Java Fedlet error: errorCanonical

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Java Fedlet error: errorCanonical

Yogesh Shankarappa
Hello,


          I have been able to successfully test Java Fedlet on WebLogic, WebSphere, Tomcat and iPlanet servers. I have been trying to set it up on JBOSS and get the below error.I have not enabled the keystore yet which logs error about the keystore missing. Also, I do not have the <KeyDescriptor> element in the SP metadata. This same setup works fine on other servers but see the below error on JBOSS for the first time. Unable to find any documentation online related to this error. Would appreciate if you can provide some details about this issue. 

com.sun.identity.saml2.common.SAML2Exception: Error while performing canonicalization on the input node.
        at com.sun.identity.saml2.protocol.impl.ResponseImpl.parseElement(ResponseImpl.java:241)
        at com.sun.identity.saml2.protocol.impl.ResponseImpl.<init>(ResponseImpl.java:294)
        at com.sun.identity.saml2.protocol.ProtocolFactory.createResponse(ProtocolFactory.java:1419)
        at com.sun.identity.saml2.profile.SPACSUtils.getResponseFromPost(SPACSUtils.java:906)
        at com.sun.identity.saml2.profile.SPACSUtils.getResponse(SPACSUtils.java:196)
        at com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(SPACSUtils.java:2039)


Thanks
Yogesh

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Java Fedlet error: errorCanonical

Yogesh Shankarappa
Hello,

            
              Keystore was added but still the same error. Is it related to JBOSS as same fedlet package can process the SAML response on Tomcat ? FYI, I had to add xerces.jar to the fedlet libraries as I was getting the below error and adding this jar resolved it. Btw, SAML response has this tag: <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> Does this cause the issue as same response is processed on non JBOSS server ? Would appreciate any leads regarding this issue. Thanks.


[org.jboss.modules] (http--10.121.172.12-8443-1) Failed to define class com.sun.org.apache.xerces.internal.parsers.XML11Configuration in Module "deployment.gmfedutil.war:main" from Service Module Loader: java.lang.VerifyError: class com.sun.org.apache.xerces.internal.parsers.XML11Configuration overrides final method getFeature.(Ljava/lang/String;) 



Thanks
Yogesh


Date: Mon, 14 Mar 2016 21:47:39 -0400
From: Yogesh Shankarappa <[hidden email]>
To: [hidden email]
Subject: [OpenAM]  Java Fedlet error: errorCanonical
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="utf-8"

Hello,


          I have been able to successfully test Java Fedlet on WebLogic,
WebSphere, Tomcat and iPlanet servers. I have been trying to set it up on
JBOSS and get the below error.I have not enabled the keystore yet which
logs error about the keystore missing. Also, I do not have
the <KeyDescriptor> element in the SP metadata. This same setup works fine
on other servers but see the below error on JBOSS for the first time.
Unable to find any documentation online related to this error. Would
appreciate if you can provide some details about this issue.

com.sun.identity.saml2.common.SAML2Exception: Error while performing
canonicalization on the input node.
        at
com.sun.identity.saml2.protocol.impl.ResponseImpl.parseElement(ResponseImpl.java:241)
        at
com.sun.identity.saml2.protocol.impl.ResponseImpl.<init>(ResponseImpl.java:294)
        at
com.sun.identity.saml2.protocol.ProtocolFactory.createResponse(ProtocolFactory.java:1419)
        at
com.sun.identity.saml2.profile.SPACSUtils.getResponseFromPost(SPACSUtils.java:906)
        at
com.sun.identity.saml2.profile.SPACSUtils.getResponse(SPACSUtils.java:196)
        at
com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(SPACSUtils.java:2039)


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Java Fedlet error: errorCanonical

Paul Figura
Hi Yogesh,

This may be a shot in the dark, but I remember many years ago I had similar problems with SAML parsing... It was related to the particular XML parsing library that was being used. I would start investigating to see if there is some sort of problem parsing the XML before the main application logic even kicks in.

I think it may have even been JBOSS in my case as well, but this was 5+ years ago, so I don't remember the details.

Regards,
Paul Figura
Identity & Access Management Architect
Indigo Consulting Canada
Tel: 514-432-6233
Email: [hidden email]  http://www.indigoconsulting.ca
   
On 3/15/2016 10:35 AM, Yogesh Shankarappa wrote:
Hello,

            
              Keystore was added but still the same error. Is it related to JBOSS as same fedlet package can process the SAML response on Tomcat ? FYI, I had to add xerces.jar to the fedlet libraries as I was getting the below error and adding this jar resolved it. Btw, SAML response has this tag: <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> Does this cause the issue as same response is processed on non JBOSS server ? Would appreciate any leads regarding this issue. Thanks.


