-
1. Cannot forward after response has been committed
anil.saldhana Feb 24, 2011 5:21 PM (in response to vladimiralbis)Check this cheatsheet out. http://community.jboss.org/wiki/CheatsheetPicketLinkandJBossAS
You can also try out the employee-post war file that uses SAML/POST binding.
-
2. Re: Cannot forward after response has been committed
vladimiralbis Feb 25, 2011 7:48 AM (in response to anil.saldhana)Hi, thanks for your comments
The examples are working very well in the same server, with localhost or even when i run JBoss with -b 0.0.0.0.
The exception i am getting is when i have sp in a different server than idp. Redirection in URL is correct, with parameters (SAMLRequest, SAMLResponse) but a loop is created in server where sp is running showing java.lang.IllegalStateException: Cannot forward after response has been committed.
I will enable logs and try to find more about this. Thank you.
-
3. Re: Cannot forward after response has been committed
anil.saldhana Feb 25, 2011 12:40 PM (in response to vladimiralbis)Vladimir, there may be a bug in the PicketLink code. So anything that you trace out of the logs may be useful.
By the way, we do have the last PicketLink v2 builds. I don't think that will help, but certainly you can give it a try.
-
4. Cannot forward after response has been committed
vladimiralbis Feb 28, 2011 8:18 AM (in response to anil.saldhana)Hi, after checking logs, i found that this exception is happening when SP is checking whether the assertion has expired. The time in SP server system (Windows) was a couple of minutes before then the time in IDP server system (Windows). From the logs i could see that if this validation fails, IDP was again receiving the authentication request, IDP returned all okay, but the assertion was expired in SP. For testing i set the time in SP server system after IDP system server time with a difference of around 5 seconds and all went okay.
Thanks for your help.
-
5. Cannot forward after response has been committed
anil.saldhana Feb 28, 2011 9:25 AM (in response to vladimiralbis)Vladmir, if the assertion expirty message is logged at trace level, I will have to change it to a higher level. The expiry is an important state. Can you just copy paste the 3-4 lines of the log message if you have it? If not, its fine, I will figure it out.
-
6. Cannot forward after response has been committed
vladimiralbis Feb 28, 2011 9:36 AM (in response to anil.saldhana)Yes, i could, i just hope it's what you want. These are from SP. The first one is printed right before using a util class for validation. Regards
2011-02-28 10:22:09,402 TRACE [org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil] (http-0.0.0.0-8080-1) Now=2011-02-28T10:22:09.402-04:00 ::notBefore=2011-02-28T10:22:10.487-04:00::notOnOrAfter=2011-02-28T10:27:10.487-04:00
2011-02-28 10:22:09,402 TRACE [org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor] (http-0.0.0.0-8080-1) Handlers are:[org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler@1298c7d, org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler@bde411]
2011-02-28 10:22:09,402 TRACE [org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor] (http-0.0.0.0-8080-1) Handlers are : [org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler@1298c7d, org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler@bde411]
2011-02-28 10:22:09,402 TRACE [org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor] (http-0.0.0.0-8080-1) Finished Processing handler:org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler
2011-02-28 10:22:09,402 TRACE [org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor] (http-0.0.0.0-8080-1) Finished Processing handler:org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler
2011-02-28 10:22:09,402 WARN [org.apache.catalina.authenticator.FormAuthenticator] (http-0.0.0.0-8080-1) Unexpected error forwarding to login page
java.lang.IllegalStateException: Cannot forward after response has been committed
-
7. Cannot forward after response has been committed
anil.saldhana Feb 28, 2011 10:10 AM (in response to vladimiralbis)Thanks Vladimir. I have checked and I see that we throw exceptions when the assertion has expired....
By the way, dont forget to vote for PicketLink community. http://community.jboss.org/thread/163284?tstart=0