[FEDIZ-40] Can CXF Fediz IDP & RP work with SAML1.1 ? - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.1
Fix Version/s: 1.1.0, 1.0.3
Component/s: Examples
Labels:
- security
Environment:

Apache Tomcat/7
OS Name: Windows XP
Architecture: x86

Description

Hi,
I have tried to run the RP application configured in tomcat 7 and also configured our ADFS server as IDP which serves STS tokens. As per WS-federation protocol, the control got redirected to IDP/STS for authentication & in return RP received the STS. The received STS token is SAML 1.1 version. While processing the SAML 1.1 assertion token we are getting below error where as the same code with SAML 2.0 assertion token it works well (we have IDP/STS configured into tomcat 7 as suggested in fediz tomcat IDP configuration).

For RP we used the same versions of jars as provided in the apache fediz release 1.0.2

Note:As per the below reference URL, following features are supported by the Fediz plugin 1.0
WS-Federation 1.0/1.1/1.2
SAML 1.1/2.0 Tokens
For ur Reference: http://owulff.blogspot.in/2011/11/configure-tomcat-for-federation-part.html

Error:
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
INFO: Trusted issuer: .CN=www.sts.com.
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
FINE: Truststore file: D:\FasiSSOTesting\tomcat-rp\conf\tomcat-rp.jks
Dec 10, 2012 3:10:46 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth
enticate
FINE: Truststore password: tompass
Dec 10, 2012 3:10:47 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error processing request
java.lang.NullPointerException
at org.apache.ws.security.saml.ext.OpenSAMLUtil.fromDom(OpenSAMLUtil.jav
a:83)
at org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrap
per.java:137)
at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessT
oken(SAMLTokenValidator.java:90)
at org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInReques
t(FederationProcessorImpl.java:155)
at org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Fede
rationProcessorImpl.java:75)
at org.apache.cxf.fediz.tomcat.FederationAuthenticator.authenticate(Fede
rationAuthenticator.java:448)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:544)
at org.apache.cxf.fediz.tomcat.FederationAuthenticator.invoke(Federation
Authenticator.java:235)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:405)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:269)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
t.java:302)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source
)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Attachments

Issue Links

depends upon

CXF-4746 STS issues invalid SAML 1.1 Assertions under certain conditions

Closed

is related to

FEDIZ-42 Upgrade to use CXF 2.6.6

Closed

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: satyanarayana

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/Dec/12 10:40

Updated:: 02/May/13 02:29

Resolved:: 11/Jan/13 15:15

Time Tracking

Estimated:

434h

Remaining:

434h

Logged:

Not Specified