This topic has 187 replies, 22 voices, and was last updated 7 months, 1 week ago by anisha.mullamuri.

  • Author
  • #10962

    Hi Jamie,

    I was quite new in OpenAM , i am currently working on saml with xacml integration using OpenAM,

    when i am deploying Fedlet to Tomcat and Trying to send xacl soap request and Response

    here is

    QueryClient:processXACMLQuerysoapMessage :<soap-env:Envelope xmlns:soap-env=””><soap-env:Body&gt;
    <samlp:RequestAbstract xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol” xsi:type=”xacml-samlp:XACMLAuthzDecisionQuery” xmlns:xsi=”; xmlns:xacml-samlp=”urn:oasis:xacml:2.0:saml:protocol:schema:os” xacml-samlp:InputContextOnly=”true” xacml-samlp:ReturnContext=”true” ID=”s216f0c3c2555cf71e3aee292a0e4c38c28d965499″ Version=”2.0″ IssueInstant=”2016-05-31T11:02:16Z” Destination=”destination-uri” Consent=”consent-uri”>
    <saml:Issuer xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”>myfedlet</saml:Issuer>
    <xacml-context:Request xmlns:xacml-context=”urn:oasis:names:tc:xacml:2.0:context:schema:os” xmlns:xsi=”; xsi:schemaLocation=”urn:oasis:names:tc:xacml:2.0:context:schema:os”&gt;
    <Subject SubjectCategory=”urn:oasis:names:tc:xacml:1.0:subject-category:access-subject”>
    <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:subject:subject-id” DataType=”urn:sun:names:xacml:2.0:data-type:saml2-nameid” >
    <Attribute AttributeId=”ResourceId” DataType=”; >
    <Attribute AttributeId=”urn:sun:names:xacml:2.0:resource:target-service” DataType=”; >
    <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:action:action-id” DataType=”; >


    And in response i am getting

    com.sun.identity.saml2.common.SAML2Exception: <SOAP-ENV:Fault xmlns:SOAP-ENV=””><faultcode>SOAP-ENV:Server</faultcode><faultstring>Invalid Query.</faultstring><detail><Problem details=”Issuer in Request is invalid.”/></detail></SOAP-ENV:Fault>
    at com.sun.identity.saml2.soapbinding.QueryClient.getSAMLResponse(
    at com.sun.identity.saml2.soapbinding.QueryClient.processXACMLQuery(
    at com.sun.identity.xacml.client.XACMLRequestProcessor.processRequest(
    at com.sun.identity.saml2.profile.XACMLQueryUtil.getPolicyDecisionForFedlet(
    at org.apache.jsp.fedletXACMLResp_jsp._jspService(
    at org.apache.jasper.runtime.HttpJspBase.service(
    at javax.servlet.http.HttpServlet.service(
    at org.apache.jasper.servlet.JspServletWrapper.service(
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(
    at org.apache.jasper.servlet.JspServlet.service(
    at javax.servlet.http.HttpServlet.service(
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(
    at org.apache.catalina.core.StandardWrapperValve.invoke(
    at org.apache.catalina.core.StandardContextValve.invoke(
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
    at org.apache.catalina.core.StandardHostValve.invoke(
    at org.apache.catalina.valves.ErrorReportValve.invoke(
    at org.apache.catalina.valves.AccessLogValve.invoke(
    at org.apache.catalina.core.StandardEngineValve.invoke(
    at org.apache.catalina.connector.CoyoteAdapter.service(
    at org.apache.coyote.http11.AbstractHttp11Processor.process(
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
    at java.util.concurrent.ThreadPoolExecutor.runWorker(
    at java.util.concurrent.ThreadPoolExecutor$
    at org.apache.tomcat.util.threads.TaskThread$

    Can you help me How i can solve this issues , struck from 7 days on this

     Jamie Bowen

    Hi vikashsingh005,

    This is outside my area of expertise I’m afraid. A quick google search threw up this link;

    You might find more help if you create a post in the OpenAM forum. Good luck with solving it!




    New and quite happy Forgerock customers here :) We (myc company and fellow co-workers) are using OpenDJ as LDAP directory, which is connected to an AD, we are also using OpenIDM as a customers password management portal. No openAM for now, we’ll see if it is needed later.

