I am evaluating SSO with WSO2 Identity Server. I ran into following problem/scenario. I have one or several SSO ServiceProvider (aka websites). I have one WSO2 Identity Server. I want commercial customers to be able to manage their users themself, and that users to be able to login into the same ServiceProviders.
I set up a Service provider, I can login into it, with users defined in wso2 itself. I set up a tenant. I added same issuer in the tenant and globally. I can generally login into the sso protected site with a global user. I can login with a tenant user, but:
When the request gets back, after the login, I see following error on screen (and in logs):
org.wso2.carbon.identity.sso.agent.exception.SSOAgentException: Signature validation failed for SAML Response
org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.validateSignature(SAML2SSOManager.java:467)
org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processSSOResponse(SAML2SSOManager.java:215)
org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processResponse(SAML2SSOManager.java:142)
org.wso2.carbon.identity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:87)
I see also a lot in the logs, ending with
16:45:39.399 [http-bio-8080-exec-1] WARN o.a.x.s.signature.XMLSignature - Signature verification failed.
16:45:39.399 [http-bio-8080-exec-1] DEBUG o.o.xml.signature.SignatureValidator - Signature did not validate against the credential's key`
directly prior to the exception. If I simply hit F5, I am logged in and can use the site (meaning that my SSOAgentSesisonBean returns a valid subject).
If I try to logout from this session, I receive an error now on the opposite site, in the WSO2 IS:
TID: [0] [IS] [2014-05-05 16:38:54,589] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query string : SAMLRequest=nZLBbsIwDIZfJcqdtkCRRkTLkBASEgNpbDvsFlpDA6nNEjNtb79Ax0AcOEzKIYp%2F%2B7c%2FZzD8qq34BOcNYSbbUSIFYEGlwU0mX18mrQc5zAde17azVzPa0IGf4eMAnkXIRK%2BaUCYPDhVpb7xCXYNXXKjl6GmmOlGi9o6YCrJSjEOiQc0nt4p571Uc056NBe8pKiKNxBU4oyMEVv007cZHhxCUYjrO5BZ3ZGlH5Yq2dqc3Vbmt1xZwbUjbra1WdVWVWhdB7f0BpuhZI2eyk7TTVtIL56Wdqm5fJZ2o3UvepZgTL3DhRmsGd6tL04vuGbQ%2Fdr0MaCyIhoUUb2d2YVD5S0qdvN01ofuAtPfgjlBkHsa%2BQBjE1%2FXO1echfzr%2BT3UxIVdrvi8%2FvpiytT5JFSAb%2FpZ5syRd1gYfm3tUwrm%2FpqO%2Ff7IMywx2UyzhK85%2FRTffJ%2F8B&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=A9nB2Mt6aK%2Be8jlOau4ERjw6C1FX3ZiO%2FOzZ77oWhkNalypG7OSTYk6dndt8j4BpAeSfYEfQAh8VBhygL%2BBmcY8RFb93HpB6UnYEdoO0sQy3dhg1iZYoLEMnwScv8odbA54nXdPFT%2B%2FbTBK4rFJ6GcCphKHP9wJcwIPF0KVjKHU%3D {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet}
TID: [0] [IS] [2014-05-05 16:38:54,590] DEBUG {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message <?xml version="1.0" encoding="UTF-8"?><saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://xxx.c.anotheria.net:9443/samlsso" ID="jnkolokodbojlkaghdjmflenfioaljlhbmhhdaac" IssueInstant="2014-05-05T14:39:02.150Z" NotOnOrAfter="2014-05-05T14:44:02.150Z" Reason="Single Logout" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">net.anotheria</saml2:Issuer><saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">xxxadmin#xxx.de</saml2:NameID><saml2p:SessionIndex/></saml2p:LogoutRequest> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil}
TID: [0] [IS] [2014-05-05 16:38:54,595] ERROR {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor} - Error Processing the Logout Request {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor}
java.lang.NullPointerException
at org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor.process(LogoutRequestProcessor.java:116)
at org.wso2.carbon.identity.sso.saml.SAMLSSOService.validateSPInitSSORequest(SAMLSSOService.java:115)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleSPInitSSO(SAMLSSOProviderServlet.java:236)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:132)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [IS] [2014-05-05 16:38:54,596] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Error when processing the authentication request! {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet}
org.wso2.carbon.identity.base.IdentityException: Error Processing the Logout Request
at org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor.process(LogoutRequestProcessor.java:206)
at org.wso2.carbon.identity.sso.saml.SAMLSSOService.validateSPInitSSORequest(SAMLSSOService.java:115)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleSPInitSSO(SAMLSSOProviderServlet.java:236)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:132)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor.process(LogoutRequestProcessor.java:116)
... 38 more
I can login and logout with globalusers without any problems.