[org.jboss.modules] (http--10.121.172.12-8443-1) Failed to define class com.sun.org.apache.xerces.internal.parsers.XML11Configuration in Module "deployment.gmfedutil.war:main" from Service Module Loader: java.lang.VerifyError: class com.sun.org.apache.xerces.internal.parsers.XML11Configuration overrides final method getFeature.(Ljava/lang/String;) 



Thanks
Yogesh


Date: Mon, 14 Mar 2016 21:47:39 -0400
From: Yogesh Shankarappa <[hidden email]>
To: [hidden email]
Subject: [OpenAM]  Java Fedlet error: errorCanonical
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="utf-8"

Hello,


          I have been able to successfully test Java Fedlet on WebLogic,
WebSphere, Tomcat and iPlanet servers. I have been trying to set it up on
JBOSS and get the below error.I have not enabled the keystore yet which
logs error about the keystore missing. Also, I do not have
the <KeyDescriptor> element in the SP metadata. This same setup works fine
on other servers but see the below error on JBOSS for the first time.
Unable to find any documentation online related to this error. Would
appreciate if you can provide some details about this issue.

com.sun.identity.saml2.common.SAML2Exception: Error while performing
canonicalization on the input node.
        at
com.sun.identity.saml2.protocol.impl.ResponseImpl.parseElement(ResponseImpl.java:241)
        at
com.sun.identity.saml2.protocol.impl.ResponseImpl.<init>(ResponseImpl.java:294)
        at
com.sun.identity.saml2.protocol.ProtocolFactory.createResponse(ProtocolFactory.java:1419)
        at
com.sun.identity.saml2.profile.SPACSUtils.getResponseFromPost(SPACSUtils.java:906)
        at
com.sun.identity.saml2.profile.SPACSUtils.getResponse(SPACSUtils.java:196)
        at
com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(SPACSUtils.java:2039)



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Java Fedlet error: errorCanonical

Peter Major
In reply to this post by Yogesh Shankarappa
Google for jboss-deployment-structure.xml

2016. 03. 15. 15:35 keltezéssel, Yogesh Shankarappa írta:

> Hello,
>
>                Keystore was added but still the same error. Is it
> related to JBOSS as same fedlet package can process the SAML response on
> Tomcat ? FYI, I had to add xerces.jar to the fedlet libraries as I was
> getting the below error and adding this jar resolved it. Btw, SAML
> response has this tag: <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> Does this cause
> the issue as same response is processed on non JBOSS server ? Would
> appreciate any leads regarding this issue. Thanks.
>
>
> [org.jboss.modules] (http--10.121.172.12-8443-1) Failed to define class
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration in Module
> "deployment.gmfedutil.war:main" from Service Module Loader:
> java.lang.VerifyError: class
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration overrides
> final method getFeature.(Ljava/lang/String;)
>
>
>
> Thanks
> Yogesh
>
>
> Date: Mon, 14 Mar 2016 21:47:39 -0400
> From: Yogesh Shankarappa <[hidden email] <mailto:[hidden email]>>
> To: [hidden email] <mailto:[hidden email]>
> Subject: [OpenAM]  Java Fedlet error: errorCanonical
> Message-ID:
>
> <[hidden email]
> <mailto:CAFKAF%2BtPGchp4YvJbX2%[hidden email]>>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
>
>            I have been able to successfully test Java Fedlet on WebLogic,
> WebSphere, Tomcat and iPlanet servers. I have been trying to set it up on
> JBOSS and get the below error.I have not enabled the keystore yet which
> logs error about the keystore missing. Also, I do not have
> the <KeyDescriptor> element in the SP metadata. This same setup works fine
> on other servers but see the below error on JBOSS for the first time.
> Unable to find any documentation online related to this error. Would
> appreciate if you can provide some details about this issue.
>
> com.sun.identity.saml2.common.SAML2Exception: Error while performing
> canonicalization on the input node.
>          at
> com.sun.identity.saml2.protocol.impl.ResponseImpl.parseElement(ResponseImpl.java:241)
>          at
> com.sun.identity.saml2.protocol.impl.ResponseImpl.<init>(ResponseImpl.java:294)
>          at
> com.sun.identity.saml2.protocol.ProtocolFactory.createResponse(ProtocolFactory.java:1419)
>          at
> com.sun.identity.saml2.profile.SPACSUtils.getResponseFromPost(SPACSUtils.java:906)
>          at
> com.sun.identity.saml2.profile.SPACSUtils.getResponse(SPACSUtils.java:196)
>          at
> com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(SPACSUtils.java:2039)
>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam