[Dev] [SSO][APIM][SHIBBOLETH] Class Cast Exception while log in.
Hi All, I have configured API Manager 1.9.0 with Shibboleth 2.4.4 for SSO functionality. I have used https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO; as the IdentityProviderSSOServiceURL in store/site/conf/site.json file like below ssoConfiguration : { enabled : true, issuer : store, identityProviderURL : https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO;, keyStorePassword : wso2carbon, identityAlias : idp.wso2.org, responseSigningEnabled:true, keyStoreName :repository/resources/security/wso2carbon.jks, passive : false, signRequests : false, acsURL :https://localhost:9443/store/jagg/jaggery_acs.jag; } I'm getting below exception in APIM while log in to API Store [2015-07-28 13:52:26,658] WARN - AuthenticationHandler Illegal access attempt at [2015-07-28 13:52:26,0658] from IP address 10.100.5.121 : Service is RemoteAuthorizationManagerService [2015-07-28 13:52:26,660] ERROR - AxisEngine Access Denied. Please login first. org.apache.axis2.AxisFault: Access Denied. Please login first. at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:97) at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) And, getting below exception in shibboleth IDP 13:52:26.714 - ERROR
Re: [Dev] [SSO][APIM][SHIBBOLETH] Class Cast Exception while log in.
Can you please double check whether the issuer name (store) exactly matches with shibboleth metadata configs (RelyingParty id in relying-party.xml and entityID specified in config file @ metadata folder) On Tue, Jul 28, 2015 at 3:52 PM, Abimaran Kugathasan abima...@wso2.com wrote: Hi All, I have configured API Manager 1.9.0 with Shibboleth 2.4.4 for SSO functionality. I have used https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO; as the IdentityProviderSSOServiceURL in store/site/conf/site.json file like below ssoConfiguration : { enabled : true, issuer : store, identityProviderURL : https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO;, keyStorePassword : wso2carbon, identityAlias : idp.wso2.org, responseSigningEnabled:true, keyStoreName :repository/resources/security/wso2carbon.jks, passive : false, signRequests : false, acsURL :https://localhost:9443/store/jagg/jaggery_acs.jag; } I'm getting below exception in APIM while log in to API Store [2015-07-28 13:52:26,658] WARN - AuthenticationHandler Illegal access attempt at [2015-07-28 13:52:26,0658] from IP address 10.100.5.121 : Service is RemoteAuthorizationManagerService [2015-07-28 13:52:26,660] ERROR - AxisEngine Access Denied. Please login first. org.apache.axis2.AxisFault: Access Denied. Please login first. at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:97) at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) at
Re: [Dev] [SSO][APIM][SHIBBOLETH] Class Cast Exception while log in.
Hi Pavithra, Yes, there are same, you can see both below. rp:RelyingParty id=store provider=https://idp.wso2.org/idp/shibboleth; defaultSigningCredentialRef=IdPCredential defaultAuthenticationMethod=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport rp:ProfileConfiguration xsi:type=saml:SAML2SSOProfile signResponses=always signAssertions=always encryptAssertions=never encryptNameIds=never/ /rp:RelyingParty EntityDescriptor entityID=store xmlns=urn:oasis:names:tc:SAML:2.0:metadata in /opt/shibboleth-idp/metadata/store.xml file On Tue, Jul 28, 2015 at 3:57 PM, Pavithra Madurangi pavit...@wso2.com wrote: Can you please double check whether the issuer name (store) exactly matches with shibboleth metadata configs (RelyingParty id in relying-party.xml and entityID specified in config file @ metadata folder) On Tue, Jul 28, 2015 at 3:52 PM, Abimaran Kugathasan abima...@wso2.com wrote: Hi All, I have configured API Manager 1.9.0 with Shibboleth 2.4.4 for SSO functionality. I have used https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO; as the IdentityProviderSSOServiceURL in store/site/conf/site.json file like below ssoConfiguration : { enabled : true, issuer : store, identityProviderURL : https://idp.wso2.org:443/idp/profile/SAML2/POST/SSO;, keyStorePassword : wso2carbon, identityAlias : idp.wso2.org, responseSigningEnabled:true, keyStoreName :repository/resources/security/wso2carbon.jks, passive : false, signRequests : false, acsURL :https://localhost:9443/store/jagg/jaggery_acs.jag; } I'm getting below exception in APIM while log in to API Store [2015-07-28 13:52:26,658] WARN - AuthenticationHandler Illegal access attempt at [2015-07-28 13:52:26,0658] from IP address 10.100.5.121 : Service is RemoteAuthorizationManagerService [2015-07-28 13:52:26,660] ERROR - AxisEngine Access Denied. Please login first. org.apache.axis2.AxisFault: Access Denied. Please login first. at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:97) at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) at