PicketLink 2.1.8 in Websphere 7.0
ramkump Mar 19, 2014 2:11 PMHello Anil - We are new to picketlink and are trying to setup Picketlink (2.1.8) with Websphere 7.0. Our vision is to move towards JBoss in the near future. So we are using JBoss frameworks like Picket link and RestEasy for our SSO and Rest services needs. We configured our IDP as mentioned in this link (Standalone) -
https://docs.jboss.org/author/display/PLINK/Standalone+Web+Applications(All+Servlet+Containers)
This is what happens:
When using the sales-standalone-1.0.3.final war file as the SP (for testing) - we tried accessing the piechart.gif image (inside sales-standalone-1.0.3.final war) in the browser, it redirects to our IDP application as expected. Once we login using the userid/password, it authenticates agianst our AD through our AASLoginHandler and returns to the IDPLoginServlet. IDPLoginServlet then redirects to IDPServlet. IDPServlet throws a NullPointerException as follows. The line number shows an AttributeManager being null as the reason for the error. That is when we created our own AttributeManager too (though the documentation says it is optional and will take the Default AttributeManager). But still we have the same NullPointerException after creating the AASAttributeManager. The error and the details of our changes are given below. Can you pls see if this has anything to do with Websphere 7. We are running everything in the Standalone mode.
App server where IDP is running - Websphere 7
Picketlink Jar file used - picketlink-core-2.1.8.Final (No other jar files are used for Picket Link)
Exception
[3/19/14 12:59:30:172 CDT] 00000014 servlet E com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0100E: Uncaught init() exception created by servlet IDPServlet in application AAS_Single_Sign_On: java.lang.RuntimeException: java.lang.NullPointerException
at org.picketlink.identity.federation.web.servlets.IDPServlet.init(IDPServlet.java:241)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:358)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:169)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:739)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:179)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:354)
at org.picketlink.identity.federation.web.servlets.IDPLoginServlet.redirectToIDP(IDPLoginServlet.java:146)
at org.picketlink.identity.federation.web.servlets.IDPLoginServlet.doPost(IDPLoginServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1657)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:939)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:179)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:864)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1583)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)
Caused by: java.lang.NullPointerException
at org.picketlink.identity.federation.web.servlets.IDPServlet.init(IDPServlet.java:216)
... 32 more
Following are the changes done.
1. Web.xml
<listener>
<listener-class>
org.picketlink.identity.federation.web.core.IdentityServer</listener-class>
</listener>
<servlet>
<servlet-name>IDPLoginServlet</servlet-name>
<servlet-class>
org.picketlink.identity.federation.web.servlets.IDPLoginServlet</servlet-class>
<init-param>
<param-name>loginClass</param-name>
<param-value>com.xxx.xxx.idp.handler.AASIdPLoginHandler</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>IDPServlet</servlet-name>
<servlet-class>
org.picketlink.identity.federation.web.servlets.IDPServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>IDPLoginServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>IDPServlet</servlet-name>
<url-pattern>/IDPServlet</url-pattern>
</servlet-mapping>
2. Picketlink.xml
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1" AttributeManager="com.xxx.xxx.idp.attribute.AASAttributeManager">
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1">
<IdentityURL>http://localhost:9080/aas/</IdentityURL>
<Trust>
<Domains>localhost</Domains>
</Trust>
</PicketLinkIDP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler class="com.xxx.xxx.idp.handler.AASIdPLoginHandler" />
</Handlers>
</PicketLink>
3. AASIdPLoginHandler - authenticate() method
public boolean authenticate(String username, Object credential)
throws LoginException {
String password = null;
XmlCreator xmlCreator = new XmlCreator();
String authXmlString = null;
String authResponse = null;
if (credential instanceof byte[]) {
password = new String((byte[]) (byte[]) credential);
} else if (credential instanceof String) {
password = (String) credential;
} else {
throw picketLinkLogger.unknowCredentialType(credential.getClass()
.getName());
}
try {
authXmlString = xmlCreator.getXmlContent(prepareAuthVO(username,
password));
authResponse = callAASAuth(authXmlString);
} catch (AASException e) {
logger
.error("AAS Exception while authenticating in IDP. Returning Failed Authentication Code..."
+ e.getMessage());
return false;
}
return authResponse == null ? false
: convertResponseMsgToBoolean(authResponse);
}
4. AASAttributeManager - getAttributes() method
public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) {
Map<String,Object> attributes = new HashMap<String, Object>();
HttpServletRequest request;
try {
request = (HttpServletRequest) javax.security.jacc.PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
HttpSession session = request.getSession();
Object customAttributes = session.getAttribute("ATTRIBUTES");
if ( customAttributes != null ) {
Map<String, Object> attributesMap = (Map<String, Object>) customAttributes;
for ( String key : attributeKeys ) {
Object attribute = attributesMap.get(key);
if ( attribute != null) {
attributes.put(key, attribute);
}
}
}
} catch (PolicyContextException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return attributes;
}