7 Replies Latest reply on Aug 2, 2011 9:08 AM by Anil Saldanha

    PicketLink on JBoss AS 4.2.3

    Tomas Cerny Novice

      Hi, I have managed to deploy and use PicketLink with LDAP on JBoss AS 5.1.

       

      I wonder whether it will work also on JBoss GA 4.2.3?

       

      When I put all the libs and example wars on the server.

       

      I get:

       

      --- Packages waiting for a deployer ---

      org.jboss.deployment.DeploymentInfo@3d1a1a9d { url=file:/D:/jboss/jboss-4.2.3.GA-new/server/default/deploy/picketlink-sp-jboss-beans.xml }

        deployer: null

        status: null

        state: INIT_WAITING_DEPLOYER

        watch: file:/D:/jboss/jboss-4.2.3.GA-new/server/default/deploy/picketlink-sp-jboss-beans.xml

        altDD: null

        lastDeployed: 1310482868500

        lastModified: 1310482868499

        mbeans:

       

      Once I am redirected to IDP.war and try to login I get:

       

      javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NameNotFoundException: idp not bound]

              at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1215)

              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:758)

              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:627)

              at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)

              at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)

              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)

              at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:262)

              at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

              at java.lang.Thread.run(Thread.java:662)

      Caused by: javax.naming.NameNotFoundException: idp not bound

              at org.jnp.server.NamingServer.getBinding(NamingServer.java:529)

              at org.jnp.server.NamingServer.getBinding(NamingServer.java:537)

              at org.jnp.server.NamingServer.getObject(NamingServer.java:543)

              at org.jnp.server.NamingServer.lookup(NamingServer.java:296)

              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:667)

              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:627)

              at javax.naming.InitialContext.lookup(InitialContext.java:392)

              at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1209)

              ... 17 more

       

       

      Is it possible to run PicketLink on JBoss AS 4.2.3? Or I have to use JBoss AS 5.1?

       

      Thanks Tom

        • 1. Re: PicketLink on JBoss AS 4.2.3
          Tomas Cerny Novice

          I have tried to add to login-config.xml a login module idp and as next removed the jboss-web.xml file from the idp.war and get:

           

          16:10:04,558 ERROR [STDERR] org.picketlink.identity.federation.core.exceptions.ProcessingException: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/20

          01/XMLSchema-instance'

          16:10:04,559 ERROR [STDERR]     at org.picketlink.identity.federation.core.util.StaxUtil.writeAttribute(StaxUtil.java:225)

          16:10:04,559 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.writeStringAttributeValue(BaseWriter.java:188)

          16:10:04,559 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.writeAttributeTypeWithoutRootTag(BaseWriter.java:174)

          16:10:04,559 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.write(BaseWriter.java:120)

          16:10:04,559 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:207)

          16:10:04,560 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:166)

          16:10:04,560 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter.write(SAMLResponseWriter.java:93)

          16:10:04,560 ERROR [STDERR]     at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:392)

          16:10:04,560 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$IDPAuthenticationHandler.getResponse(SAML2AuthenticationHandler.

          java:313)

          16:10:04,561 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$IDPAuthenticationHandler.handleRequestType(SAML2AuthenticationHa

          ndler.java:200)

          16:10:04,562 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleRequestType(SAML2AuthenticationHandler.java:115)

          16:10:04,565 ERROR [STDERR]     at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:435)

          16:10:04,575 ERROR [STDERR]     at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

          16:10:04,576 ERROR [STDERR]     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

          16:10:04,581 ERROR [STDERR]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

          16:10:04,583 ERROR [STDERR]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

          16:10:04,585 ERROR [STDERR]     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

          16:10:04,589 ERROR [STDERR]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

          16:10:04,590 ERROR [STDERR]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

          16:10:04,604 ERROR [STDERR]     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

          16:10:04,605 ERROR [STDERR]     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

          16:10:04,611 ERROR [STDERR]     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

          16:10:04,615 ERROR [STDERR]     at java.lang.Thread.run(Thread.java:662)

          16:10:04,618 ERROR [STDERR] Caused by: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/2001/XMLSchema-instance'

          16:10:04,621 ERROR [STDERR]     at com.ctc.wstx.sw.BaseStreamWriter.throwOutputError(BaseStreamWriter.java:1413)

          16:10:04,622 ERROR [STDERR]     at com.ctc.wstx.sw.SimpleNsStreamWriter.writeAttribute(SimpleNsStreamWriter.java:84)

          16:10:04,630 ERROR [STDERR]     at org.picketlink.identity.federation.core.util.StaxUtil.writeAttribute(StaxUtil.java:221)

          16:10:04,632 ERROR [STDERR]     ... 22 more

          16:10:04,635 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing

          java.lang.IllegalArgumentException: responseType is null

                  at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:226)

                  at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:526)

                  at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

                  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

                  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

                  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

                  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

                  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

                  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

                  at java.lang.Thread.run(Thread.java:662)

           

           

          Someone have it working on JBoss 4.2.3.GA?

