3

I am having an issue with the Spring Security demo by Vladimir. When I change the binding and assertion consumer service to HTTP-POST by default, I get the following error...

IDPSSOFederate.doSSOFederate: Unable to do sso or federation. com.sun.identity.saml2.common.SAML2Exception: Cannot resolve element with ID xxxx

...as a result of an XMLSignatureException.

I have noticed that OpenAM is trying to redirect me to http://localhost:8080/SSOPOST/metaAlias/idp however in the IdP metadata it is specified as http://localhost:8080/openam/SSOPOST/metaAlias/idp.

Obviously I am getting a 404 error but I can't work out why it is redirecting me to an SSOPOST url without the application context.

Scrolling up the logs I can see an earlier getRemoteServiceURL NullPointerException but from what I have read this is part of normal OpenAM logs?

My configuration authenticates fine to OpenAM with the default SOAP settings. Why would HTTP-POST be any different?

Vladimír Schäfer
  • 15,375
  • 2
  • 51
  • 71
lukeharg
  • 113
  • 7
  • Can you post logs and metadata some where? Also if you have captured the trafic flow in the authetication please post that to – Stefan Rasmusson Jul 15 '13 at 10:38
  • Hi @Stefan. Here are the files requested. IDP Metadata: http://apaste.info/kxWp, SP Metadata: http://apaste.info/ATh6, OpenAM HTTP-POST error: http://apaste.info/hVsL, Spring SAML Example Context: http://apaste.info/yIn3. – lukeharg Jul 15 '13 at 23:33
  • Ok, but if you found out your issue iss releated to a bug I guess the mystery is solved. – Stefan Rasmusson Jul 17 '13 at 06:36

1 Answers1

7

Just to let everyone know, I contacted ForgeRock and worked through the issue with them. This problem is related to the following issue: https://bugster.forgerock.org/jira/browse/OPENAM-2644

It is actually a bug in OpenAM which was exposed with the latest Java update (version 1.7.0_25). The temporary solution (until OpenAM 10.2 is released) is to revert back to a previous version of Java.

Reverting to Java version 1.7.0_21 fixed the issue for me.

lukeharg
  • 113
  • 7