6 Replies Latest reply on May 4, 2011 2:30 AM by jonananas

    NAMESPACE_ERR when parsing SAML response

    jonananas Newbie

      I am trying to use SSOCircle as IDP with my seam application using PL2.

      But when parsing the SAML Response I get the exception below.

      The problem seems to be that setAttributeNS() expect Signature to be prefixed with xmlns, and throws because it's not?

      What is TransformerUtil trying to accomplish?

       

       

      {code}

      19:47:25,045 DEBUG [TransformerUtil$PicketLinkStaxToDOMTransformer] setAttributeNS params: http://www.w3.org/2000/xmlns/ Signature http://www.w3.org/2000/09/xmldsig#

      19:47:25,061 ERROR [TransformerUtil$PicketLinkStaxToDOMTransformer] setAttributeNS threw

      org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.

                at org.apache.xerces.dom.AttrNSImpl.setName(Unknown Source)

                at org.apache.xerces.dom.AttrNSImpl.<init>(Unknown Source)

                at org.apache.xerces.dom.CoreDocumentImpl.createAttributeNS(Unknown Source)

                at org.apache.xerces.dom.ElementImpl.setAttributeNS(Unknown Source)

                at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLinkStaxToDOMTransformer.handleStartElement(TransformerUtil.java:341)

                at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLinkStaxToDOMTransformer.transform(TransformerUtil.java:178)

                at org.picketlink.identity.federation.core.util.TransformerUtil.transform(TransformerUtil.java:118)

                at org.picketlink.identity.federation.core.parsers.util.StaxParserUtil.getDOMElement(StaxParserUtil.java:134)

                at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:130)

                at org.picketlink.identity.federation.core.parsers.saml.SAMLResponseParser.parse(SAMLResponseParser.java:83)

                at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:91)

                at org.picketlink.identity.federation.core.parsers.AbstractParser.parse(AbstractParser.java:91)

                at org.picketlink.identity.seam.federation.SamlMessageReceiver.getSamlResponse(SamlMessageReceiver.java:249)

                at org.picketlink.identity.seam.federation.SamlMessageReceiver.handleIncomingSamlMessage(SamlMessageReceiver.java:124)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                at java.lang.reflect.Method.invoke(Method.java:597)

                at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)

                at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)

                at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)

                at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)

                at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)

                at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)

                at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)

                at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)

                at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)

                at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)

                at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)

                at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)

                at org.picketlink.identity.seam.federation.SamlMessageReceiver_$$_javassist_seam_11.handleIncomingSamlMessage(SamlMessageReceiver_$$_javassist_seam_11.java:65532)

                at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:156)

                at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.access$000(ExternalAuthenticationFilter.java:65)

                at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter$1.process(ExternalAuthenticationFilter.java:109)

                at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)

                at org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:102)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)

                at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)

                at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)

                at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)

                at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at com.metria.myapp.web.filter.RendererFilter.doFilter(RendererFilter.java:74)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)

                at com.metria.myapp.web.filter.SessionIdFilter.doFilter(SessionIdFilter.java:77)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)

                at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)

                at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.__invoke(StandardWrapperValve.java:230)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)

                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)

                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)

                at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

                at java.lang.Thread.run(Thread.java:662)

      19:47:25,155 DEBUG [SamlMessageReceiver] Received from IDP: <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:8080/myapp/AssertionConsumerService.seam" ID="s2f35d6a77fe692e42c49e8cc0822e368a349844da" InResponseTo="ID_5ab09c2a-d8cc-40f9-9b15-1f42d9577c2e" IssueInstant="2011-04-12T17:47:29Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://idp.ssocircle.com</saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

      </samlp:StatusCode>

      </samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2d2406839b9cf26fff1b2cecf2bd0aa1157e4cd93" IssueInstant="2011-04-12T17:47:29Z" Version="2.0">

      <saml:Issuer>http://idp.ssocircle.com</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

      <SignedInfo>

      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

      <Reference URI="#s2d2406839b9cf26fff1b2cecf2bd0aa1157e4cd93">

      <Transforms>

      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

      <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

      </Transforms>

      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

      <DigestValue>U5FEjHcQf5ZXTTDZUM0xJg7ZXDw=</DigestValue>

      </Reference>

      </SignedInfo>

      <SignatureValue>

      gFXV2RekL32L6HEf8gsjVRzAzUlkTdTAaWXEk/tGSKiwbPpDUg+DCM/4KVGaBEGlDM1C/LhXSf1X

      IozvfMgj9VqIcGg4URWNCdRCTer+xgYm9ORuZMAe8QZrvg6DLaqa5iWs3Bn42bGGVzXCWb4F8aUk

      Uxga77VO5hyMITJ+bHM=

      </SignatureValue>

      <KeyInfo>

      <X509Data>

      <X509Certificate>

      MIIB8TCCAVqgAwIBAgIFAIxwZnIwDQYJKoZIhvcNAQEEBQAwLjELMAkGA1UEBhMCREUxEjAQBgNV

      BAoTCVNTT0NpcmNsZTELMAkGA1UEAxMCQ0EwHhcNMDkwMjIyMTUwNDI0WhcNMTEwNTIyMTUwNDI0

      WjBLMQswCQYDVQQGEwJERTESMBAGA1UEChMJU1NPQ2lyY2xlMQwwCgYDVQQLEwNpZHAxGjAYBgNV

      BAMTEWlkcC5zc29jaXJjbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbzDRkudC/

      aC2gMqRVVaLdPJJEwpFB4o71fR5bnNd2ocnnNzJ/W9CoCargzKx+EJ4Nm3vWmX/IZRCFvrvy9C78

      fP1cmt6Sa091K9luaMAyWn7oC8h/YBXH7rB42tdvWLY4Kl9VJy6UCclvasyrfKx+SR4KU6zCsM62

      2Kvp5wW67QIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAGyaydfJHDkm77C39gq9bBb7OqK8OXEUTbIM

      p8PDJZzIf9QkpkE7gHGcWctRKi7fNdONulc5kn2K2nbvCGrbWsWQvr/DA0bjkBrK8OeWpRhLe7fl

      +JUgsErMcDIzRTmjNpZzUZp+WESRHV1j3SIcfY4tJM2uMt4Sc/afVnl5P6wL

      </X509Certificate>

      </X509Data>

      </KeyInfo>

      </Signature><saml:Subject>

      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="http://idp.ssocircle.com">l+7K5TYByCFCeab6KSA+Edv5ATvX</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

      <saml:SubjectConfirmationData InResponseTo="ID_5ab09c2a-d8cc-40f9-9b15-1f42d9577c2e" NotOnOrAfter="2011-04-12T17:57:29Z" Recipient="http://localhost:8080/myapp/AssertionConsumerService.seam"/></saml:SubjectConfirmation>

      </saml:Subject><saml:Conditions NotBefore="2011-04-12T17:37:29Z" NotOnOrAfter="2011-04-12T17:57:29Z">

      <saml:AudienceRestriction>

      <saml:Audience>http://localhost:8080/myapp</saml:Audience>

      </saml:AudienceRestriction>

      </saml:Conditions>

      <saml:AuthnStatement AuthnInstant="2011-04-12T17:47:28Z" SessionIndex="s26668733a300b1219f39cb3cdc602bdfb679e4604"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>

       

      {code}