Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-298

Distributed authentication UI not able to do resource based authentication

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Snapshot9.5.1
    • 9.5.3, 10.0.0-EA
    • authentication
    • None
    • Centos 5
      java version "1.6.0_18"
      Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
      Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
      Tomcat 6.0.20
      OpenAM Snapshot 9.5.1 RC2
    • Rank:
      1|hzn2iv:
    • Sprint 3

      Description

      I am trying to combine cross domain sso, resource based authentication
      and a distributed authentication UI.

      I first tried to configure cross domain sso and the distributed
      authentication UI (so CDSSO Servlet URL of an agent is something like:
      https://<domainname-of-distui>/opensso/cdcservlet.
      This worked. Authentication worked perfectly.

      Now if I want to enable resource based authentication, and I add the
      "resource=true" parameter to the CDSSO Servlet URL
      (https://<domainname-of-distui>/opensso/cdcservlet?resource=true), and
      I go to this url, the distribute authenticationUI gives error message:
      "Received XML does not have Status node.". In the logs of the IdP, I
      find: The reference to entity "IssueInstant" must end with the ';'
      delimiter. (Stacktraces below)

      Note that if I leave the distributed authentication UI out of it, and
      go directly to the opensso idp
      (https://<domainname-of-opensso>/opensso/cdcservlet?resource=true,
      cross domain single sign on and resource based authentication work as
      they should.

      I tried following other configurations which all worked:

      • cross domain SSO and resource based authentication
      • cross domain SSO and distributed authentication UI
      • resource based authentication and distributed authentication UI
        without cross domain SSO.

      Since these worked, I assume there might be a bug if you enable them all?

      =======================Entering processRequest
      amXMLHandler:10/13/2010 02:08:09:560 PM CEST: Thread[http-8080-2,5,main]
      authIdentifier =
      AQIC5wM2LY4SfcyXE4WyVTL/CCjjVctZ0uTFmHvEQVXww50=@AAJTSQACMDE=#beginIndex
      = 90endIndex =153
      amAuthClientUtils:10/13/2010 02:08:09:560 PM CEST: Thread[http-8080-2,5,main]
      This server URL : http://idp.opensso.com:8080/opensso/UI/Login
      amAuthClientUtils:10/13/2010 02:08:09:560 PM CEST: Thread[http-8080-2,5,main]
      Server URL from cookie : http://idp.opensso.com:8080/opensso/UI/Login
      amXMLHandler:10/13/2010 02:08:09:560 PM CEST: Thread[http-8080-2,5,main]
      Calling AuthXMLRequestParser
      amXMLHandler:10/13/2010 02:08:09:562 PM CEST: Thread[http-8080-2,5,main]
      AuthXMLRequest Parser error :
      java.lang.Exception:
      The reference to entity "IssueInstant" must end with the ';' delimiter.
      XMLUtils.parser_error[Ljava.lang.Object;@1db1e9c
      at com.sun.identity.shared.xml.XMLUtils.getXMLDocument(XMLUtils.java:357)
      at com.sun.identity.authentication.server.AuthXMLRequestParser.<init>(AuthXMLRequestParser.java:76)
      at com.sun.identity.authentication.server.AuthXMLRequest.parseXML(AuthXMLRequest.java:144)
      at com.sun.identity.authentication.server.AuthXMLHandler.processRequest(AuthXMLHandler.java:243)
      at com.sun.identity.authentication.server.AuthXMLHandler.process(AuthXMLHandler.java:149)
      at com.iplanet.services.comm.server.PLLRequestServlet.handleRequest(PLLRequestServlet.java:180)
      at com.iplanet.services.comm.server.PLLRequestServlet.doPost(PLLRequestServlet.java:134)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      at java.lang.Thread.run(Thread.java:619)

      amXMLHandler:10/13/2010 02:08:09:562 PM CEST: Thread[http-8080-2,5,main]
      After AuthXMLRequestParser
      amXMLHandler:10/13/2010 02:08:09:562 PM CEST: Thread[http-8080-2,5,main]
      entering parseXML
      amXMLHandler:10/13/2010 02:08:09:562 PM CEST: Thread[http-8080-2,5,main]
      ERROR: Error while processing xml request
      java.lang.NullPointerException
      at com.sun.identity.authentication.server.AuthXMLHandler.processRequest(AuthXMLHandler.java:244)
      at com.sun.identity.authentication.server.AuthXMLHandler.process(AuthXMLHandler.java:149)
      at com.iplanet.services.comm.server.PLLRequestServlet.handleRequest(PLLRequestServlet.java:180)
      at com.iplanet.services.comm.server.PLLRequestServlet.doPost(PLLRequestServlet.java:134)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      at java.lang.Thread.run(Thread.java:619)

      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      error :
      java.lang.NullPointerException
      at java.util.PropertyResourceBundle.handleGetObject(PropertyResourceBundle.java:136)
      at java.util.ResourceBundle.getObject(ResourceBundle.java:378)
      at java.util.ResourceBundle.getString(ResourceBundle.java:344)
      at com.sun.identity.authentication.client.AuthClientUtils.getErrorVal(AuthClientUtils.java:1750)
      at com.sun.identity.authentication.client.AuthClientUtils.getErrorMessage(AuthClientUtils.java:568)
      at com.sun.identity.authentication.server.AuthXMLResponse.setErrorCode(AuthXMLResponse.java:109)
      at com.sun.identity.authentication.server.AuthXMLHandler.setErrorCode(AuthXMLHandler.java:895)
      at com.sun.identity.authentication.server.AuthXMLHandler.processRequest(AuthXMLHandler.java:253)
      at com.sun.identity.authentication.server.AuthXMLHandler.process(AuthXMLHandler.java:149)
      at com.iplanet.services.comm.server.PLLRequestServlet.handleRequest(PLLRequestServlet.java:180)
      at com.iplanet.services.comm.server.PLLRequestServlet.doPost(PLLRequestServlet.java:134)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      at java.lang.Thread.run(Thread.java:619)

      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      =======================Returning
      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      New authIdentifier : null
      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      Returning authIdentifier : null
      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      Request type is : 0
      amXMLHandler:10/13/2010 02:08:09:563 PM CEST: Thread[http-8080-2,5,main]
      Error Response String : <Exception ></Exception>

        Attachments

          Activity

            People

            peter.major Peter Major [X] (Inactive)
            mikegilmours mikegilmours
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: