org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver - Unable to transform metadata
410 views
Skip to first unread message
JON
Nov 13, 2017, 8:24:28 AM11/13/17
to Pac4j users mailing list
Hello Jérôme
I have problems to start a demo with pac4j + saml
could you tell me what I'm doing wrong
This is the log
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - === SECURITY ===
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - url: http://localhost:8080/DemoPac4j/login?client_name=SAML2Client
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - matchers: null
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - clients: null
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - currentClients: []
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - loadProfilesFromSession: true
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - profiles: []
[http-bio-8080-exec-40] DEBUG org.pac4j.core.engine.DefaultSecurityLogic - unauthorized
1.-initLog () en StSBroker.v1
logger.isDebugEnabled () -> true
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - StSBroker.v1 - initLog - logger
2.-initLog () en StSBroker
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - StSBroker.doFilter ()
StSBroker.doFilter
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker -
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> PARAMETER -> client_name -> VALUE -> SAML2Client
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker -
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> There is no profile - redirect
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> ConfigSingleton.getConfig () -> != null
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> ConfigSingleton.getConfig ().getClients () -> != null
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Building credential from keystore entry for entityID pac4j-demo, usage type UNSPECIFIED
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Processing PrivateKeyEntry from keystore
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Loading default evaluable credential criteria mappings
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509DigestCredentialCriterion as evaluator for class org.opensaml.security.x509.X509DigestCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluablePublicKeyCredentialCriterion as evaluator for class org.opensaml.security.criteria.PublicKeyCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509IssuerSerialCredentialCriterion as evaluator for class org.opensaml.security.x509.X509IssuerSerialCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509SubjectKeyIdentifierCredentialCriterion as evaluator for class org.opensaml.security.x509.X509SubjectKeyIdentifierCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyNameCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyNameCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyAlgorithmCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion as evaluator for class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion as evaluator for class org.opensaml.security.criteria.UsageCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyLengthCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyLengthCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509SubjectNameCredentialCriterion as evaluator for class org.opensaml.security.x509.X509SubjectNameCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-40] DEBUG org.apache.xml.security.Init - Registering default algorithms
[http-bio-8080-exec-40] DEBUG org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {http://www.w3.org/2000/09/xmldsig#}KeyInfo
[http-bio-8080-exec-40] DEBUG org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {http://www.w3.org/2000/09/xmldsig#}KeyInfo
[http-bio-8080-exec-40] INFO org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver - Using SP entity ID http://localhost:8080/DemoPac4j/STSservlet?client_name=SAML2Client
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Building credential from keystore entry for entityID pac4j-demo, usage type UNSPECIFIED
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Processing PrivateKeyEntry from keystore
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Building credential from keystore entry for entityID pac4j-demo, usage type UNSPECIFIED
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Processing PrivateKeyEntry from keystore
[http-bio-8080-exec-40] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-40] WARN org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver - Unable to transform metadata
org.opensaml.core.xml.XMLRuntimeException: Unable to locate a builder for {http://www.w3.org/2000/09/xmldsig#}KeyInfo
at org.opensaml.core.xml.XMLObjectBuilderFactory.getBuilderOrThrow(XMLObjectBuilderFactory.java:104)
at org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory$BasicKeyInfoGenerator.<init>(BasicKeyInfoGeneratorFactory.java:190)
at org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator.<init>(X509KeyInfoGeneratorFactory.java:411)
at org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory.newInstance(X509KeyInfoGeneratorFactory.java:87)
at org.pac4j.saml.crypto.KeyStoreCredentialProvider.getKeyInfoGenerator(KeyStoreCredentialProvider.java:101)
at org.pac4j.saml.crypto.KeyStoreCredentialProvider.generateKeyInfoForCredential(KeyStoreCredentialProvider.java:119)
at org.pac4j.saml.crypto.KeyStoreCredentialProvider.getKeyInfo(KeyStoreCredentialProvider.java:83)
at org.pac4j.saml.metadata.SAML2MetadataGenerator.buildSPSSODescriptor(SAML2MetadataGenerator.java:203)
at org.pac4j.saml.metadata.SAML2MetadataGenerator.buildEntityDescriptor(SAML2MetadataGenerator.java:95)
at org.pac4j.saml.metadata.SAML2MetadataGenerator.buildMetadataResolver(SAML2MetadataGenerator.java:67)
at org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver.resolve(SAML2ServiceProviderMetadataResolver.java:109)
at org.pac4j.saml.client.SAML2Client.initServiceProviderMetadataResolver(SAML2Client.java:152)
at org.pac4j.saml.client.SAML2Client.clientInit(SAML2Client.java:101)
at org.pac4j.core.client.IndirectClient.internalInit(IndirectClient.java:49)
at org.pac4j.core.util.InitializableWebObject.init(InitializableWebObject.java:24)
at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:83)
at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:68)
at s.exe.StSBroker.doFilter(StSBroker.java:193)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
[http-bio-8080-exec-40] DEBUG org.pac4j.saml.context.SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
[http-bio-8080-exec-40] DEBUG org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: http://localhost:8080/DemoPac4j/STSservlet?client_name=SAML2Client
org.pac4j.saml.exceptions.SAMLException: Cannot find entity org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver@6825a2a6 in metadata provider
at org.pac4j.saml.context.SAML2ContextProvider.addContext(SAML2ContextProvider.java:125)
at org.pac4j.saml.context.SAML2ContextProvider.addSPContext(SAML2ContextProvider.java:105)
at org.pac4j.saml.context.SAML2ContextProvider.buildServiceProviderContext(SAML2ContextProvider.java:68)
at org.pac4j.saml.context.SAML2ContextProvider.buildContext(SAML2ContextProvider.java:74)
at org.pac4j.saml.redirect.SAML2RedirectActionBuilder.redirect(SAML2RedirectActionBuilder.java:40)
at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:99)
at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:68)
at s.exe.StSBroker.doFilter(StSBroker.java:193)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
[http-bio-8080-exec-40] DEBUG s.exe.StSBroker - StSBroker.dofilter exception
StSBroker.dofilter exception
STSservlet.service
Thanks
Jon
JON
Nov 16, 2017, 3:27:11 AM11/16/17
to Pac4j users mailing list
Hi
after many tests, I doubt if I am using the correct version of the pac4j modules
Could you tell me what is the list of pac4j modules needed to make a minimum demo of a SAML2 SP, configurable by Metadata, and executed in Tomcat?
I would also need the versions and links to obtain them.
The ideal would be to have a package, because I can not spend much more time in obtaining a minimum demo that works.
Otherwise, I will have to evaluate other alternative libraries for pac4j.
Thanks
Jérôme LELEU
Nov 16, 2017, 3:47:39 AM11/16/17
to JON, Pac4j users mailing list
Hi,
Demos are properly configured in terms of versions of pac4j libraries. So you should keep them as is.
If you want to change the version of a pac4j library (like j2e-pac4j, play-pac4j...), you should take a look at its dependencies and note the version of the pac4j-core module. All pac4j-* modules should be in this version.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
JON
Nov 20, 2017, 3:13:06 AM11/20/17
to Pac4j users mailing list
Hello again
I have decided to give pac4j another chance, and have started from scratch with version 3.0.0,
generating:
pac4j-saml-3.0.0-SNAPSHOT-all.jar.jar
In the init of a javax.servlet.Filter I create an instance of org.pac4j.core.config.ConfigFactory
I have managed to load the MetadataResource for Identity and Service Providers
SAMLConfigFactory - cfg.getIdentityProviderMetadataResource () .exists () 0 -> true
SAMLConfigFactory - cfg.getServiceProviderMetadataResource () .exists () -> true
saml2Client.getConfiguration () .getIdentityProviderMetadataResource () != null -> true
ServiceProviderMetadataResource! = Null
But ServiceProviderMetadataResolver and IdentityProviderMetadataResolver are null
SAMLConfigFactory - (saml2Client.getServiceProviderMetadataResolver () == null)
StSBroker.doFilter () - saml2Client.getIdentityProviderMetadataResolver () != Null -> false
And in the moment of redirect, it fails.
Here are the logs
[StSBroker is the javax.servlet.Filter]
[SAMLConfigFactory is the org.pac4j.core.config.ConfigFactory]
[localhost-startStop-1] DEBUG s.exe.StSBroker - StSBroker.init ()
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - --cfg.getKeystoreResource () != null-- true
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - --cfg.getPrivateKeyPassword ()-- pac4j-demo-passwd
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - cfg.getIdentityProviderMetadataResource ().exists () 0 -> true
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - cfg.getServiceProviderMetadataResource ().exists () -> true
[localhost-startStop-1] INFO org.pac4j.saml.util.Configuration - Bootstrapping OpenSAML configuration via Pac4j...
