1 Reply Latest reply on Jul 22, 2010 7:39 PM by Kent Xu

    SSO question

    Kent Xu Newbie

      I followed the GateIn reference doc and tested the single sign-on feature using GateIn and JOSSO. That worked fine with only the JOSSO gateway and GateIn(some errors in the documentation though). The problem comes when I try to test single sign-on with another web application. For simplicity, I am just using the bundled partnerapp web application comes with JOSSO.  It properly redirects me to the JOSSO gateway login page, I typed in "root" info. It fails. However, I can see GateIn and JOSSO gateway both consider this login as successful (I am logged in if I go to GateIn page).

       

      It seems to fail when the partner app valve tries to retrieve roles. I placed a trace in SSOIdentityManagerBindingImpl.findRolesBySSOSessionId. It shows the result from "SSORole[] roles = sd.getIdentityManager().findRolesByUsername(user.getName());" is null.

       

      I can get partnerapp running fine with JOSSO before it is integrated with GateIn. Am I missing something? Please help. Thank you.

       

      Here is the error 500 message in the browser.

       

      java.lang.RuntimeException: Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration!
           org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:532)
           org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
           org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
           org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
           java.lang.Thread.run(Thread.java:619)

       

       

      Here is the trace from tomcat.

       

      Jul 22, 2010 10:44:30 AM org.josso.tc60.agent.jaas.SSOGatewayLoginModule getRoleSets
      SEVERE: Session login failed for Principal : root
      org.josso.gateway.identity.exceptions.SSOIdentityException
          at org.josso.gateway.identity.service.WebserviceSSOIdentityManager.findRolesBySSOSessionId(WebserviceSSOIdentityManager.java:161)
          at org.josso.tc60.agent.jaas.SSOGatewayLoginModule.getRoleSets(SSOGatewayLoginModule.java:292)
          at org.josso.tc60.agent.jaas.SSOGatewayLoginModule.commit(SSOGatewayLoginModule.java:201)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:399)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:323)
          at org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
          at org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:347)
          at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:526)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
          at java.lang.Thread.run(Thread.java:619)
      Caused by:
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
          at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
          at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
          at java.lang.Class.newInstance0(Class.java:355)
          at java.lang.Class.newInstance(Class.java:308)
          at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)
          at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)
          at org.josso.gateway.ws._1_1.protocol.SSOIdentityManagerErrorType.getDeserializer(SSOIdentityManagerErrorType.java:114)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)
          at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)
          at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)
          at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)
          at org.apache.axis.encoding.DeserializerImpl.onStartElement(DeserializerImpl.java:438)
          at org.apache.axis.encoding.DeserializerImpl.startElement(DeserializerImpl.java:393)
          at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1048)
          at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:501)
          at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:400)
          at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2755)
          at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
          at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
          at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511)
          at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808)
          at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
          at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)
          at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
          at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
          at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
          at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
          at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
          at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
          at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
          at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
          at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
          at org.apache.axis.client.Call.invoke(Call.java:2767)
          at org.apache.axis.client.Call.invoke(Call.java:2443)
          at org.apache.axis.client.Call.invoke(Call.java:2366)
          at org.apache.axis.client.Call.invoke(Call.java:1812)
          at org.josso.gateway.ws._1_1.wsdl.soapbinding.SSOIdentityManagerBindingStub.findRolesBySSOSessionId(SSOIdentityManagerBindingStub.java:432)
          at org.josso.gateway.identity.service.WebserviceSSOIdentityManager.findRolesBySSOSessionId(WebserviceSSOIdentityManager.java:155)
          ... 23 more
      Jul 22, 2010 10:44:30 AM org.josso.tc60.agent.jaas.SSOGatewayLoginModule commit
      SEVERE: Session login failed for Principal : root
      javax.security.auth.login.LoginException: Session login failed for Principal : root
          at org.josso.tc60.agent.jaas.SSOGatewayLoginModule.getRoleSets(SSOGatewayLoginModule.java:295)
          at org.josso.tc60.agent.jaas.SSOGatewayLoginModule.commit(SSOGatewayLoginModule.java:201)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:399)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:323)
          at org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
          at org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:347)
          at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:526)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
          at java.lang.Thread.run(Thread.java:619)
      Jul 22, 2010 10:44:30 AM org.apache.catalina.realm.JAASRealm authenticate
      WARNING: Cannot find message associated with key jaasRealm.loginException
      javax.security.auth.login.LoginException: Session login failed for Principal : root
          at org.josso.tc60.agent.jaas.SSOGatewayLoginModule.commit(SSOGatewayLoginModule.java:216)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:399)
          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:323)
          at org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
          at org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:347)
          at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:526)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
          at java.lang.Thread.run(Thread.java:619)

        • 1. Re: SSO question
          Kent Xu Newbie

          It seems to be a bug in gatein JOSSO identity store plugin.

           

          JOSSO gateway uses SSOIdentityManagerBindingImpl to invoke identiy store implementation. If GateIn integration is turned on, the user store is provided by GateIn through org.gatein.sso.josso.plugin.GateInIdentityPlugin class. This implementation returns null for user role information. However, SSOIdentityManagerBindingImpl can not process null value (it does check for empty array).

           

          To fix the problem, you will have to modify GateInIdentityPlugin's role implementation.

           

          public BaseRole[] findRolesByUserKey(UserKey userKey) throws SSOIdentityException {   
                     return null; //replace this, implement something or returns empty array
          }

           

          I have tested this with a JOSSO gateway server authenticating multiple web applications using GateIn as user management portal.