OpenSAML user discussion

["Gitesh Malik" <>]

Scott, I had put in a hack in my code to ensure that 
samlResponse id and assertion id are not same and even If they - a new
SAMLidentifier value should be set up as responseid. However there seem
to be issue with this as well as an attempt to generate a new SAML
identifier does not create a new one. (Attached short code and short
error log)

Any clues will be greatly appreciated.

Thanks and regards,

<gitesh/>

-----Original Message-----
From: Gitesh Malik 
Sent: Friday, December 08, 2006 6:29 PM
To: 
''
Subject: RE: Getting Exception: There are multiple occurrences of ID
value

Scott, Is it the expected behavior per the SAX parser validation (per
the opensaml schema) when It raises exception with message - "There are
multiple occurrences of ID value - "#<guid>" given that there is

1. No Id tag attributes
2. Value for two different tags - ResponseId and AssertionID is same
(which per you it should never be)

I was planning to write a standalone test case that would try to pass in
the data that I get from an erroneous debug session and see if still
does fail.

Thanks,

<gitesh/>

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: Tuesday, December 05, 2006 10:36 PM
To: 

Subject: RE: Getting Exception: There are multiple occurrences of ID
value

> Now the ids in response assertion xml are automatically 
> generated by the openSAML code. The ids are not passed from 
> outside as params.

No chance. If they weren't being set by you somehow, they wouldn't be
the
same.

> Now in a normal run the 2 ids appear to be different as found 
> out from debug session on my setup. However on some occasion 
> the ids are set as same and it is at that time that this 
> exception ensues. Also there seems to be no external way of 
> setting up/configuring that saml library that might take care of this.

I see no possible way they could be the same. Simply isn't statistically
possible. If you come up with any way for that to happen, you can report
it
as a bug, but I can't see it.

You can always generate the IDs with the ID generator class and pass the
ID
in, but I see no reason for doing that in most cases.

-- Scott

2007-01-08 15:39:22,870 INFO  [STDOUT] 
[WARN]checkAndReturnSAMLIdentifierIfNeeded: FOUND EQUAL : SAMLRespone ID 
a7364b9f925e388541dac072cca6ab74 AssertionID : 
a7364b9f925e388541dac072cca6ab74
2007-01-08 15:39:22,870 INFO  [STDOUT] Offending trace : 
2007-01-08 15:39:22,870 INFO  [STDOUT] java.lang.Exception
2007-01-08 15:39:22,870 INFO  [STDOUT]  at 
com.adobe.idp.um.util.SAMLHelper.checkAndReturnSAMLIdentifierIfNeeded(SAMLHelper.java:446)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
com.adobe.idp.um.util.SAMLHelper.createSAMLResponse(SAMLHelper.java:431)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
com.adobe.idp.um.util.SAMLHelper.createPostProfileSAMLResponse(SAMLHelper.java:162)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean.getSSOToken(AuthenticationManagerBean.java:444)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
org.jboss.invocation.Invocation.performCall(Invocation.java:345)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
2007-01-08 15:39:22,885 INFO  [STDOUT]  at 
org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:154)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:54)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:106)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:363)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:153)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.Container.invoke(Container.java:873)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:415)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:88)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at $Proxy264.getSSOToken(Unknown 
Source)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.getSSOToken(AuthenticationManagerImpl.java:258)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
com.adobe.framework.UITools.getSSOToken(UITools.java:304)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
com.adobe.admin.bean.FeaturesBean.getSSOToken(FeaturesBean.java:147)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.jsp.postsso_jsp._jspService(org.apache.jsp.postsso_jsp:114)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
sun.reflect.GeneratedMethodAccessor359.invoke(Unknown Source)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,901 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:66)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:81)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:293)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:322)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:130)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:87)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:117)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
javax.faces.webapp.FacesServlet.service(FacesServlet.java:198)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
sun.reflect.GeneratedMethodAccessor567.invoke(Unknown Source)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,917 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:161)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
sun.reflect.GeneratedMethodAccessor358.invoke(Unknown Source)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:217)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:113)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
sun.reflect.GeneratedMethodAccessor356.invoke(Unknown Source)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:217)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
2007-01-08 15:39:22,932 INFO  [STDOUT]  at 
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
sun.reflect.GeneratedMethodAccessor357.invoke(Unknown Source)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
java.lang.reflect.Method.invoke(Method.java:585)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:217)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
java.security.AccessController.doPrivileged(Native Method)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
2007-01-08 15:39:22,948 INFO  [STDOUT]  at 
java.lang.Thread.run(Thread.java:595)
2007-01-08 15:39:22,948 INFO  [STDOUT] checkAndReturnSAMLIdentifierIfNeeded : 
Attempt to get New ID # 0
2007-01-08 15:39:24,448 INFO  [STDOUT] checkAndReturnSAMLIdentifierIfNeeded : 
Attempt to get New ID # 1
2007-01-08 15:39:25,948 INFO  [STDOUT] checkAndReturnSAMLIdentifierIfNeeded : 
Attempt to get New ID # 2
2007-01-08 15:39:27,463 INFO  [STDOUT] checkAndReturnSAMLIdentifierIfNeeded : 
Attempt to get New ID # 3
2007-01-08 15:39:28,964 INFO  [STDOUT] checkAndReturnSAMLIdentifierIfNeeded : 
Attempt to get New ID # 4
2007-01-08 15:39:30,542 INFO  [STDOUT] Error : createAssertion flag : true
2007-01-08 15:39:30,542 INFO  [STDOUT] Error on ssoToken :

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
IssueInstant="2007-01-08T23:39:22.870Z" MajorVersion="1" MinorVersion="1" 
Recipient="LiveCycle" 
ResponseID="a7364b9f925e388541dac072cca6ab74"><ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
<ds:Reference URI="#a7364b9f925e388541dac072cca6ab74">
<ds:Transforms>
<ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind 
rw saml samlp typens #default"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>hluVA5vy7m0ShT+8SDGUJKCM7Uo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>/Sr3FEQAjpgt6+ZePUhRuUYruZY=</ds:SignatureValue>
</ds:Signature><Status><StatusCode 
Value="samlp:Success"></StatusCode></Status><Assertion 
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
AssertionID="a7364b9f925e388541dac072cca6ab74" 
IssueInstant="2007-01-08T23:39:22.870Z" Issuer="LiveCycle" MajorVersion="1" 
MinorVersion="1"><Conditions NotBefore="2007-01-08T23:39:22.870Z" 
NotOnOrAfter="2007-01-08T23:44:22.870Z"></Conditions><AuthenticationStatement 
AuthenticationInstant="2007-01-08T23:39:22.870Z" 
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Subject><NameIdentifier
 
NameQualifier="DefaultDom">administrator</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response>
2007-01-08 15:39:30,573 WARN  
[com.adobe.idp.common.errors.exception.IDPLoggedException] 
UserM:GENERIC_WARNING: [Thread Hashcode: 5426428] | 
[com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] 
errorCode:16386 errorCodeHEX:0x4002 message:null 
chainedException:org.xml.sax.SAXParseException: cvc-id.2: There are multiple 
occurrences of ID value 
'a7364b9f925e388541dac072cca6ab74'.chainedExceptionMessage:cvc-id.2: There 
are multiple occurrences of ID value 'a7364b9f925e388541dac072cca6ab74'. 
chainedException trace:org.xml.sax.SAXParseException: cvc-id.2: There are 
multiple occurrences of ID value 'a7364b9f925e388541dac072cca6ab74'.
        at 
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown 
Source)
        at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
        at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
        at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
        at 
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown
 Source)
        at 
org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
        at 
org.apache.xerces.impl.xs.XMLSchemaValidator.processOneAttribute(Unknown 
Source)
        at 
org.apache.xerces.impl.xs.XMLSchemaValidator.processAttributes(Unknown Source)
        at 
org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown 
Source)
        at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown 
Source)
        at 
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown 
Source)
        at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
 Source)
        at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown 
Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
        at org.opensaml.XML$ParserPool.parse(Unknown Source)
        at com.adobe.idp.um.util.SAMLHelper.parse(SAMLHelper.java:138)
        private SAMLResponse createSAMLResponse(String recipient,
                                                                              
  String issuer,
                                                                              
  Collection audiences,
                                                                              
  String name,
                                                                              
  String nameQualifier,
                                                                              
  String format,
                                                                              
  String subjectIP,
                                                                              
  String authMethod,
                                                                              
  Date authInstant,
                                                                              
  Collection bindings,
                                                                              
  int ttlMilliSecs)
                throws SAMLException
        {
                logger.debug("Creating SAML Response.");
        
                if (recipient == null || recipient.length() == 0)
                        throw new SAMLException(SAMLException.RESPONDER, 
"SAMLPOSTProfile.prepare() requires recipient");

                Vector conditions = new Vector(1);
                if (audiences != null && audiences.size() > 0)
                        conditions.add(new 
SAMLAudienceRestrictionCondition(audiences));

                String[] confirmationMethods = {SAMLSubject.CONF_BEARER};
                SAMLSubject subject = new SAMLSubject(new 
SAMLNameIdentifier(name, nameQualifier, format), 
                                Arrays.asList(confirmationMethods), null, 
null);
                        //statements do not contain any id
                SAMLStatement[] statements =
                        {new SAMLAuthenticationStatement(subject, authMethod, 
authInstant, subjectIP, null, bindings)};
                        //assertion has an id
                SAMLAssertion[] assertions = {
                        new SAMLAssertion(issuer, new 
Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 
ttlMilliSecs),
                                                                conditions, 
null, Arrays.asList(statements))
                        };

                //no id passed in or setup...
                SAMLResponse smlResp = new SAMLResponse(null, recipient, 
Arrays.asList(assertions), null);
                //Post process SAML resp to see if for some reason ids have 
matched. if yes, we will change them
                
                String sid = null;
                if ((sid = 
checkAndReturnSAMLIdentifierIfNeeded(smlResp.getId(), assertions[0].getId() 
)) != null){ //just 1 assertion for now...
                        //set up sid in response...
                        smlResp.setId(sid);
                }
                return smlResp;
        }
        
        //This is just a hack. perhaps it will give a clue as to what path is 
creating a dubious IDs that fail subsequent parsing... 
        private String checkAndReturnSAMLIdentifierIfNeeded(String srId, 
String assertionId){                                           
                if(assertionId.equals(srId) == true){ //both are same ans we 
have an issue!
                        int count = 0;                  
                        String samlRespStr = null;
                        //weird case ... ! why is assertionid == ResponseId??
                        
System.out.println("[WARN]checkAndReturnSAMLIdentifierIfNeeded: FOUND EQUAL : 
SAMLRespone ID " + srId + " AssertionID : " + assertionId);
                        System.out.println("Offending trace : ");
                        try{ throw new Exception();}catch(Exception e){ 
e.printStackTrace();} //get the stacktrace
                        do{
                                
System.out.println("checkAndReturnSAMLIdentifierIfNeeded : Attempt to get New 
ID # " + count++);
                                samlRespStr = new 
SAMLIdentifier().toString();                          
                                if(!samlRespStr.equals(srId)){
                                        
System.out.println("checkAndReturnSAMLIdentifierIfNeeded : Got non matching 
ID -  " + samlRespStr + " on count : " + count);
                                        return samlRespStr;
                                }
                                try{ Thread.sleep(1500);} catch (Exception e) 
{ //sleep for 1.5 secs before trying again... we dont want to hogg the cpu
                                        // TODO: handle exception
                                }
                        }while(count < 5);//try 5 times and come out
                }//they are unqual... no issues!
                return null;
        }