6 Replies Latest reply on May 5, 2010 1:43 AM by leakim

    PicketLink's Seam Module V1.0.2: many new features!

    marcelkolsteren

      When looking at the version numbers, PicketLink 1.0.2 seems to be a minor bug fixing release, but be aware that for the Seam module, it is a major release, with lots of new exciting features! Check them out:

       

      • SAML meta data support: you can now easily import identity provider metadata in the PicketLink/Seam configuration, and the metadata of the service provider (your application) is served as an XML file that can be downloaded from your site.
      • Multiple identity providers: is is now possible to connect to multiple identity providers; just prompt your user what identity provider she likes to use, and she will be redirected to her preferred identity provider
      • SAMLv2 as well as OpenID: support for OpenID has been added; this opens up huge numbers of existing user accounts in the cloud that could be used for logging into your Seam application (for example, all Google, Yahoo and MySpace accounts can be used as OpenID identities)
      • Proven integration with identity providers: we put a lot of effort in interoperability testing with Sun's OpenSSO identity management server, and with the free SAMLv2 identity provider SSOCircle, which is also based on OpenSSO. For the OpenID part we tested with Google, Yahoo, MySpace, myOpenID and Hyves.
      • Single Logout: for SAMLv2 identity providers, we support the single logout functionality. This enables your users to end all the sessions they setup with their identity with just a single button click.

       

      Please have a the documentation on the PicketLink Wiki to learn more about the Seam module:

       

       

      Go ahead, give it a try and tell us about your experiences! We're looking forward to your feedback!

        • 1. Re: PicketLink's Seam Module V1.0.2: many new features!
          luigib

          Hi Marcel,

           

          Thanks for the interesting articles. I am trying the seam-sp example application (external authentication example using OpenSSO). It works perfectly on JBoss AS 5.1(jdk6 and cxf ws stack 3.1.2), but it fails on JBoss AS 4.2.2 and 4.2.3. I've tried both jdk5 and jdk6. I get an error when I try to retrieve the metadata of the service provider (http://localhost:8080/seam-sp/MetaDataService.seam). This is the stack trace:

           

          java.lang.NullPointerException
               org.picketlink.identity.seam.federation.SamlMetaDataProvider.writeMetaData(SamlMetaDataProvider.java:107)
               sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               java.lang.reflect.Method.invoke(Method.java:597)
               org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
               org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
               org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
               org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
               org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
               org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
               org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
               org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
               org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
               org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
               org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
               org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
               org.picketlink.identity.seam.federation.SamlMetaDataProvider_$$_javassist_seam_5.writeMetaData(SamlMetaDataProvider_$$_javassist_seam_5.java)
               org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:210)
               org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.access$0(ExternalAuthenticationFilter.java:138)
               org.picketlink.identity.seam.federation.ExternalAuthenticationFilter$1.process(ExternalAuthenticationFilter.java:107)
               org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
               org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.doFilter(ExternalAuthenticationFilter.java:119)
               org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
               org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
               org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
               org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
               org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
               org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
               org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
               org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
               org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
               org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
               org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

           

          Any Idea about what could be causing this or suggestion on how to track down the cause of the error?

           

          Thanks

          Luigi

          • 2. Re: PicketLink's Seam Module V1.0.2: many new features!
            anil.saldhana

            It is looking for a X509 Certificate.

            X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
            
                     JAXBElement<byte[]> X509Certificate;
                     try
                     {
                        X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
                     }
            
            
            • 3. Re: PicketLink's Seam Module V1.0.2: many new features!

              Hi,

               

              First of all thank for your work on PicketLink and on the Seam Module, this is a very good idea and it seems full of hope for the future of my applications.

               

              I have integrated the seam module to my seam 2.2.0.GA application to connect it to OpenSSO.

               

              I have always a NullPointerException on this line when i try to use it whith SAML :

               

              java.lang.NullPointerException
                   java.net.URLEncoder.encode(URLEncoder.java:188)
                   org.picketlink.identity.seam.federation.ExternalAuthenticator.redirect(ExternalAuthenticator.java:138)


              the corresponding line is :

              url.append(URLEncoder.encode(paramEntry.getValue(), "UTF-8"));

               

              it seems that the returnUrl parameter is always null, what should i do to fill it ?

               

               

              Then when i try to use OpenId with google : i have the same exception.

               

              Thank you for your help,

              • 4. Re: PicketLink's Seam Module V1.0.2: many new features!
                anil.saldhana

                At least going forward, due to https://jira.jboss.org/jira/browse/PLFED-68, we will not see the NPE but a meaningful exception.

                 

                The return URL is any URL in your application where the OpenID Provider will redirect after authentication.

                • 5. Re: PicketLink's Seam Module V1.0.2: many new features!
                  marcelkolsteren

                  I didn't see that this issue has been reported here as well. I replied to the copy of this issue which was posted as a comment on an article:

                   

                  http://community.jboss.org/wiki/HowtoaddSAMLandOpenIDauthenticationtoyourSeamapplication

                  • 6. Re: PicketLink's Seam Module V1.0.2: many new features!

                    Thank you it worked !