           

          Thanks

          • 2. Re: PicketLink on JBoss AS 4.2.3
            Anil Saldanha Master

            The picketlink-sp-jboss.xml  defines the security domain configuration.  On JBoss 4.x, that file will not work.  You have to take what is inside that file and configure the security domains in login-config.xml of 4.x

            • 3. Re: PicketLink on JBoss AS 4.2.3
              Tomas Cerny Novice

              Hello Anil,

               

              I have set the security domain. I have removed the picketlink-sp-jboss.xml. As next I have removed the jboss-web.xml from IDP.war, got the exception as above saying that:

               

              Caused by: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/2001/XMLSchema-instance'

               

              I have tried with picketLink 2 and picketLink 1.0.4

               

              Here are login-config.xml examples (I tried more options)

               

                   <application-policy name="idp">

                    <authentication>

                      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

                        flag="required">

                        <module-option name="usersProperties">props/jbossws-users.properties</module-option>

                        <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>

                        <module-option name="unauthenticatedIdentity">anonymous</module-option>

                      </login-module>

                    </authentication>

                  </application-policy>   

                 

                  <application-policy name="sp">

                     <authentication>

                     <login-module code = "org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule"

                                 flag = "required" />

                     </authentication>

                  </application-policy>

               

              Some thoughts?

               

              Thanks

              • 5. Re: PicketLink on JBoss AS 4.2.3
                Anil Saldanha Master

                Show the entire stack trace for the error you are getting...

                Caused by: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/2001/XMLSchema-instance'

                • 6. Re: PicketLink on JBoss AS 4.2.3
                  Tomas Cerny Novice

                  Here it is:

                   

                  10:39:26,735 INFO  [EARDeployer] Started J2EE application: file:/D:/jboss/jboss-4.2.3.GA-new/server/default/deploy/uvn.ear/

                  10:39:34,360 ERROR [STDERR] org.picketlink.identity.federation.core.exceptions.ProcessingException: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/20

                  01/XMLSchema-instance'

                  10:39:34,364 ERROR [STDERR]     at org.picketlink.identity.federation.core.util.StaxUtil.writeAttribute(StaxUtil.java:225)

                  10:39:34,365 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.writeStringAttributeValue(BaseWriter.java:188)

                  10:39:34,369 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.writeAttributeTypeWithoutRootTag(BaseWriter.java:174)

                  10:39:34,370 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.BaseWriter.write(BaseWriter.java:120)

                  10:39:34,371 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:207)

                  10:39:34,373 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:166)

                  10:39:34,375 ERROR [STDERR]     at org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter.write(SAMLResponseWriter.java:93)

                  10:39:34,379 ERROR [STDERR]     at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:392)

                  10:39:34,380 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$IDPAuthenticationHandler.getResponse(SAML2AuthenticationHandler.

                  java:313)

                  10:39:34,382 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$IDPAuthenticationHandler.handleRequestType(SAML2AuthenticationHa

                  ndler.java:200)

                  10:39:34,384 ERROR [STDERR]     at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleRequestType(SAML2AuthenticationHandler.java:115)

                  10:39:34,387 ERROR [STDERR]     at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:435)

                  10:39:34,388 ERROR [STDERR]     at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

                  10:39:34,390 ERROR [STDERR]     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

                  10:39:34,393 ERROR [STDERR]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                  10:39:34,395 ERROR [STDERR]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                  10:39:34,397 ERROR [STDERR]     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

                  10:39:34,399 ERROR [STDERR]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                  10:39:34,401 ERROR [STDERR]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

                  10:39:34,403 ERROR [STDERR]     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

                  10:39:34,405 ERROR [STDERR]     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

                  10:39:34,407 ERROR [STDERR]     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

                  10:39:34,409 ERROR [STDERR]     at java.lang.Thread.run(Thread.java:662)

                  10:39:34,412 ERROR [STDERR] Caused by: javax.xml.stream.XMLStreamException: Unbound namespace URI 'http://www.w3.org/2001/XMLSchema-instance'

                  10:39:34,413 ERROR [STDERR]     at com.ctc.wstx.sw.BaseStreamWriter.throwOutputError(BaseStreamWriter.java:1413)

                  10:39:34,416 ERROR [STDERR]     at com.ctc.wstx.sw.SimpleNsStreamWriter.writeAttribute(SimpleNsStreamWriter.java:84)

                  10:39:34,418 ERROR [STDERR]     at org.picketlink.identity.federation.core.util.StaxUtil.writeAttribute(StaxUtil.java:221)

                  10:39:34,420 ERROR [STDERR]     ... 22 more

                  10:39:34,439 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing

                  java.lang.IllegalArgumentException: responseType is null

                          at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:226)

                          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:526)

                          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

                          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)

                          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)

                          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)

                          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)

                          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

                          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)

                          at java.lang.Thread.run(Thread.java:662)

                  • 7. Re: PicketLink on JBoss AS 4.2.3
                    Anil Saldanha Master

                    This bug was fixed last week. Pick the 2.0.0.CR1 release and you won't see this error on 4.3