JBossDeveloper

Edwin.

PL 1.0.4.final is released.  http://anil-identity.blogspot.com/2010/09/picketlink-104final-released.html

Now you can finish your article here with the 1.0.4 code.

http://community.jboss.org/docs/DOC-15665

Guys,

Any update when this article is going to be available?

Thanks!

Girish, Edwin has highlighted the steps above. Please try it out in your setup and report back.

Edwin, come on. Finish the article.  The wait is killing.

Edwin,  thanks a lot.  This PDF should be useful to people who want to configure PicketLink with ADFS2 on JBoss/Tomcat.

Has anyone else gotten this to work?

Trunk (2010-12-15) gives me:

org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change

an object in a way which is incorrect with regard to namespaces.^M

        at org.apache.xerces.dom.AttrNSImpl.setName(Unknown Source)^M

        at org.apache.xerces.dom.AttrNSImpl.<init>(Unknown Source)^M

        at org.apache.xerces.dom.CoreDocumentImpl.createAttributeNS(Unknown Sour

ce)^M

        at org.apache.xerces.dom.ElementImpl.setAttributeNS(Unknown Source)^M

        at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLi

nkStaxToDOMTransformer.handleStartElement(TransformerUtil.java:309)^M

        at org.picketlink.identity.federation.core.util.TransformerUtil$PicketLi

nkStaxToDOMTransformer.transform(TransformerUtil.java:169)^M

        at org.picketlink.identity.federation.core.util.TransformerUtil.transfor

m(TransformerUtil.java:111)^M

        at org.picketlink.identity.federation.core.parsers.util.StaxParserUtil.g

etDOMElement(StaxParserUtil.java:113)^M

        at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionPar

ser.parse(SAMLAssertionParser.java:124)^M

        at org.picketlink.identity.federation.core.parsers.saml.SAMLResponsePars

er.parse(SAMLResponseParser.java:81)^M

        at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse

(SAMLParser.java:86)^M

where 1.0.4 gives me:

java.lang.ClassCastException: org.picketlink.identity.federation.saml.v2.asserti

on.SubjectConfirmationType cannot be cast to org.picketlink.identity.federation.

saml.v2.assertion.NameIDType

        at org.picketlink.identity.federation.web.handlers.saml2.SAML2Authentica

tionHandler$SPAuthenticationHandler.handleSAMLResponse(SAML2AuthenticationHandle

r.java:364)

        at org.picketlink.identity.federation.web.handlers.saml2.SAML2Authentica

tionHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2Authentication

Handler.java:303)

        at org.picketlink.identity.federation.web.handlers.saml2.SAML2Authentica

tionHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:109)

        at org.picketlink.identity.federation.web.process.SAMLHandlerChainProces

sor.callHandlerChain(SAMLHandlerChainProcessor.java:74)

        at org.picketlink.identity.federation.web.process.ServiceProviderSAMLRes

ponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:164)

        at org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthe

nticator.authenticate(SPPostFormAuthenticator.java:198)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica

torBase.java:491)

        at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperVal

ve.java:151)

        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv

e.java:95)

        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce

Also why are all picketlink errors TRACE level?

Andy, the trunk is in a f$cked state, courtesy us as we transition away from JAXB.

The PL stuff that is 1.x which is in EAP etc is http://anonsvn.jboss.org/repos/picketlink/federation/branches/Branch_1_x/

Has the branch changed since 1.0.4?  I showed the error of 1.04 in the second part of my message.  Good move away from JAXB.  JAXB code is yucky.

I dont think anything really changed in the branch since 1.0.4.  The exception that you are showing may be the result of some modifications you have done in your environment.  If not, then there may be a bug.

I did put in a red note yesterday about potentially delaying 1.0.5 in http://community.jboss.org/wiki/PicketLinkRoadMap

We are currently neck deep in PL2 rewrite/refactor.

Stock 1.0.4 used with stock EAP 5.1 exhibits these errors with the sales app.  I notice that the trunk code changes this:

         SubjectType subject = assertion.getSubject();

         JAXBElement<NameIDType> jnameID = (JAXBElement<NameIDType>) subject.getContent().get(0);  //throws ClassCast

         NameIDType nameID = jnameID.getValue();

         final String userName = nameID.getValue();

         List<String> roles = new ArrayList<String>();

was there a period in the trunk where both the XML transform errors did not exist and this assumption which causes a CCE did not exist?  Or is there a way though configuration I could be off that would cause this CCE (even though I do get a response from ADFS)?

-Andy

Andy, it may be a bug.  Any chance you can post the XML response here or in a JIRA? Mask out any confidential stuff from the response.

Hate the JAXB crap where in it gives out a List<Object>

Try writing a simple test case invoking the code that is displaying the error.  Get the XML from ADFS2 and write a simple test if possible.

I can give you what is in the log.  Since ADFS requires SSL and generates its own key I can't sniff it's side with wireshark.

How would such a test case work?   I've no idea how to write it given that both use sides are using signed keys....  I've attempted to understand your test cases but I've never located how they are configured.