[Shib-Users] Unable to locate login page and blank screen
40 views
Skip to first unread message
John Peter
Sep 8, 2010, 1:00:26 PM9/8/10
to shibbole...@internet2.edu
|
Jim Fox
Sep 8, 2010, 1:57:35 PM9/8/10
to shibbole...@internet2.edu
> In Tomcat log i can below error message
> ---------------------------------------
> 08-Sep-2010 14:23:31 org.apache.catalina.core.ApplicationDispatcher invoke
> SEVERE: Servlet.service() for servlet jsp threw exception
> java.lang.NullPointerException
> �at org.apache.jsp.login_jsp._jspService(login_jsp.java:80)
> �at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
Do you have a custon login.jsp? Looks like something required is missing.
You could look at the login_jsp.java to see exactly what is failing.
Jim
Etienne Dysli
Sep 9, 2010, 8:51:35 AM9/9/10
to shibbole...@internet2.edu
On 08/09/10 19:00, John Peter wrote:
> Our users are also frequently reporting this problem.
> Our users are also frequently reporting this problem.
Our users didn't bother... :/
> In Tomcat log i can below error message
> ---------------------------------------
> 08-Sep-2010 14:23:31 org.apache.catalina.core.ApplicationDispatcher invoke
> SEVERE: Servlet.service() for servlet jsp threw exception
> java.lang.NullPointerException
> at org.apache.jsp.login_jsp._jspService(login_jsp.java:80)
This looks like the NPE I wrote about 3 months ago. Peter Schober's
solution fixed it, see
http://groups.google.com/group/shibboleth-users/browse_thread/thread/a9ad13b75d21af08.
In short: check whether the loginContext object is null before using it
in the JSP.
Regards,
Etienne
Peter Schober
Sep 9, 2010, 9:10:37 AM9/9/10
to shibbole...@internet2.edu
* Etienne Dysli <etienn...@unil.ch> [2010-09-09 14:52]:
> This looks like the NPE I wrote about 3 months ago. Peter Schober's
> solution fixed it, see
> http://groups.google.com/group/shibboleth-users/browse_thread/thread/a9ad13b75d21af08.
> In short: check whether the loginContext object is null before using it
> in the JSP.
> This looks like the NPE I wrote about 3 months ago. Peter Schober's
> solution fixed it, see
> http://groups.google.com/group/shibboleth-users/browse_thread/thread/a9ad13b75d21af08.
> In short: check whether the loginContext object is null before using it
> in the JSP.
The code this example was based on came from someone else (speak up!),
but anyway: Could this be included in the default login page for the
next release (2.2)?
There's no loginContext != NULL check in REL_2 and login.jsp in trunk
looks even more stripped down.
Should we file a bug?
-peter
Halm Reusser
Sep 9, 2010, 9:15:21 AM9/9/10
to shibbole...@internet2.edu
On 09.09.10 15:10, Peter Schober wrote:
> Should we file a bug?
An associated one already exists:> Should we file a bug?
https://bugs.internet2.edu/jira/browse/SIDP-411
-Halm
Peter Schober
Sep 9, 2010, 9:32:53 AM9/9/10
to shibbole...@internet2.edu
John Peter
Sep 10, 2010, 6:01:17 AM9/10/10
to shibbole...@internet2.edu
Many thanks for your reply.
We have changed 'login.jsp' as below. But users are still getting blank screen.
Could you please help. I have enclosed 'idp-process.log' and 'tomcat.log'. <%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext" %>
<%@ page import="edu.internet2.middleware.shibboleth.idp.session.*" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %> <%@ page import="org.opensaml.saml2.metadata.*" %> <%
response.setHeader("Cache-Control","no-cache,no-store,must-revalidate"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", -1); %> <% LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
Session userSession = HttpServletHelper.getUserSession(request); %> <html>
<head> <title>Shibboleth Identity Provider - Login</title> </head> <body> <img src="<%= request.getContextPath() %>/images/logo.jpg" /> <h2>Shibboleth Identity Provider Login to Service Provider</h2> <p>Existing Session: <%= userSession != null %><br/></p> <% if ("true".equals(request.getAttribute("loginFailed"))) { %> <p><font color="red">Authentication Failed</font></p> <% } %> <% if(request.getAttribute("actionUrl") != null){ %> <form action="<%=request.getAttribute("actionUrl")%>" method="post"> <% }else{ %> <form action="j_security_check" method="post"> <% } %> <table> <tr> <td>Username:</td> <td><input name="j_username" type="text" tabindex="1" /></td> </tr> <tr> <td>Password:</td> <td><input name="j_password" type="password" tabindex="2" /></td> </tr> <tr> <td colspan="2"><input type="submit" value="Login" tabindex="3" /></td> </tr> </table> </form> </body> </html> idp-process.log --------------- 09:33:29.892 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:296] - LoginContext not bound to HTTP request, retrieving it from storage service 09:33:29.893 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:299] - LoginContext key cookie was not present in request 09:33:29.895 - ERROR [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:143] - Unable to redirect to login page. |
... 27 common frames omitted
09:33:30.618 - TRACE [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:105] - Attempting to retrieve IdP session cookie. 09:33:30.619 - TRACE [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:111] - Found IdP session cookie. 09:33:30.619 - TRACE [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:71] - Updating IdP session activity time and adding session object to the request Tomcat.log ----------- Sep 10, 2010 9:33:29 AM org.apache.catalina.core.ApplicationDispatcher invoke |
SEVERE: Servlet.service() for servlet jsp threw exception java.lang.NullPointerException at org.apache.jsp.login_jsp._jspService(login_jsp.java:80) |
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
|
Peter Schober
Sep 10, 2010, 6:52:21 AM9/10/10
to shibbole...@internet2.edu
* John Peter <jpete...@yahoo.com> [2010-09-10 12:02]:
> We have changed 'login.jsp' as below. But users are still getting
> blank screen.