[localhost-startStop-1] INFO org.opensaml.core.config.InitializationService - Initializing OpenSAML using the Java Services API
[localhost-startStop-1] DEBUG org.opensaml.core.config.InitializationService - Initializing module initializer implementation: org.opensaml.core.xml.config.XMLObjectProviderInitializer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - XMLObjectProviderRegistry did not exist in ConfigurationService, will be created
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.AbstractXMLObjectProviderInitializer - Loading XMLObject provider configuration from resource 'default-config.xml'
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Loading configuration from XML Document
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Schema validating configuration Document
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Configuration document validated
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Preparing to load ObjectProviders
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.opensaml.org/xmltooling-config}DEFAULT
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.opensaml.org/xmltooling-config}DEFAULT
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSAnyBuilder under key {http://www.opensaml.org/xmltooling-config}DEFAULT
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSAnyMarshaller, for object type {http://www.opensaml.org/xmltooling-config}DEFAULT
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller, for object type, {http://www.opensaml.org/xmltooling-config}DEFAULT
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.opensaml.org/xmltooling-config}DEFAULT intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - ObjectProviders load complete
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.AbstractXMLObjectProviderInitializer - Loading XMLObject provider configuration from resource 'schema-config.xml'
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Loading configuration from XML Document
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Schema validating configuration Document
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Configuration document validated
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Preparing to load ObjectProviders
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}anyType
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}anyType
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSAnyBuilder under key {http://www.w3.org/2001/XMLSchema}anyType
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSAnyMarshaller, for object type {http://www.w3.org/2001/XMLSchema}anyType
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}anyType
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}anyType intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}string
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}string
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSStringBuilder under key {http://www.w3.org/2001/XMLSchema}string
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSStringMarshaller, for object type {http://www.w3.org/2001/XMLSchema}string
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSStringUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}string
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}string intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}dateTime
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}dateTime
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSDateTimeBuilder under key {http://www.w3.org/2001/XMLSchema}dateTime
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSDateTimeMarshaller, for object type {http://www.w3.org/2001/XMLSchema}dateTime
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSDateTimeUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}dateTime
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}dateTime intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}QName
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}QName
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSQNameBuilder under key {http://www.w3.org/2001/XMLSchema}QName
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSQNameMarshaller, for object type {http://www.w3.org/2001/XMLSchema}QName
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSQNameUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}QName
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}QName intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}base64Binary
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}base64Binary
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSBase64BinaryBuilder under key {http://www.w3.org/2001/XMLSchema}base64Binary
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller, for object type {http://www.w3.org/2001/XMLSchema}base64Binary
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}base64Binary
