6 Replies Latest reply on Nov 6, 2014 10:07 AM by Rodrigo Silva

    PicketLink 2.1.7 Final - Service Provider could not handle the request

    Ravi Gandhi Newbie

      Hi, I am trying to use JBoss test application as Service provider to talk to SSO Easy as IDP Server.

      JBoss 6.0.0 Final

      Java 1.6.30

      PicketLink 2.1.7 Final

      PicketLink JARS used: picketlink-core-2.1.7.Final.jar and picketlink-jbas5-2.1.7.Final.jar

       

      When I run test home page, http://localhost:8080/helloworld/Hello it is re-directed to IDP Login Page.

      Username password are authenticated at login page and user is directed back to http://localhost:8080/helloworld/Hello but with below exception in JBoss,

      browser page is blank and server.log has this error

       

      2013-09-06 17:05:01,523 ERROR [org.picketlink.identity.federation] (http-0.0.0.0-8080-1) Service Provider could not handle the request.: java.lang.NullPointerException

        at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881) [:1.6.0_30]

        at org.apache.catalina.session.StandardSession.setNote(StandardSession.java:899) [:6.0.0.Final]

        at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.handleSAMLResponse(AbstractSPFormAuthenticator.java:505) [:2.1.7.Final]

        at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:319) [:2.1.7.Final]

        at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [:2.1.7.Final]

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.Final]

        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]

        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]

        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]

        at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]

       

       

      2013-09-06 17:05:02,402 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/helloworld].[jsp]] (http-0.0.0.0-8080-1) Servlet.service() for servlet jsp threw exception: java.lang.NullPointerException

        at org.apache.jsp.error_jsp._jspService(error_jsp.java:71)

        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [:6.0.0.Final]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [:1.0.0.Final]

        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369) [:6.0.0.Final]

        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) [:6.0.0.Final]

        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:253) [:6.0.0.Final]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [:1.0.0.Final]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]

        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:734) [:6.0.0.Final]

        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:541) [:6.0.0.Final]

        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:479) [:6.0.0.Final]

        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:407) [:6.0.0.Final]

        at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:331) [:2.1.7.Final]

        at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) [:2.1.7.Final]

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.Final]

        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]

        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]

        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]

        at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]

        at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]

       

       

      2013-09-06 17:05:02,441 ERROR [org.picketlink.identity.federation] (http-0.0.0.0-8080-1) Error forwarding to the error page: /error.jsp

       

      Context.xml contents,

       

      <?xml version="1.0" encoding="UTF-8"?>
      <Context>
          <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator" />
      </Context>
      
      

       

      Jboss-web.xml contents,

      <jboss-web>
      <security-domain>java:/jaas/Test</security-domain>
      </jboss-web>
      
      

       

      picketlink.xml contents,

       

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
      
      
      
      
          <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
              BindingType="POST">
      
      
              <IdentityURL>http://<IDP-SERVER NAME>/ExampleIdentityProvider</IdentityURL>
              <ServiceURL>http://aud24902rw:8080/helloworld/Hello</ServiceURL>
          </PicketLinkSP>
      
      
          <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
             <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
             <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
          </Handlers>
      
      
      </PicketLink>
      
      

       

       

      web.xml

       

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
      
        
        <servlet>
          <servlet-name>HelloWorld</servlet-name>
          <jsp-file>/index.jsp</jsp-file>
        </servlet>
      
        <servlet>
          <servlet-name>Logout</servlet-name>
          <jsp-file>/logout.jsp</jsp-file>
        </servlet>
      
      
        <servlet-mapping>
          <servlet-name>HelloWorld</servlet-name>
          <url-pattern>/Hello</url-pattern>
        </servlet-mapping>
      
        <servlet-mapping>
          <servlet-name>Logout</servlet-name>
          <url-pattern>/Logout</url-pattern>
        </servlet-mapping>
      
         <security-constraint>
          <web-resource-collection>
            <web-resource-name>SonoraResourceCollection</web-resource-name>
         <url-pattern>/Hello</url-pattern>
         </web-resource-collection>
          <auth-constraint>
            <role-name>SonoraSecurityRole</role-name>
          </auth-constraint>
        </security-constraint>
      
        <login-config>
        <!--Uncomment below lines for basic authentication-->
          <!--<auth-method>BASIC</auth-method>-->
        <auth-method>FORM</auth-method>
        <realm-name>QSuper SSO</realm-name>
        <form-login-config>
        <form-login-page>/index.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
        </login-config>
      
      
        <security-role>
          <role-name>SonoraSecurityRole</role-name>
        </security-role>
      
      
      </web-app>
      
      

       

      login-config.xml snippet

      <application-policy name = "Test">
        <authentication>
        <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required">
            <module-option name="password-stacking" value="useFirstPass"/>
          </login-module>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
            <module-option name="password-stacking" value="useFirstPass"/>
            <module-option name="usersProperties" value="users.properties"/>
            <module-option name="rolesProperties" value="roles.properties"/>
          </login-module>
        </authentication>
      </application-policy>
      
      

       

      I have users.properties and roles.properties in class path. users.properties is empty whereas roles.properties content are as follows,

       

      tomcat=manager,employee,sales
      idp-user=SonoraSecurityRole,HttpInvoker,manager,employee,sales
      SONORA=SonoraSecurityRole,HttpInvoker,manager,employee,sales
      
      

       

       

      Am I doing something wrong? Previously I was getting “HTTP Status 403 - Access to the requested resource has been denied" response. I believe that somehow roles are not picked up.

      Please help.

       

      Thank you.