-
1. Re: IDPWebBrowserSSOValve is not activated
The Undertow equivalent to JBoss Web's Valve, is the HttpHandler. Here's an article that describes how to create and configure Undertow with a custom HttpHandler:
Configuring a Custom Undertow Filter in WildFly - NovaOrdis Knowledge Base
-
2. Re: IDPWebBrowserSSOValve is not activated
Hi Paul,
Thanks for the reply.
I don't think that is really what I want. I was hoping for a configuration rather than code solution, in much the same way as my apps are on EAP-6.4.0.
I came across this after posting
https://www.linkedin.com/pulse/saml-single-sign-on-jboss-wildfly-picketlink-brett-crawley
which primarily involves having a file called io.undertow.servlet.ServletExtension in WEB-INF/classes/META-INF/services and in the file have
org.picketlink.identity.federation.bindings.wildfly.sp.SPServletExtension
(I also did similar for my IdP app - i.e. declared org.picketlink.identity.federation.bindings.wildfly.idp.IDPServletExtension in that apps io.undertow.servlet.ServletExtension file).
At startup I do see debug indicating that the IdP and SP components are loaded i.e.
09:29:13,019 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Processing PicketLink Extension [class org.picketlink.identity.federation.bindings.wildfly.idp.IDPServletExtension].
09:29:13,022 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Loading PicketLink configuration from [/WEB-INF/picketlink.xml].
09:29:13,047 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Configuring deployment [MongoLogin.war] as a SAML Identity Provider.
09:29:13,048 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Enabling SAML IDPFilter for deployment [MongoLogin.war].
09:29:13,056 DEBUG [io.undertow.session] (ServerService Thread Pool -- 4) Setting default session timeout to 1800
and
09:29:13,428 DEBUG [org.jboss.security] (MSC service thread 1-3) PBOX00307: Constructing JBossPolicyConfiguration with contextID spTest.war
09:29:13,429 DEBUG [org.jboss.as.security] (MSC service thread 1-3) Cannot create permissions with 'null' metaData for id=spTest.war
09:29:13,446 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Processing PicketLink Extension [class org.picketlink.identity.federation.bindings.wildfly.sp.SPServletExtension].
09:29:13,446 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Loading PicketLink configuration from [/WEB-INF/picketlink.xml].
09:29:13,450 DEBUG [org.picketlink.common] (ServerService Thread Pool -- 4) Configuring deployment [spTest.war] as a SAML Service Provider.
09:29:13,453 DEBUG [io.undertow.session] (ServerService Thread Pool -- 4) Setting default session timeout to 1800
09:29:13,454 DEBUG [io.undertow.session] (ServerService Thread Pool -- 4) Registered session listener io.undertow.servlet.core.SessionListenerBridge@9ec21f8
However at no point, when I access the relevant URLs (all local), do I see any SAML messages.
Is this some missing/inconsistent config between the two apps?
What do you think I need to do?
Would it help if I zipped up what I have and post it?
Many thanks
Mike
-
3. Re: IDPWebBrowserSSOValve is not activated
Hi Paul,
Thanks for the reply. I was hoping for a solution that is config rather than coding based.
The link I've added at the end shows enabling of a picketlink SPServletExtension by adding entries to WEB-INF/classes/META-INF/services/
I've added org.picketlink.identity.federation.bindings.wildfly.idp.IDPServletExtension and made changes suggested in the link.
When the app starts up the logs show that the IDPServletExtension is loaded ok but it doesn't seem to do anything! Certainly no SAML messages.
What do you think the problem might be?
Would it help if I posted config files?
Many Thanks
Mike
https://www.linkedin.com/pulse/saml-single-sign-on-jboss-wildfly-picketlink-brett-crawley
-
4. Re: IDPWebBrowserSSOValve is not activated
1 of 1 people found this helpfulI dropped Wildfly and swapped to Tomcat and it all works fine.