Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] 2.2.0-SNAPSHOT tc-config

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] 2.2.0-SNAPSHOT tc-config


Chronological Thread 
  • From: "Mahabalagiri, Datta" <>
  • To: "" <>
  • Subject: RE: [Shib-Dev] 2.2.0-SNAPSHOT tc-config
  • Date: Thu, 19 Aug 2010 12:56:43 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US
I still can't get it to work. I tried instrumenting all classes (*..*), still
no luck. I am running out of ideas.

Ideas, anyone?

Thanks.
Datta



-----Original Message-----
From:


[mailto:]
On Behalf Of Kevin P. Foote
Sent: Tuesday, August 17, 2010 10:53 AM
To:

Subject: RE: [Shib-Dev] 2.2.0-SNAPSHOT tc-config


Datta..

Sorry.
Yea.. I highly edited that last xml in the last message..

for 2.2.0-SNAPSHOT paired with TC ..

The following need to be added to <additional-boot-jar-classes> section

- java.util.AbstractSet
- javax.security.auth.Subject$ClassSet

The following need to be added to <instrumented-classes> section with
<honor-transient>true</honor-transient> declared ..

- org.apache.commons.logging.impl.SLF4JLocationAwareLog
- edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory
-
edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory$UnorderedLdapAttributes
- edu.vt.middleware.ldap.bean.AbstractLdapAttributes
- edu.vt.middleware.ldap.bean.AbstractLdapBean

This is of course if your using LDAP. Not completely sure on that SLF4J
include.. but my staging setup is working just fine.

------
thanks
kevin.foote

On Mon, 16 Aug 2010, Mahabalagiri, Datta wrote:

-> Kevin,
-> I appreciate your quick response.
-> I still can't get it to work. I am getting the same exception. Did you
mark any of the instrumented classes as transient?
->
-> Here is the logs:
-> 2010-08-16-16:42:46.748 TRACE Attempting to retrieve IdP session cookie.
-> 2010-08-16-16:42:46.749 TRACE Found IdP session cookie.
-> 2010-08-16-16:42:46.799 TRACE Updating IdP session activity time and
adding session object to the request
-> 2010-08-16-16:42:46.816 INFO
20100816T234246Z|164.67.133.206|shbpreview.ais.ucla.edu:443|/profile/Shibboleth/SSO|
-> 2010-08-16-16:42:46.828 DEBUG shibboleth.HandlerManager: Looking up
profile handler for request path: /Shibboleth/SSO
-> 2010-08-16-16:42:46.828 DEBUG shibboleth.HandlerManager: Located profile
handler of the following type for the request path:
edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler
-> 2010-08-16-16:42:46.828 DEBUG Processing incoming request
-> 2010-08-16-16:42:46.828 DEBUG Incoming request does not contain a login
context, processing as first leg of request
-> 2010-08-16-16:42:46.829 DEBUG Decoding message with decoder binding
urn:mace:shibboleth:1.0:profiles:AuthnRequest
-> 2010-08-16-16:42:46.830 DEBUG Looking up relying party configuration for
https://mi14.dev.ais.ucla.edu/shibboleth-sp
-> 2010-08-16-16:42:46.830 DEBUG No custom relying party configuration
found for https://mi14.dev.ais.ucla.edu/shibboleth-sp, looking up
configuration based on metadata groups.
-> 2010-08-16-16:42:46.830 DEBUG No custom or group-based relying party
configuration found for https://mi14.dev.ais.ucla.edu/shibboleth-sp. Using
default relying party configuration.
-> 2010-08-16-16:42:46.831 DEBUG Decoded Shibboleth SSO request from
relying party 'https://mi14.dev.ais.ucla.edu/shibboleth-sp'
-> 2010-08-16-16:42:46.832 DEBUG Looking up relying party configuration for
https://mi14.dev.ais.ucla.edu/shibboleth-sp
-> 2010-08-16-16:42:46.833 DEBUG No custom relying party configuration
found for https://mi14.dev.ais.ucla.edu/shibboleth-sp, looking up
configuration based on metadata groups.
-> 2010-08-16-16:42:46.833 DEBUG No custom or group-based relying party
configuration found for https://mi14.dev.ais.ucla.edu/shibboleth-sp. Using
default relying party configuration.
-> 2010-08-16-16:42:46.844 DEBUG Processing incoming request
-> 2010-08-16-16:42:46.844 DEBUG Beginning user authentication process.
-> 2010-08-16-16:42:46.856 ERROR Error occured while processing request
-> java.lang.NullPointerException: null
-> at javax.security.auth.Subject$ClassSet.<init>(Subject.java:1311)
[na:1.6.0_13]
-> at javax.security.auth.Subject.getPrincipals(Subject.java:592)
[na:1.6.0_13]
-> at
edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.__tc_wrapped_getPrincipalName(SessionImpl.java:98)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.getPrincipalName(SessionImpl.java)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.startUserAuthentication(AuthenticationEngine.java:231)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.service(AuthenticationEngine.java:210)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
[catalina.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.performAuthentication(ShibbolethSSOProfileHandler.java:160)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.processRequest(ShibbolethSSOProfileHandler.java:119)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler.processRequest(ShibbolethSSOProfileHandler.java:1)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83)
[shibboleth-common-1.2.0.jar:na]
-> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> at
edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:77)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> at
edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
[shibboleth-common-1.2.0.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> at
edu.ucla.iamucla.tsunami.custom.RequestIdFilter.doFilter(RequestIdFilter.java:65)
[RequestIdFilter.class:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
-> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[catalina.jar:na]
-> at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:na]
-> at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
[catalina.jar:na]
-> at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:na]
-> at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:na]
-> at
org.terracotta.modules.tomcat.tomcat_5_5.SessionValve55.invoke(SessionValve55.java:73)
[na:na]
-> at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
[catalina.jar:na]
-> at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
[tomcat-coyote.jar:na]
-> at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
[tomcat-coyote.jar:na]
-> at
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
[tomcat-coyote.jar:na]
-> at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
[tomcat-coyote.jar:na]
-> at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
[tomcat-coyote.jar:na]
-> at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
[tomcat-coyote.jar:na]
-> at java.lang.Thread.run(Thread.java:619) [na:1.6.0_13]
->
-> Thanks.
-> Datta
->
->
->
->
-> -----Original Message-----
-> From:


[mailto:]
On Behalf Of Kevin P. Foote
-> Sent: Monday, August 16, 2010 5:20 AM
-> To:

-> Subject: RE: [Shib-Dev] 2.2.0-SNAPSHOT tc-config
->
->
-> Datta ..
->
-> Here is my additional-boot-jar-classes section and my
-> instrumented-classes section from my tc-config on 2.2.0-SNAPSHOT..
->
->
-> The addition of AbstractSet and Subject$ClassSet was required to get
persistence to work
-> with 2.2.0-SNAPSHOT
->
->
-> <additional-boot-jar-classes>
-> <include>java.util.AbstractSet</include>
-> <include>javax.security.auth.Subject</include>
-> <include>javax.security.auth.Subject$ClassSet</include>
-> <include>javax.security.auth.Subject$SecureSet</include>
-> <include>javax.security.auth.x500.X500Principal</include>
->
<include>javax.security.auth.kerberos.KerberosPrincipal</include>
-> </additional-boot-jar-classes>
-> ...
-> <instrumented-classes>
->
<class-expression>edu.vt.middleware.ldap.jaas.LdapPrincipal</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal</class-expression>
->
<class-expression>edu.vt.middleware.ldap.jaas.LdapCredential</class-expression>
->
<class-expression>org.apache.commons.logging.impl.SLF4JLocationAwareLog</class-expression>
->
<class-expression>edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory</class-expression>
->
<class-expression>edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory$UnorderedLdapAttributes</class-expression>
->
<class-expression>edu.vt.middleware.ldap.bean.AbstractLdapAttributes</class-expression>
->
<class-expression>edu.vt.middleware.ldap.bean.AbstractLdapBean</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException</class-expression>
->
<class-expression>org.opensaml.util.storage.AbstractExpiringObject</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdEntry</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.LoginContextEntry</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.LoginContext</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.ShibbolethSSOLoginContext</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.session.impl.AuthenticationMethodInformationImpl</class-expression>
->
<class-expression>org.opensaml.util.storage.ReplayCacheEntry</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerEntry</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.common.session.impl.AbstractSession</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl</class-expression>
->
<class-expression>edu.internet2.middleware.shibboleth.idp.session.impl.ServiceInformationImpl</class-expression>
->
<class-expression>org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry</class-expression>
-> <class-expression>org.opensaml.xml.util.LazyList</class-expression>
-> <class-expression>org.opensaml.xml.util.LazySet</class-expression>
-> <class-expression>org.opensaml.xml.util.LazyMap</class-expression>
-> </instrumented-classes>
->
->
-> ------
-> thanks
-> kevin.foote
->
-> On Fri, 13 Aug 2010, Mahabalagiri, Datta wrote:
->
-> -> I am getting the same error. Anyone has a list classes that need to be
instrumented in TC for 2.2.0-SNAPSHOT?
-> ->
-> -> java.lang.NullPointerException: null
-> -> at
javax.security.auth.Subject$ClassSet.<init>(Subject.java:1311) [na:1.6.0_13]
-> -> at javax.security.auth.Subject.getPrincipals(Subject.java:592)
[na:1.6.0_13]
-> -> at
edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.__tc_wrapped_getPrincipalName(SessionImpl.java:98)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> -> at
edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.getPrincipalName(SessionImpl.java)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> -> at
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.startUserAuthentication(AuthenticationEngine.java:231)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> -> at
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.service(AuthenticationEngine.java:210)
[shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> -> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
-> -> at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:na]
-> -> at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
-> -> at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
[catalina.jar:na]
-> -> at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
[catalina.jar:na]
-> ->
-> ->
-> -> I can reproduce this. We have two nodes behind the load balancer. When
I first sign in traffic goes to node1. If the following authn request goes to
node2 node I get this error.
-> ->
-> -> Thanks.
-> ->
-> -> Datta
-> ->
-> ->
-> -> -----Original Message-----
-> -> From:


[mailto:]
On Behalf Of Kevin P. Foote
-> -> Sent: Wednesday, June 23, 2010 1:36 PM
-> -> To: shibboleth development
-> -> Subject: [Shib-Dev] 2.2.0-SNAPSHOT tc-config
-> ->
-> ->
-> -> Does anyone have the complete list of classes to add to the tc-config ..
-> ->
-> -> I've added:
-> ->
-> -> edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory
-> ->
edu.vt.middleware.ldap.bean.UnorderedLdapBeanFactory$UnorderedLdapAttributes
-> -> edu.vt.middleware.ldap.bean.AbstractLdapAttributes
-> -> edu.vt.middleware.ldap.bean.AbstractLdapBean
-> ->
-> ->
-> -> But I'm getting an error so wondering if there is another class I
-> -> missed..
-> ->
-> -> 15:40:30.125 - ERROR
-> ->
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88]
-> -> - Erro
-> -> r occurred while processing request
-> -> java.lang.NullPointerException: null
-> -> at
-> -> javax.security.auth.Subject$ClassSet.<init>(Subject.java:1311)
-> -> [na:1.6.0_16]
-> -> at javax.security.auth.Subject.getPrincipals(Subject.java:592)
-> -> [na:1.6.0_16]
-> -> at
-> ->
edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.__tc_wrapped_getPrincipalName(SessionIm
-> -> pl.java:98) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
-> ->
-> ->
-> -> ------
-> -> thanks
-> -> kevin.foote
-> ->
->

Archive powered by MHonArc 2.6.16.

Top of Page