I assume that the error is on the first-login-return side, but I can't imagine which.
First check whether you can login to WSO2 IS with the tenant user you created.
If you created a tenant, then register the SPs in the tenant, then you should be able to login to web sites with WSO2 Identity Server as IDP, with the tenant users.
With the message you have seen, this seems to be an error in authentication. Not specific to SSO.
Thanks,
Pushpalanka
Related
I have installed Jboss AMQ 7.0.1.
Everything working fine. But getting following exception if I try to browse Wiki in Web Management Console.
javax.management.InstanceNotFoundException : io.fabric8:type=Fabric
Stack trace:
javax.management.InstanceNotFoundException: io.fabric8:type=Fabric
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1095)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBeanInfo(DefaultMBeanServerInterceptor.java:1375)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getMBeanInfo(JmxMBeanServer.java:920)
at org.jolokia.handler.ExecHandler.extractMBeanParameterInfos(ExecHandler.java:167)
at org.jolokia.handler.ExecHandler.extractOperationTypes(ExecHandler.java:143)
at org.jolokia.handler.ExecHandler.doHandleRequest(ExecHandler.java:84)
at org.jolokia.handler.ExecHandler.doHandleRequest(ExecHandler.java:40)
at org.jolokia.handler.JsonRequestHandler.handleRequest(JsonRequestHandler.java:89)
at org.jolokia.backend.MBeanServerExecutorLocal.handleRequest(MBeanServerExecutorLocal.java:109)
at org.jolokia.backend.MBeanServerHandler.dispatchRequest(MBeanServerHandler.java:159)
at org.jolokia.backend.LocalRequestDispatcher.dispatchRequest(LocalRequestDispatcher.java:99)
at org.jolokia.backend.BackendManager.callRequestDispatcher(BackendManager.java:413)
at org.jolokia.backend.BackendManager.handleRequest(BackendManager.java:158)
at org.jolokia.http.HttpRequestHandler.executeRequest(HttpRequestHandler.java:197)
at org.jolokia.http.HttpRequestHandler.handleGetRequest(HttpRequestHandler.java:86)
at org.jolokia.http.AgentServlet$4.handleRequest(AgentServlet.java:430)
at org.jolokia.http.AgentServlet.handleSecurely(AgentServlet.java:301)
at org.jolokia.http.AgentServlet.handle(AgentServlet.java:277)
at org.jolokia.http.AgentServlet.doGet(AgentServlet.java:237)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
at io.hawt.web.AuthenticationFilter$3.run(AuthenticationFilter.java:201)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at io.hawt.web.AuthenticationFilter.executeAs(AuthenticationFilter.java:198)
at io.hawt.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:136)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.CORSFilter.doFilter(CORSFilter.java:42)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XXSSProtectionFilter.doFilter(XXSSProtectionFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.SessionExpiryFilter.process(SessionExpiryFilter.java:148)
at io.hawt.web.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:46)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1613)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:541)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1593)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1239)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1562)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1141)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:564)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:122)
at org.eclipse.jetty.util.thread.strategy.ExecutingExecutionStrategy.invoke(ExecutingExecutionStrategy.java:58)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:201)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:133)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
at java.lang.Thread.run(Thread.java:745)
After some search I found it may be a reason of Fabric up-gradation, but not sure what exactly, I have to do to do that.
To my knowledge all the wiki functionality in the Hawtio-based web console has been disabled in Red Hat JBoss AMQ so I think this can safely be ignored.
