SAML Response SubjectConfirmationData is missing InResponseTo

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.20 EE GA2
Fix Version/s: 6.1.X EE
Component/s: Authentication, Standards > SAML
Labels:
- QA-R
- saml

Branch Version/s:

6.1.x
Backported to Branch:

Committed

Similar Issues:

Show 5 results

Description

When SAML Response is sent to a corresponding AuthnRequest the SubjectConfirmationData must have InResponseTo with message id of the AuthnRequest

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Justin Choi added a comment - 11/Dec/12 10:48 AM

Per Mika: Yes, this can and should be tested thought it's not quite that trivial. Basically you do the normal IdP SP setup and also enable logging for org.opensaml in saml plugin. That will log the wire message and then you need to look at the SubjectConfirmationData section and see that there is InResponseTo when using SP initiated login.

Show

Justin Choi added a comment - 11/Dec/12 10:48 AM Per Mika: Yes, this can and should be tested thought it's not quite that trivial. Basically you do the normal IdP SP setup and also enable logging for org.opensaml in saml plugin. That will log the wire message and then you need to look at the SubjectConfirmationData section and see that there is InResponseTo when using SP initiated login.

Hide

Permalink

Justin Choi added a comment - 11/Dec/12 1:45 PM - edited

PASSED Manual Testing using the following steps:

Go to \bundle\webapps\saml-portlet\WEB-INF\classes.
Open log4j.properties
Replace the contents with the following:

  log4j.rootLogger=DEBUG, CONSOLE
  log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
  log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
  log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n

Save the file.
Start the first bundle configured as an IdP.
Start the second bundle configured as an SP.
In the IdP bundle, Go to Server Administration > Log Level.
Add a new category: org.apache.xml.security.utils.DigesterOutputStream and set it as DEBUG.
Save the category.
Connect the IdP to the SP.
On the IdP bundle, execute SP initiated SSO.
The console will display something like the following:

