2 Replies Latest reply on May 4, 2007 12:34 AM by soshah

    Federated SSO Test Application Problem

    jernkoll

      Hi!

      I'm evaluating the "JBoss Federated SSO CR1" and I cannot get the test application running.

      Everything should be installed and configured correctly and deployment seems normal:

      12:45:53,703 INFO [IdentityManager] Configuration successfully loaded for the IdentityManager...........
      
      12:45:53,734 INFO [SSOManager] SSOProcessor org.jboss.security.saml.JBossSingleSignOn@345b43 was successfully registere
      d.....
      12:45:53,734 INFO [SSOManager] SSOManager service successfully started...........
      
      12:46:13,703 INFO [EARDeployer] Init J2EE application: file:/C:/Java/jboss-4.0.3SP1/server/default2/deploy/jboss-federa
      tion-server.ear
      12:46:13,875 INFO [Federation] ------------------------------
      12:46:13,875 INFO [Federation] Conf =conf/server.cfg.xml
      12:46:13,875 INFO [Federation] Partner =jboss.com,http://node1.jboss.com:8080/federate
      12:46:13,875 INFO [Federation] Partner =jboss.org,http://node1.jboss.org:8080/federate
      12:46:13,875 INFO [Federation] ------------------------------
      12:46:13,875 INFO [Federation] Federation service successfully started...............
      12:46:13,906 INFO [TomcatDeployer] deploy, ctxPath=/federate, warUrl=.../tmp/deploy/tmp47939jboss-federation-server.ear
      -contents/jboss-federation-server-exp.war/
      12:46:13,984 INFO [SSOFederationServer] Configuration successfully loaded for the SSOFederationServer...........
      12:46:14,000 INFO [EARDeployer] Started J2EE application: file:/C:/Java/jboss-4.0.3SP1/server/default2/deploy/jboss-fed
      eration-server.ear
      12:46:14,015 INFO [EARDeployer] Init J2EE application: file:/C:/Java/jboss-4.0.3SP1/server/default2/deploy/jboss-sso-te
      st.ear
      12:46:14,828 INFO [TomcatDeployer] deploy, ctxPath=/test, warUrl=.../tmp/deploy/tmp47940jboss-sso-test.ear-contents/tes
      t-exp.war/
      12:46:15,046 INFO [EARDeployer] Started J2EE application: file:/C:/Java/jboss-4.0.3SP1/server/default2/deploy/jboss-sso
      -test.ear
      


      On the surface, I have problems of making cross domain jumps with the login-form being opened on the target site. Trying to find the problem, I've found that when I open the URL "http://node1.jboss.com:8080/federate/partners" I get a ClassCastException:

      java.lang.RuntimeException:
       org.jboss.security.saml.SSOException:
       java.lang.ClassCastException:
       org.jboss.security.saml.JBossSingleSignOn
      
       org.jboss.security.federation.service.Federation.getPartnerInfo(Federation.java:217)
       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       :
       org.jboss.mx.util.JMXInvocationHandler.invoke(JMXInvocationHandler.java:273)
       $Proxy47.getPartnerInfo(Unknown Source)
       org.jboss.security.federation.servlet.SSOFederationServer.doGet(SSOFederationServer.java:277)
      


      I'm running JBoss 4.0.3 SP1.

      I've deployed "jboss-federation-server.ear", "jboss-sso-test.ear" files and the "jboss-sso.sar" directory into my "server/default/deploy" directory, duplicated the server and configured hosts.
      I've also updated "sso.cfg.xml" to point to "node1.jboss.org" instead of "node1.jboss.com" for the trustServer property on the second server.

      Single-stepping through the code leads me to line 202 in "org.jboss.security.saml.SSOManager":

       sso = ssoManager.getProcessor();
      


      This in turn calls JMXInvocationHandler.invoke which on line 273 (I haven't seen the source code) calls getProcessor on a proxy object. I guess the proxy is a proxy for the SSOManager MBean as the proxy implements SSOManagerService. When the method "getProcessor" is called on the proxy, the ClassCastException above is thrown.

      Looking at the implementation of the SSOManager MBean, "getProcessor" simply returns a "SingleSignOn" instance held as a member variable. This will most probably be a "JBossSingleSignOn" instance as the exception seem to report this and there are no other implementations.

      As "JBossSingleSignOn" implements the "SingleSignOn" interface as the "getProcessor" is expected to return I cannot really figure out why there is a class cast exception.

      I've looked through the forum, but couldn't find anyone else experiencing the same problem.

      I've cleared the "tmp" and "work" directories with no success.
      Could this be some class-loader problem?
      Anyone?

      Regards
      // Andreas


        • 1. Re: Federated SSO Test Application Problem
          jernkoll

          I've found the problem.
          We're running with isolated class loading.
          With the isolation disabled, everything works fine.

          Does this rule out "JBoss Federated SSO" for us or is there some way to get it working with isolated class loading?

          Regards
          // Andreas

          • 2. Re: Federated SSO Test Application Problem
            soshah

            Andreas-

            This is most likely just the manner in which the binaries are packaged.

            1) the jboss-sso.sar file contains the core sso engine

            2) the federation-server.ear is a standalone web application that helps with secure sso token propgation across web domains.

            You may have to play around with the default packaging for this to run in an isolated class loading setup.

            Try packaging the federation-server.ear file inside the jboss-sso.sar file and removing the jboss-saml.jar and jboss-security-common.jar from the federation-server.ear file.

            Thanks