3 Replies Latest reply on Nov 15, 2011 5:01 PM by Pedro Igor

    The IDP forces the validatingAlias to be the end user's IP

    Pedro Igor Master

      Hi,

       

           I'm facing a problem that seems to be the same discussed in http://community.jboss.org/thread/170571?tstart=0.

       

           The difference is that the "Domain Alias missing for xxx.xxx.xxx.xxx" exception is throwed in a different place. In the previous post the class throwing the expcetion was the SPRedirectSignatureFormAuthenticator (that for me is OK when it tries to validate the token with the idpAddress attribute) and now is the IDPWebBrowserSSOValve, from the IDP side.

       

           If the client trying to access the SP is on the same machine everything works fine, but when he is in a different one the problem occurs.

       

           Here is the stack trace:

         

      java.lang.IllegalStateException: PL00058: KeyStoreKeyManager : Domain Alias missing for :x.x.x.x

          at org.picketlink.identity.federation.core.impl.KeyStoreKeyManager.getValidatingKey(KeyStoreKeyManager.java:256)

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.validate(IDPWebBrowserSSOValve.java:912)

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.processSAMLRequestMessage(IDPWebBrowserSSOValve.java:516)

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve.invoke(IDPWebBrowserSSOValve.java:383)

          at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:59)

          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)

          at java.lang.Thread.run(Thread.java:662)