I am using BIRT 4.5 and Eclipse/Mars, and attempting to implement the instructions on the following page to create a web services data set:
http://developer.actuate.com/be/documentation/ihub31-dev/DAG/index.html#page/DAG%2Faccessing-data-webservice.10.4.html
The web service I am connecting to is:
http://www.webservicex.net/WeatherForecast.asmx?WSDL
All works according to the Actuate documentation given above until selecting the default options for the SOAP Response, at which point I am getting the following error.
org.eclipse.datatools.connectivity.oda.OdaException: XML data source cannot be retrieved. XML data source file is invalid or the file doesn't exist.
at org.eclipse.datatools.enablement.oda.xml.ui.wizards.XPathChoosePage.populateXMLTree(XPathChoosePage.java:482)
at org.eclipse.datatools.enablement.oda.xml.ui.wizards.XPathChoosePage.refreshControls(XPathChoosePage.java:207)
at org.eclipse.datatools.enablement.oda.xml.ui.wizards.XPathChoosePage.refresh(XPathChoosePage.java:201)
at org.eclipse.datatools.enablement.oda.ws.ui.wizards.XMLTableMappingPage.refresh(XMLTableMappingPage.java:105)
at org.eclipse.datatools.enablement.oda.ws.ui.wizards.SOAPResponsePage.getNextPage(SOAPResponsePage.java:644)
at org.eclipse.jface.wizard.WizardDialog.nextPressed(WizardDialog.java:878)
at org.eclipse.jface.wizard.WizardDialog.buttonPressed(WizardDialog.java:425)
at org.eclipse.jface.dialogs.Dialog$2.widgetSelected(Dialog.java:619)
at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:248)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
at org.eclipse.swt.widgets.Display.sendEvent(Display.java:4230)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1491)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1514)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1499)
at org.eclipse.swt.widgets.Widget.notifyListeners(Widget.java:1299)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4072)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3698)
at org.eclipse.jface.window.Window.runEventLoop(Window.java:827)
at org.eclipse.jface.window.Window.open(Window.java:803)
at org.eclipse.birt.report.designer.data.ui.actions.NewDataSetAction.createNewDataSet(NewDataSetAction.java:194)
at org.eclipse.birt.report.designer.data.ui.actions.NewDataSetAction.run(NewDataSetAction.java:182)
at org.eclipse.jface.action.Action.runWithEvent(Action.java:473)
at org.eclipse.jface.action.ActionContributionItem.handleWidgetSelection(ActionContributionItem.java:595)
at org.eclipse.jface.action.ActionContributionItem.access$2(ActionContributionItem.java:511)
at org.eclipse.jface.action.ActionContributionItem$5.handleEvent(ActionContributionItem.java:420)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
at org.eclipse.swt.widgets.Display.sendEvent(Display.java:4230)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1491)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1514)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1499)
at org.eclipse.swt.widgets.Widget.notifyListeners(Widget.java:1299)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4072)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3698)
at org.eclipse.e4.ui.internal.workbench.swt.PartRenderingEngine$4.run(PartRenderingEngine.java:1127)
at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:337)
at org.eclipse.e4.ui.internal.workbench.swt.PartRenderingEngine.run(PartRenderingEngine.java:1018)
at org.eclipse.e4.ui.internal.workbench.E4Workbench.createAndRunUI(E4Workbench.java:156)
at org.eclipse.ui.internal.Workbench$5.run(Workbench.java:654)
at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:337)
at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:598)
at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:150)
at org.eclipse.ui.internal.ide.application.IDEApplication.start(IDEApplication.java:139)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:134)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:104)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:380)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:235)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:669)
at org.eclipse.equinox.launcher.Main.basicRun(Main.java:608)
at org.eclipse.equinox.launcher.Main.run(Main.java:1515)
There are two answers to provide on the "Edit Soap Response" dialog:
Select SOAP Response Schema, for which I chose 'Use operation
response..."
Select Sample SOAP response message, for which I left
blank
This should be a fairly straightforward exercise of connecting BIRT to the weather service, as given by the Actuate example. Suggestions on the cause of the above stack trace and how to work around it are appreciated.
