Open gabbydotCMS opened 6 years ago
Update after deploying latest code from https://github.com/dotCMS/plugin-com.dotcms.dotsaml/releases/tag/4.0-4.3.x-alpha2
I'm still not able to generate my SP metadata file, but the new log message is at least giving more detailed information about the cause of the NullPointerException: it seems to be related to the private key/public cert validation.
I've tested several combinations for the values assigned to the public certificate, but I'm using the same command shared by @thstave on Saturday:
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout saml.key -out sp.crt -days 3650
[30/04/18 16:05:59:431 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: Creating the MetaData for the site: http://samltest.dotcmscloud.com/dotsaml/login
[30/04/18 16:05:59:432 EDT] ERROR meta.DefaultMetaDescriptorServiceImpl: Error generating credentials
java.lang.NullPointerException
at org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory$BasicKeyInfoGenerator.generate(BasicKeyInfoGeneratorFactory.java:200) ~[opensaml-xmlsec-impl-3.2.0.jar:?]
at org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator.generate(X509KeyInfoGeneratorFactory.java:433) ~[opensaml-xmlsec-impl-3.2.0.jar:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.getKeyInfo(DefaultMetaDescriptorServiceImpl.java:354) ~[DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.setKeyDescriptors(DefaultMetaDescriptorServiceImpl.java:305) [DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.getServiceProviderEntityDescriptor(DefaultMetaDescriptorServiceImpl.java:154) [DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.filter.SamlFilter.printMetaData(SamlFilter.java:378) [SamlFilter.class:?]
at com.dotcms.plugin.saml.v3.rest.api.v1.DotSamlResource.metadata(DotSamlResource.java:435) [DotSamlResource.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CMSFilter.doFilter(CMSFilter.java:203) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.filters.interceptor.AbstractWebInterceptorSupportFilter.doFilter(AbstractWebInterceptorSupportFilter.java:73) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.filters.interceptor.AbstractWebInterceptorSupportFilter.doFilter(AbstractWebInterceptorSupportFilter.java:73) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.cms.urlmap.filters.URLMapFilter.doFilter(URLMapFilter.java:325) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.VanityURLFilter.doFilter(VanityURLFilter.java:110) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:404) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:187) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
[30/04/18 16:05:59:432 EDT] ERROR v1.DotSamlResource: null
com.dotcms.plugin.saml.v3.exception.DotSamlException
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.setKeyDescriptors(DefaultMetaDescriptorServiceImpl.java:323) ~[DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.getServiceProviderEntityDescriptor(DefaultMetaDescriptorServiceImpl.java:154) ~[DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.filter.SamlFilter.printMetaData(SamlFilter.java:378) ~[SamlFilter.class:?]
at com.dotcms.plugin.saml.v3.rest.api.v1.DotSamlResource.metadata(DotSamlResource.java:435) [DotSamlResource.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CMSFilter.doFilter(CMSFilter.java:203) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.filters.interceptor.AbstractWebInterceptorSupportFilter.doFilter(AbstractWebInterceptorSupportFilter.java:73) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.filters.interceptor.AbstractWebInterceptorSupportFilter.doFilter(AbstractWebInterceptorSupportFilter.java:73) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.cms.urlmap.filters.URLMapFilter.doFilter(URLMapFilter.java:325) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.VanityURLFilter.doFilter(VanityURLFilter.java:110) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:404) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:187) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.lang.NullPointerException
at org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory$BasicKeyInfoGenerator.generate(BasicKeyInfoGeneratorFactory.java:200) ~[opensaml-xmlsec-impl-3.2.0.jar:?]
at org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator.generate(X509KeyInfoGeneratorFactory.java:433) ~[opensaml-xmlsec-impl-3.2.0.jar:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.getKeyInfo(DefaultMetaDescriptorServiceImpl.java:354) ~[DefaultMetaDescriptorServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl.setKeyDescriptors(DefaultMetaDescriptorServiceImpl.java:305) ~[DefaultMetaDescriptorServiceImpl.class:?]
... 86 more
Issue persists. Error message is different, thoug:
[07/05/18 11:54:12:861 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) START
[07/05/18 11:54:12:861 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getId() = 76ff92e7-bdba-4c8b-a984-2eebf0250c0a
[07/05/18 11:54:12:861 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getIdPMetadataFile() = /opt/dotcms/shared/assets/saml/metadata/76ff92e7-bdba-4c8b-a984-2eebf0250c0a.xml
[07/05/18 11:54:12:862 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) fileInputStream.getFD() = java.io.FileDescriptor@6e10ffca
[07/05/18 11:54:12:863 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getIdPMetadataFile().length() = /opt/dotcms/shared/assets/saml/metadata/76ff92e7-bdba-4c8b-a984-2eebf0250c0a.xml
[07/05/18 11:54:12:868 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) fileInputStream as String = <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exkevdniv9kif4T6K0h7"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAWLPHXymMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi05MTEzMzAxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTgwNDE2MTUzOTM4WhcNMjgwNDE2MTU0MDM4WjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtOTExMzMwMRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
nsfp8Y87HqXfbxdFKHebJyWWDj35AmCd6kB+exNV4a4f5IHP4x6PEgnCtmHgQ4HRyfII8ZY85tHI
vuqWhMKJENLz18CEIVmJMFMbM8jNR5moQuJcRKGWbIUXSiWrRwpIhW6vXuzfqOV0Uhxj+4r/pas7
+q14Djo71G6cJGAw16BjaKT53Uu+mDEBq53yS9cgunboC7dsayTFGGmMGYLzRZRYDz2Kx71qqPW+
ZNTxkC5FN1TBAB3OnxE4ST8MgQsGZmlftvoVkCMkSgalmtVZu5MxnzJjep9s97Zo1XElYAUygLT8
caz/oY7wpUUZFebviZzLU10vDEstoRJZS+r0pQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6vd34
bNNVOf3foGWdM0E+kQoqbF1N2vy4szsYsG5FEUyB9MQ0zU2ej1NOs31+0BXdLsugBwuc5gIyzcfS
dk0GyIdqfWmxsuRDB4pwX7QLRW5cEWU8g7On36NYDZOvW4K9t1y/Yb4ituR7rKOva/WSa/zrxjVG
FBH63e+tocNjVf7NvU3PsVOLRI9PFdD87xuVP++k7Tyx5DrWzisEBoavNvfs1+DPjYEj/aS9cRxe
Yw5TVQePq+ICaLz+FA5C87mUJnvh6ZXe0AHhq3LMIjuQ4784xvkuI3xpg4LAmbJzeAUhfqi5MrjQ
FLZkUA9L/WZ7T5kU6CmmgZ7QG46SLLgC</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-911330.oktapreview.com/app/dotcmsdev911330_dotcms_2/exkevdniv9kif4T6K0h7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-911330.oktapreview.com/app/dotcmsdev911330_dotcms_2/exkevdniv9kif4T6K0h7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
[07/05/18 11:54:12:869 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) metadata = has value
[07/05/18 11:54:12:872 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) unmarshaller = has value
[07/05/18 11:54:12:897 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: Parsing the Id Provider, with the entityId: http://www.okta.com/exkevdniv9kif4T6K0h7
[07/05/18 11:54:12:903 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) metadataBean.getEntityId() = http://www.okta.com/exkevdniv9kif4T6K0h7
[07/05/18 11:54:12:903 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) END
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) START
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getId() = 76ff92e7-bdba-4c8b-a984-2eebf0250c0a
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getIdPMetadataFile() = /opt/dotcms/shared/assets/saml/metadata/76ff92e7-bdba-4c8b-a984-2eebf0250c0a.xml
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) fileInputStream.getFD() = java.io.FileDescriptor@1d0c5f29
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) idpConfig.getIdPMetadataFile().length() = /opt/dotcms/shared/assets/saml/metadata/76ff92e7-bdba-4c8b-a984-2eebf0250c0a.xml
[07/05/18 11:54:13:130 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) fileInputStream as String = <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exkevdniv9kif4T6K0h7"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAWLPHXymMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi05MTEzMzAxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTgwNDE2MTUzOTM4WhcNMjgwNDE2MTU0MDM4WjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtOTExMzMwMRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
nsfp8Y87HqXfbxdFKHebJyWWDj35AmCd6kB+exNV4a4f5IHP4x6PEgnCtmHgQ4HRyfII8ZY85tHI
vuqWhMKJENLz18CEIVmJMFMbM8jNR5moQuJcRKGWbIUXSiWrRwpIhW6vXuzfqOV0Uhxj+4r/pas7
+q14Djo71G6cJGAw16BjaKT53Uu+mDEBq53yS9cgunboC7dsayTFGGmMGYLzRZRYDz2Kx71qqPW+
ZNTxkC5FN1TBAB3OnxE4ST8MgQsGZmlftvoVkCMkSgalmtVZu5MxnzJjep9s97Zo1XElYAUygLT8
caz/oY7wpUUZFebviZzLU10vDEstoRJZS+r0pQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB6vd34
bNNVOf3foGWdM0E+kQoqbF1N2vy4szsYsG5FEUyB9MQ0zU2ej1NOs31+0BXdLsugBwuc5gIyzcfS
dk0GyIdqfWmxsuRDB4pwX7QLRW5cEWU8g7On36NYDZOvW4K9t1y/Yb4ituR7rKOva/WSa/zrxjVG
FBH63e+tocNjVf7NvU3PsVOLRI9PFdD87xuVP++k7Tyx5DrWzisEBoavNvfs1+DPjYEj/aS9cRxe
Yw5TVQePq+ICaLz+FA5C87mUJnvh6ZXe0AHhq3LMIjuQ4784xvkuI3xpg4LAmbJzeAUhfqi5MrjQ
FLZkUA9L/WZ7T5kU6CmmgZ7QG46SLLgC</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-911330.oktapreview.com/app/dotcmsdev911330_dotcms_2/exkevdniv9kif4T6K0h7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-911330.oktapreview.com/app/dotcmsdev911330_dotcms_2/exkevdniv9kif4T6K0h7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
[07/05/18 11:54:13:131 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) metadata = has value
[07/05/18 11:54:13:131 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) unmarshaller = has value
[07/05/18 11:54:13:132 EDT] INFO meta.DefaultMetaDescriptorServiceImpl: Parsing the Id Provider, with the entityId: http://www.okta.com/exkevdniv9kif4T6K0h7
[07/05/18 11:54:13:132 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) metadataBean.getEntityId() = http://www.okta.com/exkevdniv9kif4T6K0h7
[07/05/18 11:54:13:132 EDT] INFO config.MetaDataHelper: MetaDataHelper.getMetaData( IdpConfig ) END
[07/05/18 11:54:13:246 EDT] ERROR service.OpenSamlAuthenticationServiceImpl: Unable to sign URL query string
org.opensaml.messaging.encoder.MessageEncodingException: Unable to sign URL query string
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.generateSignature(HTTPRedirectDeflateEncoder.java:241) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.buildRedirectURL(HTTPRedirectDeflateEncoder.java:187) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.doEncode(HTTPRedirectDeflateEncoder.java:84) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.messaging.encoder.AbstractMessageEncoder.encode(AbstractMessageEncoder.java:53) ~[opensaml-messaging-api-3.3.1.jar:?]
at org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder.encode(BaseHttpServletResponseXMLMessageEncoder.java:50) ~[opensaml-messaging-api-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.doRedirect(OpenSamlAuthenticationServiceImpl.java:414) [OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.authentication(OpenSamlAuthenticationServiceImpl.java:234) [OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:137) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: org.opensaml.security.SecurityException: Could not derive JCA algorithm identifier from algorithm URI
at org.opensaml.xmlsec.crypto.XMLSigningUtil.signWithURI(XMLSigningUtil.java:54) ~[opensaml-xmlsec-api-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.generateSignature(HTTPRedirectDeflateEncoder.java:236) ~[opensaml-saml-impl-3.3.1.jar:?]
... 27 more
[07/05/18 11:54:13:247 EDT] ERROR filter.SamlAccessFilter: Error on authentication: Unable to sign URL query string
com.dotcms.plugin.saml.v3.exception.DotSamlException: Unable to sign URL query string
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.doRedirect(OpenSamlAuthenticationServiceImpl.java:419) ~[OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.authentication(OpenSamlAuthenticationServiceImpl.java:234) ~[OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:137) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: org.opensaml.messaging.encoder.MessageEncodingException: Unable to sign URL query string
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.generateSignature(HTTPRedirectDeflateEncoder.java:241) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.buildRedirectURL(HTTPRedirectDeflateEncoder.java:187) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.doEncode(HTTPRedirectDeflateEncoder.java:84) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.messaging.encoder.AbstractMessageEncoder.encode(AbstractMessageEncoder.java:53) ~[opensaml-messaging-api-3.3.1.jar:?]
at org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder.encode(BaseHttpServletResponseXMLMessageEncoder.java:50) ~[opensaml-messaging-api-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.doRedirect(OpenSamlAuthenticationServiceImpl.java:414) ~[OpenSamlAuthenticationServiceImpl.class:?]
... 22 more
Caused by: org.opensaml.security.SecurityException: Could not derive JCA algorithm identifier from algorithm URI
at org.opensaml.xmlsec.crypto.XMLSigningUtil.signWithURI(XMLSigningUtil.java:54) ~[opensaml-xmlsec-api-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.generateSignature(HTTPRedirectDeflateEncoder.java:236) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.buildRedirectURL(HTTPRedirectDeflateEncoder.java:187) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder.doEncode(HTTPRedirectDeflateEncoder.java:84) ~[opensaml-saml-impl-3.3.1.jar:?]
at org.opensaml.messaging.encoder.AbstractMessageEncoder.encode(AbstractMessageEncoder.java:53) ~[opensaml-messaging-api-3.3.1.jar:?]
at org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder.encode(BaseHttpServletResponseXMLMessageEncoder.java:50) ~[opensaml-messaging-api-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.doRedirect(OpenSamlAuthenticationServiceImpl.java:414) ~[OpenSamlAuthenticationServiceImpl.class:?]
... 22 more
When initializing the plugin at dotCMS startup:
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun RSA signature provider
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun Elliptic Curve provider (EC, ECDSA, ECDH)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun (Kerberos v5, SPNEGO)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)
[07/05/18 11:57:05:402 EDT] INFO init.SamlInitializer: Sun PC/SC provider
[07/05/18 11:57:05:453 EDT] INFO init.SamlInitializer: Initializing
[07/05/18 11:57:06:942 EDT] ERROR filter.SamlAccessFilter: SAML ERROR: org.slf4j.helpers.MessageFormatter.format(Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/String;
java.lang.NoSuchMethodError: org.slf4j.helpers.MessageFormatter.format(Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/String;
at org.slf4j.impl.Log4jLoggerAdapter.info(Log4jLoggerAdapter.java:318) ~[dot.tika-app-1.3_3.jar:1.3]
at org.opensaml.xmlsec.algorithm.AlgorithmRegistry.index(AlgorithmRegistry.java:206) ~[opensaml-xmlsec-api-3.3.1.jar:?]
at org.opensaml.xmlsec.algorithm.AlgorithmRegistry.register(AlgorithmRegistry.java:138) ~[opensaml-xmlsec-api-3.3.1.jar:?]
at org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer.init(GlobalAlgorithmRegistryInitializer.java:49) ~[opensaml-xmlsec-api-3.3.1.jar:?]
at org.opensaml.core.config.InitializationService.initialize(InitializationService.java:56) ~[opensaml-core-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.init.SamlInitializer.init(SamlInitializer.java:70) ~[SamlInitializer.class:?]
at com.dotcms.plugin.saml.v3.filter.SamlFilter.init(SamlFilter.java:104) [SamlFilter.class:?]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4565) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5180) [catalina.jar:8.0.18]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.0.18]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) [catalina.jar:8.0.18]
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714) [catalina.jar:8.0.18]
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1069) [catalina.jar:8.0.18]
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1719) [catalina.jar:8.0.18]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Fixed by @jcastro-dotcms .
Method org.slf4j.helpers.MessageFormatter.format in in conflict due to different definitions on:
To solve the issue we had to move slf4j-api-1.7.25.jar to /dotserver/tomcat-8.0.18/lib . The repackage code in dot.tika-app-1.3_3.jar cannot be modified at this point, but it will be removed on dotCMS 5.0.
We need to pay attention to any other conflicts that this same method may generate for non-SAML related functionality.
mv dotserver/tomcat-8.0.18/webapps/ROOT/WEB-INF/lib/slf4j-api-1.7.25.jar dotserver/tomcat-8.0.18/lib
I'm getting the following errors when trying to generate the SP metadata file for a brand new SAML Config: