <!--

        <Valve className="org.apache.catalina.authenticator.FormAuthenticator" disablingProxyCaching="false"/>

        -->

      </Context>

       

      I'm wasn't sure how to put in the SAML2LoginModule called for because this app is running under tomcat, not jboss, and there is no jboss-web.xml

         <security-domain name="sp" cache-type="default">

        <authentication>

          <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>

        </authentication>

      </security-domain>

       

      So, I tried to run the app to see what would happen.

      The result is a "java.lang.ClassNotFoundException: org.apache.catalina.authenticator.FormAuthenticator" due to the ServiceProviderAuthenticator conflicting with it.

      Anyway, I'm kinda stuck on this and was hoping someone might know how to proceed or where the relevant documentation is.

       

      Thanks

       

      Warren

        • 1. Re: Service provider configuration under Tomcat for picketlink?
          pcraveiro

          Hey Warren,

           

          What are the JARs you are using in Tomcat's classpath ?

          • 2. Re: Re: Service provider configuration under Tomcat for picketlink?
            whennemuth

            Hi Pedro.

            Thanks for replying.

            I run tomcat from an eclipse debug configuration.

            I let maven build to the target directory and I put the resulting lib directory contents on to its classpath with the following additions afterwards:

             

            • cdi-api-1.0.jar
            • javax.inject-1.jar
            • javax.annotation-api-1.2.jar
            • jsr250-api-1.0.jar
            • validation-api-1.1.0.Final.jar

             

            The dependencies in the pom file are;

             

              <dependencyManagement>

                <dependencies>

                  <!-- Dependency Management for PicketLink and Java EE 6.0. -->

                  <dependency>

                    <groupId>org.picketlink</groupId>

                    <artifactId>picketlink-javaee-6.0</artifactId>

                    <!--

                    <version>2.6.1-Final</version>

                    -->

                    <version>2.7.0-SNAPSHOT</version>

                    <scope>import</scope>

                    <type>pom</type>

                  </dependency>

                </dependencies>

              </dependencyManagement>

             

              <dependencies>

             

              <!-- Picketlink -->

                <dependency>

              <groupId>org.picketlink.distribution</groupId>

              <artifactId>picketlink-jbas7</artifactId>

              <version>2.7.0-SNAPSHOT</version>

                    <scope>compile</scope>

                </dependency>

                <dependency>

                  <groupId>org.picketlink</groupId>

                  <artifactId>picketlink</artifactId>

                  <version>2.7.0-SNAPSHOT</version>

                  <scope>compile</scope>

                </dependency>

                <dependency>

                  <groupId>org.picketlink</groupId>

                  <artifactId>picketlink-idm-simple-schema</artifactId>

                  <version>2.7.0-SNAPSHOT</version>

                  <scope>compile</scope>

                </dependency>

             

              <!-- Spring -->

              <dependency>

              <groupId>org.springframework</groupId>

              <artifactId>spring-orm</artifactId>

              <version>${org.springframework.version}</version>

              </dependency>

              <dependency>

              <groupId>org.springframework</groupId>

              <artifactId>spring-context</artifactId>

              <version>${org.springframework.version}</version>

              </dependency>

              <dependency>

              <groupId>org.springframework</groupId>

              <artifactId>spring-webmvc</artifactId>

              <version>${org.springframework.version}</version>

              </dependency>

                <dependency>

                <groupId>org.springframework</groupId>

                <artifactId>spring-test</artifactId>

                <version>${org.springframework.version}</version>

                <scope>test</scope>

                </dependency>

             

              <dependency>

              <groupId>javax.transaction</groupId>

              <artifactId>jta</artifactId>

              <version>1.1</version>

              </dependency>

             

             

              <!-- Servlet-api -->

              <dependency>

              <groupId>javax.servlet</groupId>

              <artifactId>javax.servlet-api</artifactId>

              <version>3.1.0</version>

              </dependency>

                <dependency>

                    <groupId>javax.servlet</groupId>

                    <artifactId>jstl</artifactId>

                    <version>1.2</version>

                </dependency>

              

                <!-- JSON -->

              <dependency>

              <groupId>org.codehaus.jettison</groupId>

              <artifactId>jettison</artifactId>

              <version>1.3.5</version>

              </dependency>

             

              <!-- Testing libraries -->

                <dependency>

                <groupId>junit</groupId>

                <artifactId>junit</artifactId>

                <version>4.11</version>

                <scope>test</scope>

                </dependency>

                <dependency>

                <groupId>net.sourceforge.cobertura</groupId>

                <artifactId>cobertura</artifactId>

                <version>2.0.3</version>

                <scope>test</scope>

                </dependency>

              </dependencies>

             

            I can give you a full listing of the jars on the debug configuration classpath if that is easier to see.

             

            Thanks,

             

            Warren

            • 3. Re: Service provider configuration under Tomcat for picketlink?
              pcraveiro
              • 4. Re: Service provider configuration under Tomcat for picketlink?
                whennemuth

                Thankyou Pedro.
                I will try that out as soon as I can and reply back.

                • 5. Re: Service provider configuration under Tomcat for picketlink?
                  whennemuth

                  Hi Pedro.

                  Sorry for the long delay.

                  I brought https://repository.jboss.org/nexus/service/local/repositories/releases/content/org/picketlink/distribution/picketlink-to…

                  into my project.

                  From this I see the original ClassNotFoundException is now gone, which lets tomcat startup progress a little further until an incompatibility issue regarding this new jar comes up.

                  Apparently version 2.7.0.CR1 is not compatiblie with version 2.7.0-SNAPSHOT, which I am using.

                  Specifically:

                  line 489 of  org\picketlink\identity\federation\bindings\tomcat\sp\BaseFormAuthenticator.java in picketlink-tomcat7-2.7.0.CR1

                  refers to a non-existing method in:2

                  org\picketlink\identity\federation\web\util\ConfigurationUtil.java in picketlink-federation-2.7.0-SNAPSHOT.jar:

                   

                  Caused by: java.lang.NoSuchMethodError: org.picketlink.identity.federation.web.util.ConfigurationUtil.getConfiguration(Ljava/io/InputStream;)Lorg/picketlink/config/federation/PicketLinkType;

                    at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.processConfiguration(BaseFormAuthenticator.java:489)

                    at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.startPicketLink(BaseFormAuthenticator.java:695)

                    at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.startPicketLink(AbstractSPFormAuthenticator.java:102)

                    at org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator.startInternal(ServiceProviderAuthenticator.java:25)

                    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)

                   

                  I have looked around at different versions of picketlink-tomcat-common, and they all expect this same method in ConfigurationUtil.

                  Any idea how to get around this?

                   

                  Thanks,

                  Warren