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}base64Binary intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}integer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}integer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSIntegerBuilder under key {http://www.w3.org/2001/XMLSchema}integer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSIntegerMarshaller, for object type {http://www.w3.org/2001/XMLSchema}integer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSIntegerUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}integer
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}integer intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}anyURI
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}anyURI
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSURIBuilder under key {http://www.w3.org/2001/XMLSchema}anyURI
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSURIMarshaller, for object type {http://www.w3.org/2001/XMLSchema}anyURI
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSURIUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}anyURI
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}anyURI intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - Initializing object provider {http://www.w3.org/2001/XMLSchema}boolean
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLObjectProviderRegistry - Registering new builder, marshaller, and unmarshaller for {http://www.w3.org/2001/XMLSchema}boolean
[localhost-startStop-1] DEBUG org.opensaml.core.xml.XMLObjectBuilderFactory - Registering builder org.opensaml.core.xml.schema.impl.XSBooleanBuilder under key {http://www.w3.org/2001/XMLSchema}boolean
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.MarshallerFactory - Registering marshaller, org.opensaml.core.xml.schema.impl.XSBooleanMarshaller, for object type {http://www.w3.org/2001/XMLSchema}boolean
[localhost-startStop-1] DEBUG org.opensaml.core.xml.io.UnmarshallerFactory - Registering unmarshaller, org.opensaml.core.xml.schema.impl.XSBooleanUnmarshaller, for object type, {http://www.w3.org/2001/XMLSchema}boolean
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - {http://www.w3.org/2001/XMLSchema}boolean intialized and configuration cached
[localhost-startStop-1] DEBUG org.opensaml.core.xml.config.XMLConfigurator - ObjectProviders load complete
[localhost-startStop-1] DEBUG org.opensaml.core.config.InitializationService - Initializing module initializer implementation: org.opensaml.core.xml.config.GlobalParserPoolInitializer
[localhost-startStop-1] DEBUG org.opensaml.core.config.InitializationService - Initializing module initializer implementation: org.opensaml.core.metrics.impl.MetricRegistryInitializer
[localhost-startStop-1] DEBUG org.opensaml.core.metrics.impl.MetricRegistryInitializer - MetricRegistry did not exist in ConfigurationService, a disabled one will be created
(saml2Client.getServiceProviderMetadataResolver () == null)
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - (saml2Client.getServiceProviderMetadataResolver () == null)
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - [[[[[[[[[[[[[[[[ **** ]]]]]]]]]]]]]]] callbackURL -> http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - [[[[[[[[[[[[[[[[ **** ]]]]]]]]]]]]]]] ServiceProviderEntityId -> urn:mace:saml:pac4j.org
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - [[[[[[[[[[[[[[[[ **** ]]]]]]]]]]]]]]] ServiceProviderMetadataResource != null
(saml2Client.getServiceProviderMetadataResolver () == null)
[localhost-startStop-1] DEBUG s.exe.SAMLConfigFactory - (saml2Client.getServiceProviderMetadataResolver () == null)
nov 19, 2017 8:33:51 PM org.apache.catalina.core.ApplicationContext log
INFORMACIÓN: No Spring WebApplicationInitializer types detected on classpath
nov 19, 2017 8:33:51 PM org.apache.coyote.AbstractProtocol start
INFORMACIÓN: Starting ProtocolHandler ["http-bio-8080"]
nov 19, 2017 8:33:51 PM org.apache.coyote.AbstractProtocol start
INFORMACIÓN: Starting ProtocolHandler ["ajp-bio-8009"]
nov 19, 2017 8:33:51 PM org.apache.catalina.startup.Catalina start
INFORMACIÓN: Server startup in 11368 ms
StSBroker.doFilter
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - StSBroker.doFilter ()
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> PARAMETER -> client_name -> VALOR -> SAML2Client
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> config != null
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> (saml2Client != null)
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getCallbackUrl () -> http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getConfiguration ().getIdentityProviderEntityId () -> https://idp.testshib.org/idp/shibboleth
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getConfiguration ().getServiceProviderEntityId () -> urn:mace:saml:pac4j.org