This issue is a bug with BIRT 4.5.x, perhaps prior versions as well. The details can be found on the Actuate Developer Forum:
http://developer.actuate.com/community/forum/index.php?/topic/37700-connecting-to-the-axis2-echoservice-example/
I am using two WSO2 Identity Server for back-end and Apache HTTP as front-end Load Balancer
When testing the browser the URL https://lab1.xx.xx/dashboard, I see the following error at the WSO2 console log:
TID: [0] [IS] [2015-09-10 16:59:22,846] ERROR {org.wso2.carbon.tomcat.ext.valves.CompositeValve} - Could not handle request: /portal/gadgets/user_profile/js/main.js {org.wso2.carbon.tomcat.ext.valves.CompositeValve}
javax.servlet.ServletException: Possible CSRF attack. Refer header : https://lab1.xx.xx/dashboard/
at org.wso2.carbon.ui.valve.CSRFValve.validateRefererHeader(CSRFValve.java:123)
at org.wso2.carbon.ui.valve.CSRFValve.validatePatterns(CSRFValve.java:96)
at org.wso2.carbon.ui.valve.CSRFValve.invoke(CSRFValve.java:71)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
I applied the Patch ID: WSO2-CARBON-PATCH-4.2.0-1256 and WSO2-IS-5.0.0-SP01
<CSRFPreventionConfig>
<Enabled>true</Enabled>
<Rule>allow</Rule>
<Patterns>
<Pattern>carbon</Pattern>
<Pattern>commonauth</Pattern>
<Pattern>samlsso</Pattern>
<Pattern>authenticationendpoint</Pattern>
<Pattern>wso2</Pattern>
<Pattern>oauth2</Pattern>
<Pattern>openid</Pattern>
<Pattern>openidserver</Pattern>
<Pattern>passivests</Pattern>
<Pattern>services</Pattern>
</Patterns>
<WhiteList>
<Url>https://localhost:9443</Url>
</WhiteList>
</CSRFPreventionConfig>
Any hint how to setup a CSRF Whitelist?
Regards, Raybar
Change your /repository/conf/carbon.xml file and on WhiteList element add the Url element with the text https://lab1.xx.xx.
After changing that part must appears something like:
<WhiteList>
<Url>https://localhost:9443</Url>
<Url>https://lab1.xx.xx</Url>
</WhiteList>
I add in the whitelist, but does not work, I still see the same error log.
it might be added somewhere else?
my /repository/conf/carbon.xml file:
<CSRFPreventionConfig>
<Enabled>false</Enabled>
<Rule>allow</Rule>
<Patterns>
<Pattern>carbon</Pattern>
<Pattern>commonauth</Pattern>
<Pattern>samlsso</Pattern>
<Pattern>authenticationendpoint</Pattern>
<Pattern>wso2</Pattern>
<Pattern>oauth2</Pattern>
<Pattern>openid</Pattern>
<Pattern>openidserver</Pattern>
<Pattern>passivests</Pattern>
<Pattern>services</Pattern>
<Pattern>dashboard</Pattern>
</Patterns>
<WhiteList>
<Url>https://localhost:9443</Url>
<Url>https://ssohalab2.xx.xx:9443</Url>