21:03:34,515 DEBUG [velocity:155] Velocimacro : Default library not found.
21:03:34,516 DEBUG [velocity:155] Velocimacro : allowInline = true : VMs can be defined inline in templates
21:03:34,524 DEBUG [velocity:155] Velocimacro : allowInlineToOverride = false : VMs defined inline may NOT replace previous VM definitions
21:03:34,525 DEBUG [velocity:155] Velocimacro : allowInlineLocal = false : VMs defined inline will be global in scope if allowed.
21:03:34,535 DEBUG [velocity:155] Velocimacro : autoload off : VM system will not automatically reload global library macros
21:03:34,536 DEBUG [velocity:155] Velocimacro : Velocimacro : initialization complete.
21:03:34,538 DEBUG [velocity:155] RuntimeInstance successfully initialized.
21:03:34,590 DEBUG [DefaultHttpParams:151] Set parameter http.useragent = Jakarta Commons-HttpClient/3.1
21:03:34,593 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.version = HTTP/1.1
21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.class = class org.apache.commons.httpclient.SimpleHttpConnectionManager
21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.cookie-policy = default
21:03:34,597 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.element-charset = US-ASCII
21:03:34,599 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.content-charset = ISO-8859-1
21:03:34,602 DEBUG [DefaultHttpParams:151] Set parameter http.method.retry-handler = org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@2b260a37
21:03:34,603 DEBUG [DefaultHttpParams:151] Set parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.timeout = 60000
21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.socket.timeout = 60000
21:03:34,618 DEBUG [HttpClient:72] Java version: 1.7.0_09
21:03:34,619 DEBUG [HttpClient:73] Java vendor: Oracle Corporation
21:03:34,620 DEBUG [HttpClient:74] Java class path: D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\bootstrap.jar;D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\tomcat-juli.jar
21:03:34,621 DEBUG [HttpClient:75] Operating system name: Windows 7
21:03:34,623 DEBUG [HttpClient:76] Operating system architecture: amd64
21:03:34,624 DEBUG [HttpClient:77] Operating system version: 6.1
21:03:34,626 DEBUG [HttpClient:82] SUN 1.7: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
21:03:34,627 DEBUG [HttpClient:82] SunRsaSign 1.7: Sun RSA signature provider
21:03:34,639 DEBUG [HttpClient:82] SunEC 1.7: Sun Elliptic Curve provider (EC, ECDSA, ECDH)
21:03:34,640 DEBUG [HttpClient:82] SunJSSE 1.7: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
21:03:34,645 DEBUG [HttpClient:82] SunJCE 1.7: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
21:03:34,648 DEBUG [HttpClient:82] SunJGSS 1.7: Sun (Kerberos v5, SPNEGO)
21:03:34,649 DEBUG [HttpClient:82] SunSASL 1.7: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)
21:03:34,650 DEBUG [HttpClient:82] XMLDSig 1.0: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory)
21:03:34,652 DEBUG [HttpClient:82] SunPCSC 1.7: Sun PC/SC provider
21:03:34,653 DEBUG [HttpClient:82] SunMSCAPI 1.7: Sun's Microsoft Crypto API provider
Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/service.properties
21:03:35,366 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)
21:03:35,368 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)
21:03:35,371 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)
21:03:35,374 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)
21:03:35,379 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)
21:03:35,380 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)
21:03:35,385 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)
21:03:35,388 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)
21:03:35,389 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)
21:03:35,391 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)
21:03:35,393 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)
21:03:35,395 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
21:03:35,397 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)
21:03:35,400 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)
21:03:35,404 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)
21:03:35,408 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)
21:03:35,409 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
21:03:35,410 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
21:03:35,415 DEBUG [SignatureAlgorithm:?] Init() called
21:03:35,427 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)
21:03:35,428 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA
21:03:35,431 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)
21:03:35,431 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
21:03:35,442 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)
21:03:35,442 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1
21:03:35,443 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)
21:03:35,444 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5
21:03:35,452 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)
21:03:35,453 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160
21:03:35,454 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)
21:03:35,454 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256
21:03:35,455 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)
21:03:35,455 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384
21:03:35,456 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)
21:03:35,456 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512
21:03:35,458 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)
21:03:35,458 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1
21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)
21:03:35,459 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5
21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)
21:03:35,460 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160
21:03:35,460 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)
21:03:35,461 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256
21:03:35,462 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)
21:03:35,462 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384
21:03:35,463 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)
21:03:35,464 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512
21:03:35,471 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space
21:03:35,474 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system
21:03:35,475 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs
21:03:35,476 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents
21:03:35,478 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys
21:03:35,480 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys
21:03:35,481 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates
21:03:35,482 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages
21:03:35,483 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers
21:03:35,484 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages
21:03:35,485 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages
21:03:35,486 DEBUG [Init:?] Now I try to bind prefixes:
21:03:35,487 DEBUG [Init:?] Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#
21:03:35,487 DEBUG [Init:?] Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#
21:03:35,488 DEBUG [Init:?] Now I try to bind experimental to http://www.xmlsecurity.org/experimental#
21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
21:03:35,489 DEBUG [Init:?] Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
21:03:35,489 DEBUG [Init:?] Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
21:03:35,489 DEBUG [Init:?] XX_init                             267 ms
21:03:35,489 DEBUG [Init:?]   XX_prng                           0 ms
21:03:35,490 DEBUG [Init:?]   XX_parsing                        119 ms
21:03:35,490 DEBUG [Init:?]   XX_configure_i18n                 2 ms
21:03:35,490 DEBUG [Init:?]   XX_configure_reg_c14n             27 ms
21:03:35,490 DEBUG [Init:?]   XX_configure_reg_jcemapper        4 ms
21:03:35,491 DEBUG [Init:?]   XX_configure_reg_keyInfo          5 ms
21:03:35,491 DEBUG [Init:?]   XX_configure_reg_keyResolver      9 ms
21:03:35,491 DEBUG [Init:?]   XX_configure_reg_prefixes         3 ms
21:03:35,492 DEBUG [Init:?]   XX_configure_reg_resourceresolver 7 ms
21:03:35,492 DEBUG [Init:?]   XX_configure_reg_sigalgos         52 ms
21:03:35,492 DEBUG [Init:?]   XX_configure_reg_transforms       31 ms
21:03:36,235 INFO  [pool-2-thread-1][HookHotDeployListener:551] Registering hook for saml-portlet
Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portal.properties
21:03:36,300 INFO  [pool-2-thread-1][HookHotDeployListener:689] Hook for saml-portlet is available for use
Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portlet.properties
Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-9080"]
Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-9009"]
Dec 11, 2012 9:03:36 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 36146 ms
21:09:02,465 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
21:09:02,477 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
21:09:02,478 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
21:09:02,478 DEBUG [Transform:?] The NodeList is null
21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
21:09:02,480 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
21:09:02,480 DEBUG [Transform:?] The NodeList is null
21:09:02,480 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
21:09:02,481 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:09:02,486 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1
21:09:02,489 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
21:09:02,489 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
21:09:02,490 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA
21:09:02,492 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0
21:09:02,493 DEBUG [ResourceResolver:?]  extra resolvers to my existing 4 system-wide resolvers
21:09:02,493 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP
21:09:02,494 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones
21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem
21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment
21:09:02,495 DEBUG [ResolverFragment:?] State I can resolve reference: ""
21:09:02,496 DEBUG [ResolverFragment:?] ResolverFragment with empty URI (means complete document)
21:09:02,499 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:09:02,500 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
21:09:02,501 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:09:02,507 DEBUG [DigesterOutputStream:?] Pre-digested input:
21:09:02,508 DEBUG [DigesterOutputStream:?] <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="samlidp"><md:IDPSSODescriptor ID="samlidp" WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDdzCCAl+gAwIBAgIET0oeJTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdsaWZlcmF5MRAw
DgYDVQQIEwdsaWZlcmF5MRAwDgYDVQQHEwdsaWZlcmF5MRAwDgYDVQQKEwdsaWZlcmF5MRAwDgYD
VQQLEwdsZmllcmF5MRAwDgYDVQQDEwdsaWZlcmF5MB4XDTEyMTIwNjE3NDI1OFoXDTEzMDMwNjE3
NDI1OFowbDEQMA4GA1UEBhMHbGlmZXJheTEQMA4GA1UECBMHbGlmZXJheTEQMA4GA1UEBxMHbGlm
ZXJheTEQMA4GA1UEChMHbGlmZXJheTEQMA4GA1UECxMHbGZpZXJheTEQMA4GA1UEAxMHbGlmZXJh
eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDwtKSh2CEcELHXwbIFE5LFysdWQ0bk
UAKnrjafNExgCT7oWNesIDl4Rh10+MvEx4ewBuLGQYErRZ5f3hhAIn+KZh23SPqFCmvixCvek0ea
VcOlhmCI9igrKF5pABqt8x+zdOUtC5Tq2YySVbV3Ln+0+Fcyp6OWWxtd0IXkGHFsjijc0NULHGyq
Ah3pmWpZ8onCCPOzW15FHnISGFyMZIvpP+Ek8us5eTQ5ofi5CwlJh7jPdx//GVTdrphzbKM5wvj6
YtswXTh1x2YioVGwA7iNG2A0vev02ZJ3oXQEXvTh7X+2psV04+M3H8cMqUQFFOc1+6IM0WRY0PnY
77yxDBECAwEAAaMhMB8wHQYDVR0OBBYEFA/9QELkUvrO/qSUNt8vrjMamAmKMA0GCSqGSIb3DQEB
CwUAA4IBAQB3e980Lfgv4DUyr6xhhEQk7+OC2DcVbPgIjKBxkriGBs9UKJcIOCIpJ4wQQHLgOpmE
O7womEWICvjeOkOlg3XdOcTJ4K5Lh+ucBx/shq5GzE6FyOjnFI20EWi42i/LDox9HH3UWuME3w9/
oU079PUoRyEV6D+y9bF2qfYbSmw6Faua8cNPXLL05LhM08A2NUFrMGkPUOg5hmG81LqabXfwP1Wp
peBNrEKouciWmhzgHEaKr065U7a2XLMqcly6rOChBhBjbH4slHNpK6N8KyEyKO8KPBWhs+9TKdTn
EyE+O8ORKClIVu0OYtGkgLMWo2yfAnwsuCxpgx5RJKmpr3EH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/slo_redirect"></md:SingleLogoutService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor>
21:09:02,513 DEBUG [SignerOutputStream:?] Canonicalized SignedInfo:
21:09:02,514 DEBUG [SignerOutputStream:?] <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>83Aw7gLn82KPECP9E9Cw0td11sU=</ds:DigestValue></ds:Reference></ds:SignedInfo>
21:09:03,094 DEBUG [HttpConnection:692] Open connection to 172.16.14.119:9080
21:09:03,140 DEBUG [header:70] >> "GET /c/portal/saml/metadata HTTP/1.1[\r][\n]"
21:09:03,141 DEBUG [HttpMethodBase:1352] Adding Host request header
21:09:03,150 DEBUG [header:70] >> "Accept-Encoding: gzip,deflate[\r][\n]"
21:09:03,151 DEBUG [header:70] >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
21:09:03,151 DEBUG [header:70] >> "Host: 172.16.14.119:9080[\r][\n]"
21:09:03,152 DEBUG [header:70] >> "[\r][\n]"
21:09:03,166 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]"
21:09:03,167 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]"
21:09:03,168 DEBUG [header:70] << "Server: Apache-Coyote/1.1[\r][\n]"
21:09:03,169 DEBUG [header:70] << "Set-Cookie: JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; Path=/; HttpOnly[\r][\n]"
21:09:03,169 DEBUG [header:70] << "Content-Encoding: gzip[\r][\n]"
21:09:03,170 DEBUG [header:70] << "Set-Cookie: GUEST_LANGUAGE_ID=en_US; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]"
21:09:03,170 DEBUG [header:70] << "Set-Cookie: COOKIE_SUPPORT=true; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]"
21:09:03,171 DEBUG [header:70] << "Liferay-Portal: Liferay Portal Community Edition 6.1.20 EE (Paton / Build 6120 / July 23, 2012)[\r][\n]"
21:09:03,171 DEBUG [header:70] << "Content-Type: text/xml;charset=UTF-8[\r][\n]"
21:09:03,171 DEBUG [header:70] << "Transfer-Encoding: chunked[\r][\n]"
21:09:03,172 DEBUG [header:70] << "Date: Tue, 11 Dec 2012 21:09:03 GMT[\r][\n]"
21:09:03,172 DEBUG [header:70] << "[\r][\n]"
21:09:03,176 DEBUG [CookieSpec:337] Unrecognized cookie attribute: name=HttpOnly, value=null
21:09:03,177 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; $Path=/"
21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; GUEST_LANGUAGE_ID=en_US; $Path=/"
21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; COOKIE_SUPPORT=true; $Path=/"
21:09:03,181 DEBUG [content:84] << "a"
21:09:03,182 DEBUG [content:84] << "[\r]"
21:09:03,182 DEBUG [content:70] << "[\n]"
21:09:03,183 DEBUG [content:84] << "[0x1f]"
21:09:03,183 DEBUG [content:84] << "[0x8b]"
21:09:03,184 DEBUG [content:84] << "[0x8]"
21:09:03,184 DEBUG [content:84] << "[0x0][0x0][0x0][0x0][0x0][0x0]"
21:09:03,184 DEBUG [content:84] << "[\r]"
21:09:03,185 DEBUG [content:70] << "[\n]"
21:09:03,185 DEBUG [content:84] << "4"
21:09:03,185 DEBUG [content:84] << "b"
21:09:03,186 DEBUG [content:84] << "1"
21:09:03,186 DEBUG [content:84] << "[\r]"
21:09:03,186 DEBUG [content:70] << "[\n]"
21:09:03,187 DEBUG [content:70] << "[0xad]VY[0x93][0x9a]X[0x18][0xfd]+[0x94][0xf3]h[0xa5]Aq[0x1]+[0xdd][0xa9][0xcb][0x8e][0x88][0x88]l[0xea][0xcb][0x14][0xc2]e_[0x84][0xb][0xa2][0xfe][0xfa][0xc1][0xd8][0xe9]t2[0x9d]<d[0xe6][0x8d]{[0xbe][0xe5][0x9e][0xef][0xa3]8[0x87][0xcf]_.y[0x86][0x9d]a[0x8d][0xe2][0xb2]x[0x1e][0x8c][0x9e][0x88][0x1][0x6][0xb][0xaf][0xf4][0xe3]"|[0x1e]X[0xa6][0xf0][0x89][0x1a]|y[0xc1]>[0xe7][0xfe][0x82]/[0x9a][0xb8][0xb9]r[0x10]yu|j[0xca][0xba][0xcf][0xbb][0x3]2[0xf7]<@n[0x9e][0xa1][0xd3][0x0][0xeb]{[0x15]h[0x91][0xfb][0xcf][0x83][0xb6].[0x16][0xa5][0x8b]b[0xb4]([0xdc][0x1c][0xa2]E[0xe3]-[0xc][0xa0][0xae][0x16][0xe3]'b[0x91][0xc3][0xc6][0xf5][0xdd][0xc6][0x1d][0xbc][0xdc][0xdb][0x1a][0x1b][0xc3][0xd0][0xde]u[0x5]m[0x13][0x15][X[0xb5][0x10]5[0xc8][0x88][0xc3][0x2][0xf6][0xed][0x2]7Cp[0x80][0xbd][0xbf][0xcb]q[0x8b][0x6] [0x4][0xeb][0xa6]g[0xfe]s[0xe2][0xa9].[0x9b][0xd2]+3[0xa3]=[0x9d][0xca][0xba][0xe1][0x8b]6[0x87][0xb5][0xdb]|[0x9d][0xf1]w[0xd4][0xbe][0xd5]=[0xa8])[0
xf0][0xfd][0xb8]-[0x82][0xfd][0xed][0xfd]=[0xfd]j[0xfa][0xb8][0x8f][0xee]q[0xb9][0x8][0xca][0xd7][0xb1]}[0xf4]<[0x88][0x9a][0xe6][0xb4][0xc0][0xf1][0xae][0xeb][0x9e]:[0xf2][0xa9][0xac]C|L[0x10][0x4]N[0xd0]x[0x9f][0xe3][0xf7][0xc5]⌂=*wS[0x82][0xe6][0xfa][0x15][0xbc][0x1d][0xd8][0xfb][0x1c]A[0xec][0xb9][\r]|Qe[0x99]3[0x12][0x96][0x5][0x89][0x12][0x82]Nf@([0xf3][0x96]L-i[0x13][0xac][0x99]0[0xad][0xa2]4[0x16][0xe9][0x8e]`[0x80]n[0x9][0x80]c[\n]"
21:09:03,188 DEBUG [content:70] << "UG[0x1d][0xab][0xef]9[[0xd7]E[0xbe][r[0xba][0xc9][0xeb]*[0x98][0x88]`d[0xf1][0x18][0xcb][0xa8][0xd2]Q[0xcc][0xf2][0xc3]n[0x19][0xc1]w[0x1][0xe6][0xf2]1[0xce]F[0xbf][0xc0][0xfb]|[0xec][0xa3][0x0][0xf8][0xa1][0x11][0x80]BG\[0xd4][0x84][0xef][0xd4]$[0xbd][0xaa][0x89]E[0xae]M[0xdf][0xfd][0x8a][0xdd][0xfa][0xcc][0xc4]{[0xc3]0U[0xf4].[0xec][\r],[0x99]pm3`o[0x82]t[0xcd][0xa8][[0xd0]q[0xe1][0xd7]Qd[0xbe][0xf3][0x91][0xeb][0x1c]2/[0x17][0xa6][0xef]p[0xe9]#[0x1c][0xeb][0x3][0xca]/[\n]"
21:09:03,188 DEBUG [content:70] << "V[0xbf][0xc0][0xb9][0x1f]pYf[0xe4][0xe4][0xb1]_[0xec][0xfb][0x82]y[0x1][0x0][0x8d][0x5]:[0x5][0xee][0x9]l[0xa8][0xf4][0xcf]<H[0xd9][0xbc]H[0x84]!aV[0xf6]6e[0xb]G[0xcd]o[0xb3]Y^x[0xc2]Pk[0xb5][0xa5][0xe1]K[0x96][0xab][0xed][0x86]u[0xa9][0xfb][0x1][0x89]M[0xcb][\n]"
21:09:03,188 DEBUG [content:84] << "D[0x1d][0xcc]&[0xfe][0xb5]"
21:09:03,189 DEBUG [content:70] << "-[0x15][0xb5][0xae][0xd6][0xd5]J[0xe8]jg[0x5][0x87]Ui9[0xc1]tC[0xf1][0x95][0xb9][0xd9][0xc9][0xa5]`[0xc4][0xcb][0xe9][0x94][0x0][0x7]M[0xa5][0xe8][0xa0]][0xe5][0xa9]|[0xcb][0xaf].[0xb5]tY[0xf2][0x9a][0xa7]g[0xfb][0x8c][0x9][0x13][0xe7]"[0xed][\r][0xf1][0xcc][0xcd][0xa7][0x89][0xe4][0xb]'[0xbd]⌂[0xfd]##[0x16][0xe6][0xe9]~^DZ[0xec]t[0x15]%[0xb7]xN@\C[0xb1][0xe8][0xae][0xbb][\r][0x1a][0xda]~[0xcc]x[0x84]bj[0xb6][0xc2]r[0xc1][0xfa]<[0x17][0x88][0xb3]y[0xc4][0x82],To[0x14][0xa5]][0xad][0xc0][0xae][0xed][0x9c][0xa7].[0x87][0xf2],[0x8c][0xb6][0xe3][0x1b][0xc9]C[0xb2][0x98][0xb5][0x89][0x92][0x4]W[0x9f]A)oH2"[0x95]}[0xac]T5~[0xc8][0xf2][0xcc]S3[0xe1][0x0]$[0xb2][0xaa]w[0xf9]A[0xf][0xed][0x12][0xa3]9J[0xd9]F[0xcc]D[0xa0][0x96][0x9d][0xa2]I[0x95]o[0xac][0x85]Pc[0x85][0xbd]u[0xed][0xcc][0x9a]S[0x97][0x9b][0xf6]d[0x11][0x92][0xb2][0x84]L[0xa4]g[0xdb][0xd1]Y[0xe5][0xe4]<[0xa0][0x85][0x9d][0x83]P[0x86][0xb]IE[0x87][0xb9][0xdd][0xc9][0x1c][0xd0][0x1][0x83][0xa9][0
x80][0x10]Y[0xa3][0x12][\r][0xf9]Hr:[0xcf]0[0xba][0x5][0xc0][0xa4][0xff][0x12]t[0xa0][0x8a][0xe3][0x82][0xe]V[0x13][0xc3]W'[0x9a]g[0xcf]`DV[0x9b][0x89]!X[0x9b]Y([0x9f]=m[0xbf][0x89]TA9T[0x85][0xa2][0xab][0x8a]q[0xb2]5[0xc][0x85][0xad]3[0x83][0xdc][0x10]5e[0xb6]_[0xc9][0x9a]%[0x81][0xc8][0x9b][0xb9]3z[0xe2][0xe2][\n]"
21:09:03,190 DEBUG [content:70] << ";[0xd9][0xd5][0xba][0xa0][0xb][0xb5][0xb4]S=D&[0xe1]D[0x90][0xed]U][0x13][0x87]5[0xdd][0xe5][0xe4]![0x92][0xb6][0xe7][0x9b][0xe9]$[0x1b][0xfc]b\[0x12][0x7][0xf3][0xdc]P[\n]"
21:09:03,193 DEBUG [content:70] << "(*[0x8c][0xf7][0xb2]WG.[0xd3]I[0xb5][0xc8][0xeb][0x17][0xa7][[0x86][0xac]`[0xec]#[0xe8][0xb4][0xe2][0xf8][0xb4]s[0xaf]+bi[0x9e][0xe3][0xe9][0xf0][0x0][0xdb][0x12][0x1f][0xcf][0xe8][0xb3]4[0xd4]O[0xc7][0xa3][0xdc][0xca]g[0xad][0x93][0xf5][0x8e][0x9c]@l;S[0xf0]1[0xd2][0x8a][0xdd]U[0x14][0x3][0xce]R[0xe2][0xd4][0xb6][0xbd][0xd9]hI^K[0xd0]e[0xdb]5H[0xae][0xd3]V[0x18]M[0x8f])5[0xd4][0xe7]V[0xe0][0x87]a#[0xcd];[\n]"
21:09:03,194 DEBUG [content:84] << "?[0x8c]bg[0x17]O[0x89]SJ^[0xbb][2[0x9a]QC,&:\[0xda][0x86][0x9e][0x9e][0x8f]E-U[0x85][0x9]uRI[0xe2][0xa2][0xb1]%3TV8Z[0xd3][0xe][0xe5]8i6[0x8c][0x9d]@[0xb8][0x15]W[0x0][0xe6][0xd5]fn"
21:09:03,194 DEBUG [content:70] << "[0xac][0x82][0x9b]j[0x5][0x89]⌂[0xfb][0x8c]⌂ Eo[0xe0]C[0xac][0xf0][0xef][0xa2][0xd7][0x1f]~V[0xc8][0x87][0x9c][0xf7][0xea][0x98][0xc1]U[0x19][0x96]mc[0xc0][0xfa][0x1c]{[0x10]c[0xe2][0xe2][0xe1]'[0xbf][0x93][0xde][0xe3]#[0x9]-$[0xd3][0xdc]|[0xda]B?[0xae][0xa1][0xd7][0xc][0xb0]U[0xe9][0xbd][\n]"