    Quite new to LDAP in general, still I really love what I am seeing right now.

    got some question which I am going to ask right now in the forums.


     Jamie Bowen

    Welcome Pier. LDAP’s bit of a learning curve, but I’m sure the forums will give you all the help you need!



    I am new to ForgeRock and working my way through Open DJ and now OpenAM. Like the product so far.

     Jamie Bowen

    @abhijit-sarmah glad you’re enjoying it! Welcome to the forums!


    Hi All,

    I am working for operative media works . we are looking for openAM for our SSO and federation . we already integrated our web application to support SSO and federation in development environment .

    it is very good to use and simple to configure . After integration with OpenAM my applications Authentication is very clean.

    but we are currently facing issues while securing our web services against openAM Authentication. what is the best approach while to secure web services using openAM .


    • This reply was modified 5 years, 11 months ago by Bhargava.bada.
     Jamie Bowen

    Hi Bhargava,

    If you can describe your use case a little more fully that would be great. I’m not sure that I understand what you’re trying to do yet. Also, if you post in the OpenAM forum you will have more chance of people seeing your post and contributing.

    Welcome to the forums however, I’m sure you’ll find the advice you’re looking for!


    • This reply was modified 5 years, 11 months ago by Jamie Bowen.

    I’m Tim MacAlpine. I am project lead for the identity management portion of a larger network infrastructure program. We’ve been migrating from the Oracle (originally Sun) suite to OpenAM, OpenDJ and OpenIDM. OpenAM is in production, OpenDJ is close to deployment and OpenIDM is under construction. Our use cases are very group-management-centric and many involve workflows in addition to basic group management tasks. Our technical learning curve has been focused on custom endpoints, workflows and custom AngularJS UI development. We find OpenIDM to be powerful and challenging to master – but we’re eagerly facing the challenges.

    My spare time activities include singing barbershop-style music with a quartet and a chorus, working with local amateur theatre groups as a performer and administrative board member, and spending time with my growing family – we just welcomed a new, 3rd granddaughter to our fold. Life it good!

     Jamie Bowen

    Hi Tim,

    Sounds like you’ve got a full and busy life! Sure OpenIDM is powerful and flexible, but those attributes don’t come with out a little complexity! We love some music here at ForgeRock. We have pianos, guitars and electric drums in the office and can often be found jamming at lunchtimes!

    Good luck with your project. I hope you find the forums useful.



    Hi, I’m Hank Ratzesberger and I work for Techflow. We’re a government consulting company that does a lot of work for the GSA. I’m here because we need to replace OpenSSO, preferably last month, as it were. I’m also here because I just can’t get the basic install or one with our few modifications to work in JBoss 6.4.5 – a lot of links get 404 errors or are simple inactive. Hopefully, I can figure this out. Cheers.



    My name is Aislan and I’m new to the OpenIDM world. Just found this community and I’m very excited to make part of it.

     Jamie Bowen

    Hi Aislan,

    Thanks for finding us I hope you find it useful!



    Hi All,

    I’m a software developer recently introduced to OpenAM. I’ve been a software developer for a couple of years now and even though I love my job, I find it’s quite challenging every now and then.

    I was introduced to OpenAM in this project we have started working on, which involves updating and refactoring a previous version of our custom authentication module (developed using OpenAM 9) up to version 13.

    My goal is to learn as much as possible, implement what I have learned and then in turn teach others. I’m really looking forward to working with the platform.

    I had a question about logging and debugging when regestering authentication modules. What I mean with this is, I was able to create the custom sample authentication module following the example in the dev guide without a problem. However when adapting the customer module developed in version 9 to version 13, I’m able to register the auth module and create the server just fine but the module doesn’t appear for the “/” realm for me to test it. I was wondering if there was any advice you guys could give me to help me troubleshoot the problem or logs locations to check, I was able to turn debugging on from the configuration options.

    Thank you very much for your time.

     Jamie Bowen

    Hi Martin,

    Welcome to the forums and I hope you have fun and learn lots working with OpenAM 13. There have been a ton of changes between v9 & v13 for sure!

    You can learn all about debug logging from this chapter of the OpenAM admin guide:!/docs/openam/13.5/admin-guide#debug-logging

    Hope that gets you up and running!


Viewing 15 posts - 16 through 30 (of 187 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?