Open gabbydotCMS opened 6 years ago
Testing against ADFS:
[30/05/18 14:59:14:984 PDT] ERROR rest.DotSamlRestService: Error getting posting idp
java.lang.IndexOutOfBoundsException: Index: 0
at java.util.Collections$EmptyList.get(Collections.java:4454) ~[?:1.8.0_131]
at net.shibboleth.utilities.java.support.collection.LazyList.get(LazyList.java:90) ~[java-support-7.3.0.jar:?]
at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:320) ~[opensaml-core-3.3.1.jar:?]
at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:237) ~[opensaml-core-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.util.SamlUtils.getAssertion(SamlUtils.java:477) ~[SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.handler.HttpPostAssertionResolverHandlerImpl.resolveAssertion(HttpPostAssertionResolverHandlerImpl.java:97) ~[HttpPostAssertionResolverHandlerImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.resolveAssertion(OpenSamlAuthenticationServiceImpl.java:596) ~[OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.rest.DotSamlRestService.login(DotSamlRestService.java:87) [DotSamlRestService.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:176) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_131]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
<samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://test-adfs.greenlake.io/dotsaml/login/73db2ce2-6528-44ac-8213-7a6c079b733d" ID="_b911be0c-d6ab-4851-bc38-13a3d58ce6b3" InResponseTo="_f76c8565bbe1eeef4ced49c6e05cace4" IssueInstant="2018-05-30T21:59:13.925Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.test.dotcms.com/adfs/services/trust</Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion ID="_4c8dffd3-232d-48eb-b404-bbe8bb8305fa" IssueInstant="2018-05-30T21:59:13.924Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>http://adfs.test.dotcms.com/adfs/services/trust</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_4c8dffd3-232d-48eb-b404-bbe8bb8305fa">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>5yaSfbt4czI8/zvB6e54Vjrdge0SUysLt9OJhjTEf4U=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TDtCHvYbiMqcYjoSfGEhk4NbyBFT6MLh8P2rpRCjAwGoewn83QZ7AdnNll3m8QfIgvloVyMCn5Oi4W0hf2GQ7OJ9FQxct4xhs9Xe5JblNhNBH4KL6vXCbKQLhobuP+TiZUxrEI2SS4EjQxk/FsuLHEGPHpJsSq/9DNC++GYtXPzV01RRwRoU9gQa7Q7LdXBkLBiXX0bQsxnae3pWhpzKPxPcpBEX+04zLrdkIo2YAjCO/nJhcCY2E0GVZYGaZ2yxWOUakNhlR1c1z4elYopjxnTObXGzu1HifXyDf90rJC8Iy6OXkSYyFOuE7iXE/pgWrJBZPpdX5CQeoXfbocd0eQ==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC5DCCAcygAwIBAgIQQckVl7T+yqVIIUzTTBsjJjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBhZGZzLnRlc3QuZG90Y21zLmNvbTAeFw0xODA1MzAyMDU2MDlaFw0xOTA1MzAyMDU2MDlaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGFkZnMudGVzdC5kb3RjbXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoogPC567zBjgI1/EpODs8fSzEsA8csNfMeEWZ5D0gx3U0aBXf+azKcfguff8xCuBozr/5aqlhvYqu4MqHx2GY89Tp0F9fhqIUkjmwJE66upsulaWB3gC12K03eUMpc2dU1RaNxB2FLUHOaoYfgm8H7IoZbqBb/16OK54J8nK8Yw2HXAZ1dJ/1jP9U5UBCh3HCBd2jZhD1QwNO3soGhuGRmVq4qHL2X6NuYLEzMzaq77l4p6bWgCc6X0JG469DeTR/eTPOKoyp4kTtTS9l2KIYvlj8J6J/EZEF8rdoAVbaMb7KW7LNoLCQ8KVN2o/FmaUlpTb2qHHAZlTw0fNReeCYwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCAZywQZyo/MoIfJjpgtNN4DbHtSxFWvUhg5fbvmY4AFW4DlD5nfM0t6LoZU6XDtguQj2ZElZjRdzFqKM8OpW+FO6blVQEGKbjQKVDaA/sXfa8MfC6XgX3Cu2zl0r/ca8s+iUSq0IvjbTvCkxOyOU4uCNzLEsy4qfAdQ/VhdUrZpK058o6cFQ8x6BG+P+IYMZ6j9116Dt87mOM2bhoKd4U5QqXAWfu1jdl892yfwpSrc9wiE3tW4vL5MhbFfUilP8xh3hljqeBE9njKW4VjMRBnvu+2v6AO70zK7r9gDN6l6a/WSvFe1aRPBhDd8s+DLkxhD7gxG1wx2Zauoq4rt4FH</ds:X509Certificate>
</ds:X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">testuser</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_f76c8565bbe1eeef4ced49c6e05cace4" NotOnOrAfter="2018-05-30T22:04:13.925Z" Recipient="https://test-adfs.greenlake.io/dotsaml/login/73db2ce2-6528-44ac-8213-7a6c079b733d"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2018-05-30T21:59:13.923Z" NotOnOrAfter="2018-05-30T22:59:13.923Z">
<AudienceRestriction>
<Audience>https://test-adfs.greenlake.io</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="sn">
<AttributeValue>User</AttributeValue>
</Attribute>
<Attribute Name="givenName">
<AttributeValue>Test</AttributeValue>
</Attribute>
<Attribute Name="mail">
<AttributeValue>testuser@test.dotcms.com</AttributeValue>
</Attribute>
<Attribute Name="sAMAccountName">
<AttributeValue>testuser</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2018-05-30T21:58:53.769Z" SessionIndex="_4c8dffd3-232d-48eb-b404-bbe8bb8305fa">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
{
"defaultSamlConfig": "",
"disabledSamlSites": {},
"samlConfigs": [
{
"73db2ce2-6528-44ac-8213-7a6c079b733d": {
"privateKey": "/Users/chris/dotcms/dist/saml-4.3.2/dotserver/tomcat-8.0.18/webapps/ROOT/assets/saml/certs/73db2ce2-6528-44ac-8213-7a6c079b733d.key",
"publicCert": "/Users/chris/dotcms/dist/saml-4.3.2/dotserver/tomcat-8.0.18/webapps/ROOT/assets/saml/certs/73db2ce2-6528-44ac-8213-7a6c079b733d.crt",
"idpName": "My ADFS",
"signatureValidationType": "responseandassertion",
"sPEndpointHostname": "https://test-adfs.greenlake.io",
"optionalProperties": {
"protocol.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
"sites": {
"9ea8ffa5-b6e0-4b3e-9dc7-291660955041": "test-adfs.greenlake.io"
},
"id": "73db2ce2-6528-44ac-8213-7a6c079b733d",
"sPIssuerURL": "https://test-adfs.greenlake.io",
"enabled": true,
"idPMetadataFile": "/Users/chris/dotcms/dist/saml-4.3.2/dotserver/tomcat-8.0.18/webapps/ROOT/assets/saml/metadata/73db2ce2-6528-44ac-8213-7a6c079b733d.xml"
}
}
]
}
Testing against Shibboleth:
[31/05/18 16:12:05:833 EST] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) metadata = has value
[31/05/18 16:12:05:833 EST] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) unmarshaller = has value
[31/05/18 16:12:05:834 EST] INFO meta.DefaultMetaDescriptorServiceImpl: Parsing the Id Provider, with the entityId: https://auth-test.uakron.edu/idp/shibboleth
[31/05/18 16:12:05:834 EST] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) metadata = has value
[31/05/18 16:12:05:835 EST] INFO meta.DefaultMetaDescriptorServiceImpl: unmarshall( final InputStream is ) unmarshaller = has value
[31/05/18 16:12:05:835 EST] INFO meta.DefaultMetaDescriptorServiceImpl: Parsing the Id Provider, with the entityId: https://auth-test.uakron.edu/idp/shibboleth
[31/05/18 16:12:50:883 EST] INFO handler.HttpPostAssertionResolverHandlerImpl: Optional property not set: clock.skew Using default.
[31/05/18 16:12:50:883 EST] INFO handler.HttpPostAssertionResolverHandlerImpl: Optional property not set: message.life.time Using default.
[31/05/18 16:12:50:884 EST] ERROR rest.DotSamlRestService: Error getting posting idp
java.lang.IndexOutOfBoundsException: Index: 0
at java.util.Collections$EmptyList.get(Collections.java:4454) ~[?:1.8.0_171]
at net.shibboleth.utilities.java.support.collection.LazyList.get(LazyList.java:90) ~[java-support-7.3.0.jar:?]
at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:320) ~[opensaml-core-3.3.1.jar:?]
at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:237) ~[opensaml-core-3.3.1.jar:?]
at com.dotcms.plugin.saml.v3.util.SamlUtils.getAssertion(SamlUtils.java:477) ~[SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.handler.HttpPostAssertionResolverHandlerImpl.resolveAssertion(HttpPostAssertionResolverHandlerImpl.java:97) ~[HttpPostAssertionResolverHandlerImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.resolveAssertion(OpenSamlAuthenticationServiceImpl.java:596) ~[OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.rest.DotSamlRestService.login(DotSamlRestService.java:87) [DotSamlRestService.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:176) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://saml-test.support.dotcmscloud.com/dotsaml/login/318508e4-6f20-4dec-805f-fa2f071e85ea"
ID="_439241fdce98c55971ac13df585b3561"
InResponseTo="_f6760f4e356486da3910ee00c6126dc7"
IssueInstant="2018-05-31T21:12:51.811Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://auth-test.uakron.edu/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_439241fdce98c55971ac13df585b3561">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xsd"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>iv2bBcPNmMYyLhPydWcefOJwts9j95uj+o+66Jz7C+4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
PRZd0p0/phzrwGqO3hndyuUO2g2m+c2hmpUpHz/NKwTG6Ujm/qBVb5Q6x2Cumjwogy+eLmrnsZWv vgMor+zxtLDyBG+xi+wHeMsf0uc2i49tA/JCQrmhHh/f90wJty6N820CDCBX24QS48pp4YrNmcPg FcVSlZ3VLBMnCqrVRwRcXHHcx0rn8nPK/5BbJITOf1gFHIAGpf9KvGRKIOeG7Eok0fWk9AunnbBC j3IXopdWfNa6wjJ/r5q3QFyudFr8EHg5JETSn05f1FwIRRNDNGTIvYF8b0k5iERSGTgQutXQdHHO
DDvYSVgdz6MWA3OUIXatMvxgEJe34P3P6Ap54g==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDOzCCAiOgAwIBAgIUBKcPwSNMnaSo524dJqrMibfPzSwwDQYJKoZIhvcNAQEFBQAwHzEdMBsG A1UEAxMUYXV0aC10ZXN0LnVha3Jvbi5lZHUwHhcNMTEwMjA4MjE0MzM0WhcNMzEwMjA4MjE0MzM0 WjAfMR0wGwYDVQQDExRhdXRoLXRlc3QudWFrcm9uLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALOUGx4NCz2Lv2vHCuM+ySE9Vc21HbMoUjXZaEh7ZRkyfnf4+3LP6GaI+XYdSY79
YtbiEU/rjqPHOhuB/BiLSKlCHRu8BuIWv7wN63IxqlsVmtYfltsbL8kBEuWdnbV1arSX/IWdJiDk 6t7PkcxX1J5Sd8yxqAPGEt1r3KoAnnwvL43KREUlZhN+6vWB8c+x+3HLi0NKZnEkT1wBnIyTImqL 9TDd0lO+PrJlJVq/4+I9rrIKTGDAFSpmkF11/m7CzSnsSp00+lV7wu3wAqlBFE8yx1U1lTSrbLgq uOknZJxtowvbPQf4UBGCzoMkqrn138YkRR2eTVjhQKpaByY2vqcCAwEAAaNvMG0wTAYDVR0RBEUw
Q4IUYXV0aC10ZXN0LnVha3Jvbi5lZHWGK2h0dHBzOi8vYXV0aC10ZXN0LnVha3Jvbi5lZHUvaWRw L3NoaWJib2xldGgwHQYDVR0OBBYEFOf0K8nL6E39xlciZmgd8pR+qcwNMA0GCSqGSIb3DQEBBQUA A4IBAQCAkMzzDXGL1gGGaFe4DbrZc9cMeqDeO0yDBDaYUQgctyqjUGfbXGCOrjN7wkObBB6azZ5e dMF6UTAsCALyRBD6U7F2xpe27nk2EEjKYgf6nOfSYUOhSXwScrKxyDyzD+wN3pJxMU3QsBeynMQV
kVKdESWpcPIcNp15el/wCNHftdkyjpOv9zFXmOZOYgu32uaDyugVRHSNid9wRZNpMN3p1FxgTO2i 8nwv3Kr3o3pf7rbC7x+KRmA7x08wxt5zyKlF5vrt4oynXsOsVGmtTBG4osmb80SAyN/3xyMeN0Fj Kgb4edjNW+frxm07Ua2emTnOQpuDkB5YkuZQXgmogTEW
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></saml2p:Status>
<saml2:Assertion ID="_af3ce92c141951a3536737d24f18f378"
IssueInstant="2018-05-31T21:12:51.811Z"
Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>https://auth-test.uakron.edu/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_af3ce92c141951a3536737d24f18f378">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xsd"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>41/FpjOuGqjhe9wOim+n6pkDQSmv1ITS86eNxfy8EEI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JLiEtfOGZcYtT7vbmnozhToWGg+TdzF6141i6N/X2Pd36CYEks5nk+ldkqpIQrQCu+aX+iCen3+9 ZaX1MH93f5jPih0Yx7+3SmbZdLYjk0Un5nFmmZJvRKyWaw4Gctu/1ED4LV9LYEDpmW7kipl17elb jtY/X2pPM578ozTpkNsVffePSEf9FsIKGtvZG5fxqv9dfhnBtii4UImqVoUfRdynS98b7OTRi4w4 IIG9MW7Od3WB9iekgHR15qwT9xAexdExFSAc5V7I52wkuFOqqFLHFsS96TZlWn9W424waVzLv61j
0KbGn54N+TO10MJ873+8a7ZUk7ifgHwOOAn9wg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDOzCCAiOgAwIBAgIUBKcPwSNMnaSo524dJqrMibfPzSwwDQYJKoZIhvcNAQEFBQAwHzEdMBsG A1UEAxMUYXV0aC10ZXN0LnVha3Jvbi5lZHUwHhcNMTEwMjA4MjE0MzM0WhcNMzEwMjA4MjE0MzM0 WjAfMR0wGwYDVQQDExRhdXRoLXRlc3QudWFrcm9uLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALOUGx4NCz2Lv2vHCuM+ySE9Vc21HbMoUjXZaEh7ZRkyfnf4+3LP6GaI+XYdSY79
YtbiEU/rjqPHOhuB/BiLSKlCHRu8BuIWv7wN63IxqlsVmtYfltsbL8kBEuWdnbV1arSX/IWdJiDk 6t7PkcxX1J5Sd8yxqAPGEt1r3KoAnnwvL43KREUlZhN+6vWB8c+x+3HLi0NKZnEkT1wBnIyTImqL 9TDd0lO+PrJlJVq/4+I9rrIKTGDAFSpmkF11/m7CzSnsSp00+lV7wu3wAqlBFE8yx1U1lTSrbLgq uOknZJxtowvbPQf4UBGCzoMkqrn138YkRR2eTVjhQKpaByY2vqcCAwEAAaNvMG0wTAYDVR0RBEUw
Q4IUYXV0aC10ZXN0LnVha3Jvbi5lZHWGK2h0dHBzOi8vYXV0aC10ZXN0LnVha3Jvbi5lZHUvaWRw L3NoaWJib2xldGgwHQYDVR0OBBYEFOf0K8nL6E39xlciZmgd8pR+qcwNMA0GCSqGSIb3DQEBBQUA A4IBAQCAkMzzDXGL1gGGaFe4DbrZc9cMeqDeO0yDBDaYUQgctyqjUGfbXGCOrjN7wkObBB6azZ5e dMF6UTAsCALyRBD6U7F2xpe27nk2EEjKYgf6nOfSYUOhSXwScrKxyDyzD+wN3pJxMU3QsBeynMQV
kVKdESWpcPIcNp15el/wCNHftdkyjpOv9zFXmOZOYgu32uaDyugVRHSNid9wRZNpMN3p1FxgTO2i 8nwv3Kr3o3pf7rbC7x+KRmA7x08wxt5zyKlF5vrt4oynXsOsVGmtTBG4osmb80SAyN/3xyMeN0Fj Kgb4edjNW+frxm07Ua2emTnOQpuDkB5YkuZQXgmogTEW
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="https://auth-test.uakron.edu/idp/shibboleth"
SPNameQualifier="http://saml-test.support.dotcmscloud.com">H2fOgWGUboFbbehanRvo2AxVKaM=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="73.46.128.219"
InResponseTo="_f6760f4e356486da3910ee00c6126dc7"
NotOnOrAfter="2018-05-31T21:17:51.886Z"
Recipient="http://saml-test.support.dotcmscloud.com/dotsaml/login/318508e4-6f20-4dec-805f-fa2f071e85ea" /></saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2018-05-31T21:12:51.811Z"
NotOnOrAfter="2018-05-31T21:17:51.811Z">
<saml2:AudienceRestriction>
<saml2:Audience>http://saml-test.support.dotcmscloud.com</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2018-05-31T21:12:51.585Z"
SessionIndex="_28a1f56b287fa1e0f271d7aba0c889b2">
<saml2:SubjectLocality Address="73.46.128.219" />
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute FriendlyName="authorizations"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_diversity_editors</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_its_editors</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_Login As</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_General Users</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_cas_admins</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">dotcms_admins</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_CMS Administrators</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_CMS Administrator</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">webapps</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_nursing_viewers</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_CMS Users</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_responsive_users</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">www_lib_admins</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="sn"
Name="urn:oid:2.5.4.4"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">mgmt</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="givenName"
Name="urn:oid:2.5.4.42"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">cms</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="eduPersonPrincipalName"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">cmsmgmt@uakron.edu</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="mail"
Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:string">cmsmgmt@zips.uakron.edu</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
{
"defaultSamlConfig":"",
"disabledSamlSites":{},
"samlConfigs":[
{"318508e4-6f20-4dec-805f-fa2f071e85ea {
"privateKey":"/opt/dotcms/data/assets/saml/certs/318508e4-6f20-4dec-805f-fa2f071e85ea.key",
"publicCert":"/opt/dotcms/data/assets/saml/certs/318508e4-6f20-4dec-805f-fa2f071e85ea.crt",
"idpName":"Shibboleth IdP",
"signatureValidationType":"responseandassertion",
"sPEndpointHostname":"http://saml-test.support.dotcmscloud.com",
"optionalProperties":{
"protocol.binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
"sites":{
"4d3165b9-2f30-4ac8-bd7a-cda2cb438099":"saml-test.support.dotcmscloud.co
m"
},
"id":"318508e4-6f20-4dec-805f-fa2f071e85ea",
"sPIssuerURL":"http://saml-test.support.dotcmscloud.com",
"enabled":true,
"idPMetadataFile":"/opt/dotcms/data/assets/saml/metadata/318508e4-6f20-4dec-805
f-fa2f071e85ea.xml"
}
}
]
}
Added isassertion.encrypted=false to test against Shibboleth as per Tom's recommendation and got the following:
[04/06/18 15:32:39:932 EST] ERROR util.SamlUtils: Signature cannot be validated
org.opensaml.xmlsec.signature.support.SignatureException: Signature cannot be validated
at com.dotcms.plugin.saml.v3.util.SamlUtils.validateSignature(SamlUtils.java:562) ~[SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.util.SamlUtils.verifyResponseSignature(SamlUtils.java:677) [SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.handler.HttpPostAssertionResolverHandlerImpl.resolveAssertion(HttpPostAssertionResolverHandlerImpl.java:102) [HttpPostAssertionResolverHandlerImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.resolveAssertion(OpenSamlAuthenticationServiceImpl.java:596) [OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.rest.DotSamlRestService.login(DotSamlRestService.java:87) [DotSamlRestService.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:176) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
[04/06/18 15:32:39:933 EST] ERROR rest.DotSamlRestService: Signature cannot be validated
com.dotcms.plugin.saml.v3.exception.DotSamlException: Signature cannot be validated
at com.dotcms.plugin.saml.v3.util.SamlUtils.verifyResponseSignature(SamlUtils.java:698) ~[SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.handler.HttpPostAssertionResolverHandlerImpl.resolveAssertion(HttpPostAssertionResolverHandlerImpl.java:102) ~[HttpPostAssertionResolverHandlerImpl.class:?]
at com.dotcms.plugin.saml.v3.service.OpenSamlAuthenticationServiceImpl.resolveAssertion(OpenSamlAuthenticationServiceImpl.java:596) ~[OpenSamlAuthenticationServiceImpl.class:?]
at com.dotcms.plugin.saml.v3.rest.DotSamlRestService.login(DotSamlRestService.java:87) [DotSamlRestService.class:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:315) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:297) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.internal.Errors.process(Errors.java:267) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [dot.jersey-common-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [dot.jersey-server-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.repackage.org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223) [dot.jersey-container-servlet-core-2.22.1_1.jar:?]
at com.dotcms.rest.servlet.ReloadableServletContainer.service(ReloadableServletContainer.java:105) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:466) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318) [catalina.jar:8.0.18]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at com.dotcms.repackage.org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) [dot.urlrewritefilter-4.0.3_2.jar:4.0.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.TimeMachineFilter.doFilter(TimeMachineFilter.java:132) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.ThreadNameFilter.doFilter(ThreadNameFilter.java:90) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CookiesFilter.doFilter(CookiesFilter.java:38) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotmarketing.filters.CharsetEncodingFilter.doFilter(CharsetEncodingFilter.java:108) [dotcms_4.3.2_ae725e9.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at com.dotcms.plugin.saml.v3.filter.SamlAccessFilter.doFilter(SamlAccessFilter.java:176) [SamlAccessFilter.class:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.18]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.18]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.18]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.18]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) [catalina.jar:8.0.18]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:673) [catalina.jar:8.0.18]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.18]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) [catalina.jar:8.0.18]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) [tomcat-coyote.jar:8.0.18]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) [tomcat-coyote.jar:8.0.18]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) [tomcat-coyote.jar:8.0.18]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: org.opensaml.xmlsec.signature.support.SignatureException: Signature cannot be validated
at com.dotcms.plugin.saml.v3.util.SamlUtils.validateSignature(SamlUtils.java:562) ~[SamlUtils.class:?]
at com.dotcms.plugin.saml.v3.util.SamlUtils.verifyResponseSignature(SamlUtils.java:677) ~[SamlUtils.class:?]
... 79 more
We've been able to reproduce this behavior against both ADFS and Shibboleth IdPs.