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getConfiguration ().getKeyStoreAlias () -> saml2clientconfiguration
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getConfiguration ().getKeystorePassword () -> pac4j-demo-passwd
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getIdentityProviderMetadataResolver () != null -> false
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () - saml2Client.getConfiguration ().getIdentityProviderMetadataResource () != null -> true
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - profile.isPresent () -> false
[http-bio-8080-exec-4] DEBUG s.exe.StSBroker - En StSBroker.doFilter () -> No profile -> redirect
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Building credential from keystore entry for entityID saml2clientconfiguration, usage type UNSPECIFIED
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.impl.KeyStoreCredentialResolver - Processing PrivateKeyEntry from keystore
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Loading default evaluable credential criteria mappings
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509DigestCredentialCriterion as evaluator for class org.opensaml.security.x509.X509DigestCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluablePublicKeyCredentialCriterion as evaluator for class org.opensaml.security.criteria.PublicKeyCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509IssuerSerialCredentialCriterion as evaluator for class org.opensaml.security.x509.X509IssuerSerialCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509SubjectKeyIdentifierCredentialCriterion as evaluator for class org.opensaml.security.x509.X509SubjectKeyIdentifierCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyNameCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyNameCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyAlgorithmCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion as evaluator for class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion as evaluator for class org.opensaml.security.criteria.UsageCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableKeyLengthCredentialCriterion as evaluator for class org.opensaml.security.criteria.KeyLengthCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registering class org.opensaml.security.credential.criteria.impl.EvaluableX509SubjectNameCredentialCriterion as evaluator for class org.opensaml.security.x509.X509SubjectNameCriterion
[http-bio-8080-exec-4] DEBUG org.opensaml.security.credential.criteria.impl.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
[http-bio-8080-exec-4] DEBUG org.apache.xml.security.Init - Registering default algorithms
java.lang.NullPointerException
at org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver.initMetadataResolver(DOMMetadataResolver.java:68)
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:287)
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:61)
at org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver.resolve(SAML2IdentityProviderMetadataResolver.java:76)
at org.pac4j.saml.client.SAML2Client.initIdentityProviderMetadataResolver(SAML2Client.java:155)
at org.pac4j.saml.client.SAML2Client.clientInit(SAML2Client.java:100)
at org.pac4j.core.client.IndirectClient.internalInit(IndirectClient.java:51)
at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:20)
at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:82)
at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:68)
at s.exe.StSBroker.doFilter(StSBroker.java:296)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Some code (cleaned):
[SAMLConfigFactory]
public Config build (Object...arg0)
{
final SAML2ClientConfiguration cfg = new SAML2ClientConfiguration ();
cfg.setKeystorePath ("file:samlKeystore.jks");
cfg.setKeystoreType ("jks");
//cfg.setKeystoreAlias ("pac4j-demo");
cfg.setKeystoreAlias ("saml2clientconfiguration"); // I don`t know why
cfg.setKeystorePassword ("pac4j-demo-passwd");
cfg.setPrivateKeyPassword ("pac4j-demo-passwd");
cfg.setIdentityProviderEntityId ("https://idp.testshib.org/idp/shibboleth");
cfg.setIdentityProviderMetadataPath ("testshib-providers.xml");
logger.debug ("cfg.getIdentityProviderMetadataResource ().exists () 0 -> " + cfg.getIdentityProviderMetadataResource ().exists ());
cfg.setServiceProviderEntityId ("urn:mace:saml:pac4j.org");
cfg.setForceServiceProviderMetadataGeneration (true);
cfg.setForceAuth (true);
cfg.setMaximumAuthenticationLifetime (600);
cfg.setDestinationBindingType (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
final BasicSignatureSigningConfiguration signConfig = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration ();
cfg.setBlackListedSignatureSigningAlgorithms (new ArrayList <> (signConfig.getBlacklistedAlgorithms ()));
cfg.setSignatureAlgorithms (new ArrayList <> (signConfig.getSignatureAlgorithms ()));
cfg.setSignatureReferenceDigestMethods (new ArrayList <> (signConfig.getSignatureReferenceDigestMethods ()));
cfg.getSignatureReferenceDigestMethods ().remove ("http://www.w3.org/2001/04/xmlenc#sha512");
cfg.setSignatureCanonicalizationAlgorithm (signConfig.getSignatureCanonicalizationAlgorithm ());
cfg.setWantsAssertionsSigned (false);
cfg.setForceSignRedirectBindingAuthnRequest (false);
cfg.setServiceProviderMetadataPath ("sp-metadata.xml");
cfg.setAttributeConsumingServiceIndex (1);
cfg.setAssertionConsumerServiceIndex (1);
cfg.setForceServiceProviderMetadataGeneration (true);
final SAML2Client saml2Client = new SAML2Client (cfg);
saml2Client.setCallbackUrl ("http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client");
saml2Client.setName ("SAML2Client");
if (saml2Client.getServiceProviderMetadataResolver () != null)
{
System.out.println ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getEntityId ());
logger.debug ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getEntityId ());
System.out.println ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getMetadata ());
logger.debug ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getMetadata ());
}
else
{
System.out.println ("(saml2Client.getServiceProviderMetadataResolver () == null)");
logger.debug ("(saml2Client.getServiceProviderMetadataResolver () == null)");
}
final Clients clients = new Clients ("http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client", saml2Client);
final Config config = new Config (clients);
config.addAuthorizer("mustBeAuth", new IsAuthenticatedAuthorizer<>("/?mustBeAuth"));
return (config);
}
public class MySAMLConfigFactory implements ConfigFactory
{
@Override
public Config build (Object...arg0)
{
return (this.getConfig ());
}
public Config getConfig ()
{
final SAML2ClientConfiguration cfg = new SAML2ClientConfiguration ();
cfg.setKeystorePath ("file:samlKeystore.jks");
cfg.setKeystoreType ("jks");
//cfg.setKeystoreAlias ("pac4j-demo");
cfg.setKeystoreAlias ("saml2clientconfiguration"); // I don`t know why
cfg.setKeystorePassword ("pac4j-demo-passwd");
cfg.setPrivateKeyPassword ("pac4j-demo-passwd");
cfg.setIdentityProviderEntityId ("https://idp.testshib.org/idp/shibboleth");
cfg.setIdentityProviderMetadataPath ("testshib-providers.xml");
logger.debug ("cfg.getIdentityProviderMetadataResource ().exists () 0 -> " + cfg.getIdentityProviderMetadataResource ().exists ());
cfg.setServiceProviderEntityId ("urn:mace:saml:pac4j.org");
cfg.setForceServiceProviderMetadataGeneration (true);
cfg.setForceAuth (true);
cfg.setMaximumAuthenticationLifetime (600);
cfg.setDestinationBindingType ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
final BasicSignatureSigningConfiguration signConfig = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration ();
cfg.setBlackListedSignatureSigningAlgorithms (new ArrayList <> (signConfig.getBlacklistedAlgorithms ()));
cfg.setSignatureAlgorithms (new ArrayList <> (signConfig.getSignatureAlgorithms ()));
cfg.setSignatureReferenceDigestMethods (new ArrayList <> (signConfig.getSignatureReferenceDigestMethods ()));
cfg.getSignatureReferenceDigestMethods ().remove ("http://www.w3.org/2001/04/xmlenc#sha512");
cfg.setSignatureCanonicalizationAlgorithm (signConfig.getSignatureCanonicalizationAlgorithm ());
cfg.setWantsAssertionsSigned (false);
cfg.setForceSignRedirectBindingAuthnRequest (false);
cfg.setServiceProviderMetadataPath ("sp-metadata.xml");
cfg.setAttributeConsumingServiceIndex (1);
cfg.setAssertionConsumerServiceIndex (1);
cfg.setForceServiceProviderMetadataGeneration (true);
final SAML2Client saml2Client = new SAML2Client (cfg);
saml2Client.setCallbackUrl ("http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client");
saml2Client.setName ("SAML2Client");
if (saml2Client.getServiceProviderMetadataResolver () != null)
{
System.out.println ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getEntityId ());
logger.debug ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getEntityId ());
System.out.println ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getMetadata ());
logger.debug ("getServiceProviderMetadataResolver -> " + saml2Client.getServiceProviderMetadataResolver ().getMetadata ());
}
else
{
System.out.println ("(saml2Client.getServiceProviderMetadataResolver () == null)");
logger.debug ("(saml2Client.getServiceProviderMetadataResolver () == null)");
}
final Clients clients = new Clients ("http://localhost:8080/TestSamlPac4j/STSservlet?client_name=SAML2Client", saml2Client);
final Config config = new Config (clients);
config.addAuthorizer("mustBeAuth", new IsAuthenticatedAuthorizer<>("/?mustBeAuth"));
return (config);
}
}
public class StSBroker implements javax.servlet.Filter
{
FilterConfig filterConfig = null;
ServletContext servletContext = null;
org.pac4j.core.config.Config config = null;
public void init (FilterConfig filterConfig) throws ServletException
{
try
{
this.filterConfig = filterConfig;
this.servletContext = filterConfig.getServletContext ();
this.initLog ();
logger.debug ("StSBroker.init ()");
this.config = getConfig ();
}
catch (Exception e)
{
System.out.println ("ECXEPTION StSBroker.init () -> " + e.toString ());
logger.debug ("ECXEPTION StSBroker.init () -> " + e.toString ());
e.printStackTrace();
}
}
public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest req = null;
HttpServletResponse res = null;
try
{
req = (HttpServletRequest)request;
res = (HttpServletResponse)response;
logger.debug ("StSBroker.doFilter ()");
System.out.println ("StSBroker.doFilter () - 3");
Enumeration p = request.getParameterNames ();
while (p.hasMoreElements ())
{
String key = (String)p.nextElement ();
String value = request.getParameter (key);
logger.debug (" ");
logger.debug ("StSBroker.doFilter () -> PARAMETER -> " + key + " -> VALUE -> " + value);
logger.debug (" ");
}
WebContext context = null;
if (config == null)
config = getConfig ();
try
{
////client = config.getClients ().findClient (req.getParameter ("client_name"));
////SAML2Client saml2Client = (SAML2Client)client;
SAML2Client saml2Client = (SAML2Client)(ConfigSingleton.getConfig ().getClients ().findClient (req.getParameter ("client_name")));
context = new J2EContext (req, res);
ProfileManager <CommonProfile> manager = new ProfileManager <CommonProfile> (context);
Optional<CommonProfile> profile = manager.get (true);
if (profile.isPresent ())
{
String clientName = null;
String clientId = null;
clientName = profile.get ().getClientName ();
clientId = profile.get ().getId ();
logger.debug ("StSBroker.doFilter () -> clientName -> " + clientName);
logger.debug ("StSBroker.doFilter () -> clientId -> " + clientId);
}
else
{
logger.debug ("profile.isPresent () -> " + profile.isPresent ());
logger.debug ("StSBroker.doFilter () -> No profile - redirect");
saml2Client.redirect (context);
}
}
catch (HttpAction e)
{
logger.debug ("StSBroker HttpAction Exception");
}
chain.doFilter (request, response);
return;
}
catch (Exception e)
{
logger.debug ("StSBroker Exception");
}
}
private Config getConfig ()
{
logger.debug ("StSBroker.v1 - getConfig ()");
if (config == null)
{
logger.debug ("StSBroker.v1 - getConfig () - (config == null)");
if (ConfigSingleton.getConfig ().getClients () == null)
{
logger.debug ("StSBroker.v1 - ConfigSingleton.getConfig () == null");
config = new SAMLConfigFactory ().getConfig ();
ConfigSingleton.setConfig (config);
logger.debug ("StSBroker.v1 - config = new SAMLConfigFactory ().getConfig ()");
}
else
config = ConfigSingleton.getConfig ();
}
return (config);
}
return (config);
}
}
Thank you
JON
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
Jérôme LELEU
Nov 21, 2017, 7:25:21 AM11/21/17
to JON, Pac4j users mailing list
Hi,
While pac4j v3.0.0-SNAPSHOT should work, I highly recommend to use pac4j v2.1.0 which is mature for production.
It should be straightforward to use the SAML support: I just helped someone to integrate with ADFS so it works. And it's 5 lines of configuration...
Do you use the regular j2e-pac4j filters?
Thanks.
Best regards,
Jérôme
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
JON
Nov 21, 2017, 7:37:14 AM11/21/17
to Pac4j users mailing list
Could you share a demo with that integration with ADFS?
Thanks
JON
Nov 21, 2017, 10:52:22 AM11/21/17
to Pac4j users mailing list
so
<groupId> org.pac4j </ groupId>
<artifactId> j2e-pac4j </ artifactId>
<packaging> jar </ packaging>
<name> pac4j implementation for J2E </ name>
<version> 3.0.0 </ version>
<properties>
<pac4j.version> 2.1.0 </pac4j.version>
<java.version> 1.8 </java.version>
<javaee.version> 7.0 </javaee.version>
</ properties>
would be the best option for a SAML demo with (j2e-pac4j + pac4j-saml) over Tomcat ?
...
Jérôme LELEU
Nov 21, 2017, 11:07:26 AM11/21/17
to JON, Pac4j users mailing list
Hi,
You already have demos for j2e-pac4j with SAML support: https://github.com/pac4j/j2e-pac4j-cdi-demo and https://github.com/pac4j/j2e-pac4j-demo.
Thanks.
Best regards,
Jérôme
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
Jérôme LELEU
Nov 21, 2017, 11:08:13 AM11/21/17
to JON, Pac4j users mailing list
Hi,
You already have demos for j2e-pac4j with SAML support: https://github.com/pac4j/j2e-pac4j-cdi-demo and https://github.com/pac4j/j2e-pac4j-demo.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
JON
Nov 30, 2017, 3:54:06 AM11/30/17
to Pac4j users mailing list
Hello again Jérôme !
It has worked correctly.
I was trying to generate
j2e-pac4j.jar
pac4j.jar
Instead, in eclipse, I've created a maven project from
j2e-pac4j-demo-master
source, and I've let eclipse solve the dependencies.
Without needing to generate any artifact, I have executed directly in Tomcat, and it has worked.
Now I can play with the pac4j options
Thank you very much
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages