Error while running Fedlet using Single Sign on

This topic has 15 replies, 3 voices, and was last updated 3 months, 2 weeks ago by Jatinder Singh.

  • Author
    Posts
  • #27919
     suresh_a
    Participant

    I am doing a POC to use Fedlet in my java application
    I have followed the steps in
    https://backstage.forgerock.com/docs/openam/13.5/dev-guide/#create-install-java-fedlet
    When I tried to create Fedlet.zip, i found that the zip did not contain Fedlet.war
    Hence I had downloaded the Fedlet.zip from oracle website and proceeded the steps in the above link
    When testing the Federated initiated Single sign on application
    I am getting the following error in browser
    Http status 500 internal server error
    Single Sign On Failed
    The server encountered an unexpected condition that prevented from fulfilling the request

    The Fedlet Debug Log libSAML file

    Error : mapPK2Cert.JKSKeyProvider: java.lang.NullPointerException at
    com.sun.identity.saml.xmlsig.JKSKeyProver.mapPK2Cert
    The Fedlet Debug amSDK file
    Error : JCEEncryption:Unsported version:40

    Fedlet Console Log
    Get_Entity_Names_Succeeded
    Cot_Descriptor_retrieved
    Redirect_to_Idp
    Got_Response_From_Post

    I am not sure if this is because of the war file which I had used from the oracle site.
    Is the failure due to authentication since as per Fedlet Console log it goes to redirect to Idp and while getting response it fails

    #27920
     Jatinder Singh
    Participant

    The fedlet.war is shipped with the OpenAM distribution and not available in Fedlet.zip. If you are following the documentation on backstage – I would suggest to try fedlet.war from the backstage itself. It’s available in the Downloads > AM > Archive section under v13.5.2. You will need an active subscription.

    P.S Final EOSL for v13.5.2 is set to December 31, 2020.

    https://backstage.forgerock.com/knowledge/kb/article/a18529200#AM

    #27922
     suresh_a
    Participant

    Thanks. I am unable to get from archives. Is there any way to get this for pic purposes. Also based on the log do you suggest the war is the reason for error

    #27925
     Scott Heger
    Participant

    What version of AM are you using? You state you are following the 13.5 Dev Guide, but is that the actual version you are using?

    #27927
     suresh_a
    Participant

    I am using openam 14.5.1 from below link
    https://github.com/OpenIdentityPlatform/OpenAM/releases

    Open SSO fedlet.zip is downloaded from https://www.oracle.com/technetwork/jp/middleware/id-mgmt/downloads/oid-11g-197397-ja.html

    I am unable to get fedlet.zip from Forgerock download archive since I dont have an active acct

    #27929
     Scott Heger
    Participant

    Did you try the Fedlet-14.5.1.zip file from the same location your downloaded AM from? It contains the fedlet.war. https://github.com/OpenIdentityPlatform/OpenAM/releases/download/14.5.1/Fedlet-14.5.1.zip.

    #27931
     Jatinder Singh
    Participant

    +1 Scott’s reply.

    Try to stick to the distribution you are working with as there can be delta between two distributions.

    #27936
     suresh_a
    Participant

    Thanks Trying out using Fedlet war of Fedlet-14.5.1.zip file from https://github.com/OpenIdentityPlatform/OpenAM/releases/download/14.5.1/Fedlet-14.5.1.zip. and testing it
    Will let you know

    #27942
     suresh_a
    Participant

    Fedlet.war 14.5.1 works fine with tomcat 8.5 and Java 1.8. however there are legacy apps which are with jre1.5 or 1.6 and tomcat 5.5 /JBoss 5.X versions, where it doesn’t work giving listener error. Is there a compatible fedlet.war which can support these versions

    #27950
     Scott Heger
    Participant

    I doubt it. AM hasn’t supported those jre versions for quite some time. You could try to modify the fedlet code yourself since it is made up of JSP files to see if you can get it to work. Or you could try a different SAML library like Spring SAML which supports jre back to 1.6: https://projects.spring.io/spring-security-saml/

    #27954
     suresh_a
    Participant

    Thanks. Let me check out spring SAML

    #27955
     suresh_a
    Participant

    When I setup local OpenAm integration with Springboot SP, Trying to import SP metadata into openAM, i am getting below error

    Certificate found in Signature or KeyDescriptor under element
    “EntityDescriptor” is not trusted.

    #27960
     Scott Heger
    Participant

    Is the metadata itself signed? If so, try not signing that.

    #27963
     Jatinder Singh
    Participant

    It’s a certificate trust issue. Since you are simply testing, you could remove signing as suggested above or add the certificate to the trust store.

    #28041
     suresh_a
    Participant

    Thanks. I am able to get it

Viewing 15 posts - 1 through 15 (of 16 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?