While deploying the sample app from the Quick Start guide in spring-security-saml, I have an import error of the site metadata not clear to me:
- FrameworkServlet 'saml': initialization completed in 399 ms
Started Tomcat Server
The Server is running at http://localhost:8080/spring-security-saml2-sample
- Next refresh cycle for metadata provider 'https://shibboleth.example.org/inner-metadata.xml' will occur on '2015-10-27T08:47:06.933Z' ('2015-10-27T09:47:06.933+01:00' local time)
- Metadata provider failed to properly initialize, fail-fast=true, halting
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
... 9 more
- Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider#54b1cd failed, provider will be ignored
org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:267)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.doInitialization(AbstractReloadingMetadataProvider.java:236)
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize(AbstractMetadataProvider.java:407)
at org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize(ExtendedMetadataDelegate.java:167)
at org.springframework.security.saml.metadata.MetadataManager.initializeProvider(MetadataManager.java:412)
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:238)
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86)
at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.opensaml.saml2.common.SAML2Helper.getEarliestExpiration(SAML2Helper.java:112)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processCachedMetadata(AbstractReloadingMetadataProvider.java:328)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:258)
... 9 more
The metadata at: https://shibboleth.example.org/inner-metadata.xml is a signed metadata used in the organization (a lot of SP data, some IdP) by Internet2 shibboleth-sp with no problems.
Which is the expected format of IdP metadata for spring-security-saml?
According to the shipped example in the sample application, the IdP metadata contains data for a single IdP, in opposite to your organization metadata which very likely contains all SP and IdP metadata of all SAML actors in your site.
Try extracting the metadata for a single IdP.
Related
I have been unable to get the saml2login sample to run.
Currently when attempting to run I get redirected to simplesaml-for-spring-saml.cfapps.io but I'm getting an error
Metadata not found
Unable to locate metadata for 'http://localhost:8080/saml2/service-provider-metadata/simplesamlphp'
This is most likely a configuration problem on either the service provider or identity provider.
Here is the debug section
SimpleSAML\Error\MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'http://localhost:8080/saml2/service-provider-metadata/simplesamlphp\'')
Backtrace:
3 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:302 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaData)
2 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:322 (SimpleSAML\Metadata\MetaDataStorageHandler::getMetaDataConfig)
1 modules/saml/lib/IdP/SAML2.php:357 (SimpleSAML\Module\saml\IdP\SAML2::receiveAuthnRequest)
0 www/saml2/idp/SSOService.php:21 (N/A)
Any clues what could be wrong?
I have an auth-service (which does LDAP authentication and DB authorization). - uses spring security and spring session redis
Have a data-service which uses the auth-service for authentication/session management. - uses spring session redis and spring security(uses custom auth provider to call the auth-service via a Feign client)
So when use logs-in it hits the auth-service /user endpoint and gets the sessionid back. When I use the same sessionid for an endpoint in data-service, I get the below error
Uncaught exception thrown
org.springframework.data.redis.serializer.SerializationException: Cannot deserialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?; nested exception is org.springframework.core.NestedIOException: Failed to deserialize object type; nested exception is java.lang.ClassNotFoundException: XXX (an entity in auth-service)
Redis details
127.0.0.1:6379> KEYS *
1) "spring:session:sessions:expires:ff3705e1-7403-48dc-a026-4b71d4c847f1"
2) "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:xxxx"
3) "spring:session:sessions:ff3705e1-7403-48dc-a026-4b71d4c847f1"
4) "spring:session:expirations:1535652420000"
127.0.0.1:6379>
Thanks
We're having a Keycloak with the realm socialBetaTest when I try to initate the Client Initiated Account Linking with the following URL (link with twitter):
https://socialBeta.maio290.de/auth/realms/socialBetaTest/broker/twitter/link?client_id=frontend&redirect_uri=https://localhost:4200/&nonce=someString&hash=someHash
I am getting the following error in my KeyCloak stdout:
WARN [org.keycloak.events] (default task-42) type=CLIENT_INITIATED_ACCOUNT_LINKING_ERROR, realmId=social, clientId=frontend, userId={properUserID}, ipAddress=x.x.x.x, error=invalid_token, redirect_uri=https://localhost:4200/, username={someEmailAddress}
What I notice here, they realm isn't the proper one, why is it called "social" and not "socialBetaTest"? And why is the token invalid, when it was issued (iss in the JWT) by socialBetaTest? Since we don't provide the token by any parameter, I guess it's reading the token out from the cookie and/or local storage.
Does anyone know how to fix this issue?
I am using YouTube API v3 for uploading video using Java API Client
I am getting following error several times - Although video is uploaded on YouTube-
IOException
javax.net.ssl.SSLException: Read error: ssl=0x79899a18: I/O error during system call, Connection timed out
at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:689)
at java.io.BufferedInputStream.fillbuf(BufferedInputStream.java:168)
at java.io.BufferedInputStream.read(BufferedInputStream.java:227)
at com.android.okhttp.internal.Util.readAsciiLine(Util.java:316)
at com.android.okhttp.internal.http.RawHeaders.fromBytes(RawHeaders.java:308)
at com.android.okhttp.internal.http.HttpTransport.readResponseHeaders(HttpTransport.java:135)
at com.android.okhttp.internal.http.HttpEngine.readResponse(HttpEngine.java:644)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:347)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:296)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:503)
at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:136)
at com.google.api.client.http.javanet.NetHttpResponse.<init>(NetHttpResponse.java:36)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:94)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:965)
at com.google.api.client.googleapis.media.MediaHttpUploader.executeCurrentRequestWithoutGZip(MediaHttpUploader.java:545)
at com.google.api.client.googleapis.media.MediaHttpUploader.resumableUpload(MediaHttpUploader.java:417)
at com.google.api.client.googleapis.media.MediaHttpUploader.upload(MediaHttpUploader.java:336)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:418)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at com.nexstreaming.sdk2.nexsns.Youtube$5.doInBackground(Youtube.java:475)
at com.nexstreaming.sdk2.nexsns.Youtube$5.doInBackground(Youtube.java:1)
at android.os.AsyncTask$2.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
How can I fix it ?
That could be related to a known bug
https://code.google.com/p/gdata-issues/issues/detail?id=5700
I installed the latest WS02 API Manager, 1.6.0. I followed the directions and just did the plain install, nothing special. When I create an API, publish it, subscribe to it, create an Access Token, and try to access it, I am seeing the following error (I replaced the access key, but it is displaying):
[2014-02-03 13:25:47,850] ERROR - APIAuthenticationHandler API authentication failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /weather, version: 1 with key: access_key
It seems that the API and access key are not getting connected. Is there something else that I have to do to make that happen? I am not using a separate database for the Key Manager, just whatever comes with the install which is a memory DB I assume. I have tried this from Advanced Rest Client in Chrome. I'm guessing something's just not configured correctly, but I don't see any errors in the start-up. I just see a few warnings along these lines:
[2014-02-03 13:25:01,262] WARN - DefaultSchemaGenerator We don't support method overloading. Ignoring [validateAudience Restriction]
Here is the full stack trace for the error:
[2014-02-03 13:25:47,850] ERROR - APIAuthenticationHandler API authentication failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /weather, version: 1 with key: access_key
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.jav
a:139)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHand
ler.java:92)
at org.apache.synapse.rest.API.process(API.java:285)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:336
)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)