Skip to Content.
Sympa Menu

shibboleth-dev - Re: archives; recap of "endorsed" libs

Subject: Shibboleth Developers

List archive

Re: archives; recap of "endorsed" libs


Chronological Thread 
  • From: Christopher A Bongaarts <>
  • To: Scott Cantor <>
  • Cc:
  • Subject: Re: archives; recap of "endorsed" libs
  • Date: Tue, 16 Dec 2003 11:14:34 -0600

In the immortal words of Scott Cantor:
> > Of course, the link is dead, although poking around on xml.apache.org
> > eventually lead me to the page I think it was referring to
> > (/security/Java/installation.html). The page looks pretty dated, and
> > it's not clear to me where to get the xalan.jar file they talk about.
>
> The JDK contains a buggy beta version of Xalan that has to be overridden
> with a working copy in order to use any Xpath functions that hit the bug.
> There are certain signing settings that require a working Xalan, and that's
> where the error message comes from.
>
> That said, it's my understanding that there is nothing in the current code
> that requires any of those broken Xpath functions and that's why Shibboleth
> appears to work for most people without requiring an endorsed version of
> Xalan.
>
> However, some people (Penn State for one) have been observing this error
> message randomly on the order of a few times per hundred signing operations.
> Some of us hardly ever see it (like once every few thousand).
>
> My current take on this is that there's a completely separate bug in the
> xmlsec library that happens to hit the same exception handler and trigger
> this error message when the actual cause has nothing to do with Xalan. This
> is totally speculative on my part.
>
> Do you get this error every time?

I just tried it again and it seems to work. (The previous time was
the first time I tried it...) So the answer appears to be "not every
time", maybe "only the first time after restart" or something.

If it helps, here is the stack trace from the error...

%% Christopher A. Bongaarts %%

%%
%% Internet Services %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
----snip----
java.lang.NullPointerException: Since it seems that nobody reads our
installation notes, we must do it in the exception messages. Hope you read
them. You did NOT use the endorsed mechanism from JDK 1.4 properly; look at
how to solve this problem. Original message was "null"
at
org.apache.xml.security.utils.XMLUtils.getOwnerDocument(XMLUtils.java:996)
at
org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeXPathNodeSet(CanonicalizerBase.java:360)
at
org.apache.xml.security.signature.XMLSignatureInput.getOctetStream(XMLSignatureInput.java:344)
at
org.apache.xml.security.signature.XMLSignatureInput.getBytes(XMLSignatureInput.java:380)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Reference.java:478)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Reference.java:700)
at
org.apache.xml.security.signature.Reference.getReferencedBytes(Reference.java:765)
at
org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:790)
at
org.apache.xml.security.signature.Reference.generateDigestValue(Reference.java:441)
at
org.apache.xml.security.signature.Manifest.generateDigestValues(Manifest.java:214)
at
org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:529)
at org.opensaml.SAMLSignedObject.sign(Unknown Source)
at
edu.internet2.middleware.shibboleth.common.ShibPOSTProfile.prepare(ShibPOSTProfile.java:337)
at
edu.internet2.middleware.shibboleth.common.ClubShibPOSTProfile.prepare(ClubShibPOSTProfile.java:153)
at
edu.internet2.middleware.shibboleth.hs.HandleServlet.generateAssertion(HandleServlet.java:342)
at
edu.internet2.middleware.shibboleth.hs.HandleServlet.doGet(HandleServlet.java:307)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:457)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:576)
at java.lang.Thread.run(Thread.java:536)




Archive powered by MHonArc 2.6.16.

Top of Page