<Url>https://lab1.xx.xx/dashboard/*</Url>
</WhiteList>
</CSRFPreventionConfig>
https://ssohalab2.xx.xx:9443 ---> SSO Server
https://lab1.xx.xx/dashboard/* ---> Reverse Proxy
Regards, Raybar
I need a little help with this. I'm use this project (play-pac4j-scala-demo) to test my wso2is SAML server, the only change that I make is in the openidp-feide.xml file, replaced with this content:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https://localhost:9443/samlsso" validUntil="2023-09-23T06:57:15.396Z">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data >
<ds:X509Certificate >
MIIEVTCCAz2gAwIBAgIQIzI6SPzN4kG8sJ2/gY6QDTANBgkqhkiG9w0BAQsFADCB
hDE7MDkGA1UECwwyZ2VuZXJhdGVkIGJ5IGF2YXN0ISBhbnRpdmlydXMgZm9yIFNT
TC9UTFMgc2Nhbm5pbmcxHzAdBgNVBAoMFmF2YXN0ISBXZWIvTWFpbCBTaGllbGQx
JDAiBgNVBAMMG2F2YXN0ISBXZWIvTWFpbCBTaGllbGQgUm9vdDAeFw0xNTAxMjAy
MDA2MzlaFw0xNjAxMjAyMDA2MzlaMD8xITAfBgNVBAsTGERvbWFpbiBDb250cm9s
IFZhbGlkYXRlZDEaMBgGA1UEAwwRKi5qZndlYnBvcnRhbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvNSZgsBqc+0iEQL//mc/sWCKsTQTnxCEs
4FL4JN7RzoV0rftB0XkxxSdss66YeSwZ1/hN8hNkswDyL9ttlsum8r4brirJdRgI
XaXYj5gzGKWa5fhbQjeUQ3FqXQbM+ytnHvUvD4JqRgs3ccXEpHf35dk/2MtveI0b
us8IeCbvrScerbG5a6zdz2pPmlh5jRc/MQ8mHWQjYZTf4/hLMZR2iXzVAhCD59BG
aPAWUBbv4uz44xs288QDhA8Ty0+M0fHNxH6v5v1AFENMaMVwoeLb8d2VkFZK+1nm
kRTgGeVupab3k4+3XlV7QKD9EqsfDso+oAiRIrvvmAXC3BMkwEflAgMBAAGjggEF
MIIBATAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAOBgNVHQ8BAf8EBAMCBaAwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQcXATA5MDcG
CCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9z
aXRvcnkvMB8GA1UdIwQYMBaAFBlpv0JwXwGkdtayZXqLgJRKp/VxMC0GA1UdEQQm
MCSCESouamZ3ZWJwb3J0YWwuY29tgg9qZndlYnBvcnRhbC5jb20wHQYDVR0OBBYE
FBpRAaygfEl1uFhj8ijqTcjA71V0MA0GCSqGSIb3DQEBCwUAA4IBAQCT7CS4yUUd
VI+oE7KGsGmTgtjEc7Ui211v5f6HUmscz2g/udFJwppKkutoRVovrVl6S64LVIpY
pgmwDCreBwxhwmn+x4W1GpQ97R9PLTW2QAh5AoBbUCT8y/RbLvxY9W9Qz5gj5RIi
NRi7i2J/omo/qh5mQfC6WRmHz91mKSv6+Ts5S+PGB30kkezYXc7KG/1z4L7nBlLs
brsIcG7fVu7fRJEyxG64ePONIm0zu4agOWd+AqBbfz6PS+RimgqGbIBNjBjJxGNi
ySG0z4s5NUsOxMgWc54HEOyTu6ULCaslrWVQqAZIYRDBoYt98LfkhDSMmT7+YN04
aWezsyuqis2V
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
The above is the Idp metadata. Next, in the wso2is server I created an issuer, like this:
Issuer : http://localhost:9000/callback?client_name=Saml2Client
Assertion Consumer URL *: http://localhost:9000/callback?client_name=Saml2Client
NameID format : urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Enable Attribute Profile: true
Other attributes stay with default options.
But when I try to authenticate the project (play-pac4j-scala-demo) throws this Exception:
[debug] - org.pac4j.play.CallbackController - defaultUrl : /?2
at scala.concurrent.impl.CallbackRunnable.executeWithValue(Promise.scala:40) [scala-library-2.11.6.jar:na]
at scala.concurrent.impl.Promise$DefaultPromise.tryComplete(Promise.scala:248) [scala-library-2.11.6.jar:na]
at scala.concurrent.Promise$class.complete(Promise.scala:55) [scala-library-2.11.6.jar:na]
at scala.concurrent.impl.Promise$DefaultPromise.complete(Promise.scala:153) [scala-library-2.11.6.jar:na]
at scala.concurrent.Future$$anonfun$recover$1.apply(Future.scala:324) [scala-library-2.11.6.jar:na]
at scala.concurrent.Future$$anonfun$recover$1.apply(Future.scala:324) [scala-library-2.11.6.jar:na]
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32) [scala-library-2.11.6.jar:na]
at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:40) [play_2.11-2.4.0.jar:2.4.0]
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) [akka-actor_2.11-2.3.11.jar:na]
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:397) [akka-actor_2.11-2.3.11.jar:na]
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [scala-library-2.11.6.jar:na]
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [scala-library-2.11.6.jar:na]
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [scala-library-2.11.6.jar:na]
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [scala-library-2.11.6.jar:na]
Caused by: org.pac4j.saml.exceptions.SamlException: IDP Metadata cannot be null
at org.pac4j.saml.sso.Saml2WebSSOProfileHandler.receiveMessage(Saml2WebSSOProfileHandler.java:127) ~[pac4j-saml-1.7.0.jar:na]
at org.pac4j.saml.client.Saml2Client.retrieveCredentials(Saml2Client.java:322) ~[pac4j-saml-1.7.0.jar:na]
at org.pac4j.saml.client.Saml2Client.retrieveCredentials(Saml2Client.java:95) ~[pac4j-saml-1.7.0.jar:na]
at org.pac4j.core.client.BaseClient.getCredentials(BaseClient.java:220) ~[pac4j-core-1.7.0.jar:na]
at org.pac4j.play.java.RequiresAuthenticationAction$6.apply(RequiresAuthenticationAction.java:202) ~[play-pac4j-java-1.5.0-SNAPSHOT.jar:na]
at org.pac4j.play.java.RequiresAuthenticationAction$6.apply(RequiresAuthenticationAction.java:194) ~[play-pac4j-java-1.5.0-SNAPSHOT.jar:na]
at play.core.j.FPromiseHelper$$anonfun$promise$2.apply(FPromiseHelper.scala:36) ~[play_2.11-2.4.0.jar:2.4.0]
at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) ~[scala-library-2.11.6.jar:na]
at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) ~[scala-library-2.11.6.jar:na]
... 7 common frames omitted
What is wrong here? Can anyone help?
Thanks!
This indicates that the method decoder.decode was not able to determine the IDP to use from the SAML Authentication response.
If you encounter an error at this point, I assume you successfully redirect to your IDP, enter your credentials and redirect back to your application which is rather a good starting point.
Please use a debugging tool (for example SAML Tracer for Firefox) to read the SAML assertion and check if the IDP entity ID is consistent with your set-up.
I'm the creator of play-pac4j, but unfortunately no SAML specialist. I guess the SAML response from your IdP does not contain the necessary data as it's an explicit check: https://github.com/pac4j/pac4j/blob/pac4j-1.7.0/pac4j-saml/src/main/java/org/pac4j/saml/sso/Saml2WebSSOProfileHandler.java#L127 In pac4j (and pac4j-saml v1.7.1), the SAML support has evolved: maybe you should give it a try...
I got this kind of error. when trying to read a properties file It works fine in development mode but when I trying to deploy app to tomcat this error is comes.
SEVERE: Exception while dispatching incoming RPC call
com.google.gwt.user.client.rpc.SerializationException: Type 'java.io.FileNotFoundException' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object not found in the classpath
at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serialize(ServerSerializationStreamWriter.java:619)
at com.google.gwt.user.client.rpc.impl.AbstractSerializationStreamWriter.writeObject(AbstractSerializationStreamWriter.java:126)
at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter$ValueWriter$8.write(ServerSerializationStreamWriter.java:153)
at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serializeValue(ServerSerializationStreamWriter.java:539)
at com.google.gwt.user.server.rpc.RPC.encodeResponse(RPC.java:616)
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:390)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:588)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Whenever you make an Rpc call, the classes involved must implement java.io.Serializable. In your case, this might have happened.
In your service class methods you somewhere mentioned one of the arguments or return type as java.io.FileNotFoundException which does not implement java.io.Serializable. Hence it cannot be serialized.
EDIT : This might help you Serialization Exception while making an RPC call
Every exception that could go to the client-side has to be declared in a throws clause in your RemoteService interface.
If it's working in DevMode, it's probably because you don't have such an exception. You have to find the cause of the FileNotFoundException.