-
15. Re: identifier 'authenticator' resolved to null when processing SAML response from OpenSSO
I found something.
In org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(), requests that are relevant to the SSO process do not go through the filter chain. As such, they don't go through javax.faces.webapp.FacesServlet which establishes the context for regular JSF calls. However, this context is still required when the redirection is executed (see my previous message) hence the exception.
if (service != null){
try{
new ContextualHttpServletRequest(httpRequest){
@Override
public void process() throws ServletException, IOException, LoginException{
try {
doFilter(httpRequest, httpResponse, service);
} catch (InvalidRequestException e){
httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
if (log.isInfoEnabled()) {
log.info("Bad request received from {0} ({1})", e.getCause(), httpRequest.getRemoteHost(), e.getDescription());
}
}
}
}.run();
} catch (ServletException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
} else {
// Request is not related to external authentication. Pass the request on to the next filter in the chain.
chain.doFilter(httpRequest, httpResponse);
} -
16. Re: identifier 'authenticator' resolved to null when processing SAML response from OpenSSO
After a succesful login, the PicketLink Seam module redirects the user back to the "return URL", which in most cases is the page that the user requested, and that triggered the login action. See section 5 of How to add SAML and OpenID authentication to your Seam application. So, you shouldn't perform a redirect yourself, and the action in your components.xml shouldn't be there.
You're right about the cause of the NPE: the JSF lifecycle is not active when the LOGIN_SUCCESSFUL event is fired. When PicketLink Seam performs the redirect for you, it won't run into this problem, because it calls the sendRedirect method of the HttpServletResponse. In case you're interested in where this happens: see loginUser method of SamlSingleSignOnReceiver.
-
17. Re: identifier 'authenticator' resolved to null when processing SAML response from OpenSSO
Thanks Marcel. I removed that redirection from pages.xml (the reason for it is that in my case, there is a business requirement to always send the user to the main page after the login even if he attempted to access another page).
-
18. Re: identifier 'authenticator' resolved to null when processing SAML response from OpenSSO
Ok, so now you have still a problem implementing that business requirement of always redirecting the user to the main page? Has nothing to do with the initial problem of this thread, but if it's an issue for you, you could start a new thread on that.
-
19. Re: identifier 'authenticator' resolved to null when processing SAML response from OpenSSO
I was merely explaining why I had that declaration in components.xml; I didn't mean to imply the original problem was still there. Thanks again for all the help.