> We have changed 'login.jsp' as below. But users are still getting
> blank screen.
Because per the code you sent you did /not/ change login.jsp to check
for a null loginContext, which is the only change Etienne mentioned
and what is part of the code he referred you to.
In case you just sent the wrong code (and did in fact add the check)
did you run the install script again to include the changed jsp file
in the WAR?
-peter
John Peter
Sep 10, 2010, 8:46:00 AM9/10/10
to shibbole...@internet2.edu
Dear Peter,
Thank you very much. It helps a lot.
I have changed the 'login.jsp' script as below and redeployed idp. By making below change if any users come with loginContext == null value. They are going to get 'Error' message instead of login.jsp. Is that how it should work or i'm missing some point.
Could you please update. |
|
<%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext" %>
<%@ page import="edu.internet2.middleware.shibboleth.idp.session.*" %> <%@ page import="edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %> <%@ page import="org.opensaml.saml2.metadata.*" %> <% response.setHeader("Cache-Control","no-cache,no-store,must-revalidate"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", -1); %> <% LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), Session userSession = HttpServletHelper.getUserSession(request); %> <html> <head> <title>Shibboleth Identity Provider - Login</title> </head> <body> <img src="<%= request.getContextPath() %>/images/logo.jpg" /> <h2>Shibboleth Identity Provider Login to Service Provider</h2> <p>Existing Session: <%= userSession != null %><br/></p> |
<% if(loginContext != null){ %>
|
<% if ("true".equals(request.getAttribute("loginFailed"))) { %> <p><font color="red">Authentication Failed</font></p> <% } %> <% if(request.getAttribute("actionUrl") != null){ %> <form action="<%=request.getAttribute("actionUrl")%>" method="post"> <% }else{ %> <form action="j_security_check" method="post"> <% } %> <table> <tr> <td>Username:</td> <td><input name="j_username" type="text" tabindex="1" /></td> </tr> <tr> <td>Password:</td> <td><input name="j_password" type="password" tabindex="2" /></td> </tr> <tr> <td colspan="2"><input type="submit" value="Login" tabindex="3" /></td> </tr> </table> </form> |
<% } %>
<% } else { %> <h1>Error</h1> <% } %> </body>
</html> Many thanks
Regards
John.p
|
|
Peter Schober
Sep 10, 2010, 9:11:43 AM9/10/10
to shibbole...@internet2.edu
* John Peter <jpete...@yahoo.com> [2010-09-10 14:46]:
> I have changed the 'login.jsp' script as below and redeployed
> idp. By making below change if any users come with loginContext ==
> null value. They are going to get 'Error' message instead of
> login.jsp. Is that how it should work or i'm missing some point.
> I have changed the 'login.jsp' script as below and redeployed
> idp. By making below change if any users come with loginContext ==
> null value. They are going to get 'Error' message instead of
> login.jsp. Is that how it should work or i'm missing some point.
That's how it works. What happens in the case of a null loginContext
is now up to your imagination. Besides outputing a real error message
(which explains why people end up here and how to avoid that) you
could also generate an HTTP redirect off to some other URL. That other
URL might be where you webmaster likes to edit and update such error
messages, or (per Paul Hethmon's suggestion from back in April) it
could also be be a "default" SAML SP's home URL (which in turn would
trigger a login at the IdP and back to that SP), etc.
-peter
Peter Schober
Sep 10, 2010, 11:23:57 AM9/10/10
to shibbole...@internet2.edu
* John Peter <jpete...@yahoo.com> [2010-09-10 16:47]:
> Many thanks for your reply.
> Many thanks for your reply.
Please keep replies to the list.
> >when loginContext==null
> >Redirecting to a default" SAML SP's home URL
>
> It won't work for our situvation. since its all genuiue users trying
> to access some SP and getting redirected to our IdP and facing blank
> screen problem.� If we force then to some default SP it will create
> more confusion.
I doubt that's really what is happening (accessing an SP, getting
redirected to the IdP), but anyway:
Then don't redirect elsewhere (as this, too, was just a suggestion)
and display something slightly more helpful than the current
<h1>Error</h1> from login.jsp.
But you'll find that whatever you do your users will still be confused
(given your description of reactions to alterntives). You now at least
have the chance to improve upon the error message (the one you had
before you checked for null loginContext).
No matter what you do, unmodified behaviour on part of your users will
still lead to an error (of your chosing).
There is no --dont-suck parameter for the IdP that will make this user
behaviour magically work. It there were, it'd better be enabled by default.
-peter
Reply all
Reply to author
Forward
0 new messages