0 Replies Latest reply on Sep 6, 2018 10:30 AM by Hitesh Ghuge

    “pl00092”: Null Value:No assertions in reply from IDP

    Hitesh Ghuge Newbie

      Hi all, I have configured ADFS 3.0 with my JBoss_6.1.0_final.

      The setup is successful and when I access application URL it redirects me to adfs page. After successful login in adfs it redirect to my application URL, Here error I encountered an error is

      ERROR [org.picketlink.identity.federation] Service Provider could not handle the request.: java.lang.IllegalArgumentException: PL00092: Null Value:No assertions in reply from IDP
      at org.picketlink.identity.federation.DefaultPicketLinkLogger.samlHandlerNoAssertionFromIDP(DefaultPicketLinkLogger.java:1410) [:2.1.8.Final]
      at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:415) [:2.1.8.Final]
      at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:135) [:2.1.8.Final]
      at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:64) [:2.1.8.Final]
      at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:105) [:2.1.8.Final]
      at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:86) [:2.1.8.Final]
      at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.handleSAMLResponse(AbstractSPFormAuthenticator.java:448) [:2.1.8.Final]
      at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:324) [:2.1.8.Final]
      at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:252) [:2.1.8.Final]
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.1.0.Final]
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
      at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
      at java.lang.Thread.run(Thread.java:662) [:1.6.0_45]

       

      My picketlink.xml is

       

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
        <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
        ServerEnvironment="tomcat" BindingType="POST" SupportsSignatures="true" CanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#">
        <KeyProvider
        ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
        <Auth Key="KeyStoreURL" Value="server.keystore" />
        <Auth Key="KeyStorePass" Value="changeit" />
        <Auth Key="SigningKeyPass" Value="changeit" />
        <Auth Key="SigningKeyAlias" Value="jbosskey" />
        <ValidatingAlias Key="{APPLICATION-URL}" Value="digite" />
        <ValidatingAlias Key="{ADFS-URL}" Value="digite" />
        </KeyProvider>

        </PicketLinkSP>
        <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" >
        <Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
        <Option Key="CLOCK_SKEW_MILIS" Value="3600000"/></Handler>
        <Handlerv class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" ></Handler>
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler">
        <Option Key="ATTRIBUTE_CHOOSE_FRIENDLY_NAME" Value="true"/>
        </Handler>
        </Handlers>
      </PicketLink>

       

      jboss-web.xml

      <security-domain>java:/jaas/sp</security-domain>

      login-config.xml

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="sp">

      <authentication>

      <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required" />

      </authentication>

      </application-policy>

       

      Is anything wrong in my configuration? How to deal with PL00092: Null Value:No assertions in reply from IDP