21:09:03,195 DEBUG [content:84] << "[0xf7][0xab][0xb8][0x8e][0xe6][0xe3][0xa7][0xd1][0xec]i4y[0x1a][0x8d][0xe8][0x5]MP[0x4][0xee][0xe1]w[0x95]w3[0xfc]n[0xe]8[0xca][0xca][0xbf][0xeb]o[0xf5][0xf8][0xff][0xc4][0xca][0xd0][0xc0][0xe6]O[0xc9][0xa0][0xd2]=[0xbd][0x12]ys,[0xb6]7[0xad][0xbb])[0xfd][0x87][0x1d]m4[0xc3][0xfc][0x13]J[0xae][0x87][0x6]X[0xdf][0x9]^z[0xc3][0xef][0x9f][0x10][0x7][0x3][0xb7][0xcd][0x9a][0xe7]AS[0xb7][0xf0]N[0x14][0xff][0xb7]/?[0xc0][0x9f][0xff][0x1]^[0xfe][0x1]D-[0x16][0xf8]@[0x8][0x0][0x0]"
21:09:03,196 DEBUG [content:84] << "[\r]"
21:09:03,196 DEBUG [content:70] << "[\n]"
21:09:03,196 DEBUG [content:84] << "0"
21:09:03,197 DEBUG [content:84] << "[\r]"
21:09:03,197 DEBUG [content:70] << "[\n]"
21:09:03,198 DEBUG [content:84] << "[\r]"
21:09:03,198 DEBUG [content:70] << "[\n]"
21:09:03,201 DEBUG [header:70] << "[\r][\n]"
21:09:03,202 DEBUG [HttpMethodBase:1024] Resorting to protocol version default close connection policy
21:09:03,202 DEBUG [HttpMethodBase:1028] Should NOT close connection, using HTTP/1.1
21:09:03,203 DEBUG [HttpConnection:1178] Releasing connection back to connection manager.
21:09:03,222 INFO  [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:122] New metadata succesfully loaded for 'http://172.16.14.119:9080/c/portal/saml/metadata'
21:09:03,223 INFO  [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:142] Next refresh cycle for metadata provider 'http://172.16.14.119:9080/c/portal/saml/metadata' will occur on '2012-12-12T00:09:03.104Z' ('2012-12-12T00:09:03.104Z' local time)
21:13:02,570 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
21:13:02,577 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
21:13:02,578 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
21:13:02,579 DEBUG [Transform:?] The NodeList is null
21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
21:13:02,581 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
21:13:02,581 DEBUG [Transform:?] The NodeList is null
21:13:02,582 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
21:13:02,583 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:13:02,584 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1
21:13:02,587 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
21:13:02,588 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
21:13:02,588 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA
21:13:02,589 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0
21:13:02,590 DEBUG [ResourceResolver:?]  extra resolvers to my existing 4 system-wide resolvers
21:13:02,590 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP
21:13:02,608 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones
21:13:02,609 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem
21:13:02,610 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment
21:13:02,613 DEBUG [ResolverFragment:?] State I can resolve reference: "#_33ce5e53f949c135aad2070293f6b494f0b3581d"
21:13:02,618 DEBUG [IdResolver:?] getElementByIdType() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d
21:13:02,619 DEBUG [IdResolver:?] getElementByIdUsingDOM() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d
21:13:02,654 DEBUG [IdResolver:?] I could find an Element using the simple getElementByIdUsingDOM method: saml2p:Response
21:13:02,655 DEBUG [ResolverFragment:?] Try to catch an Element with ID _33ce5e53f949c135aad2070293f6b494f0b3581d and Element was [saml2p:Response: null]
21:13:02,656 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:13:02,664 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
21:13:02,665 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
21:13:02,666 DEBUG [DigesterOutputStream:?] Pre-digested input:
21:13:02,667 DEBUG [DigesterOutputStream:?] <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://172.16.14.119:9080/c/portal/saml/acs" ID="_33ce5e53f949c135aad2070293f6b494f0b3581d" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0cc757dd6215da67962ef72cc8c1da5f56cb0aae" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2012-12-11T21:43:02.503Z" Recipient="http://172.16.14.119:9080/c/port
al/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2012-12-11T21:13:02.503Z" NotOnOrAfter="2012-12-11T21:43:02.503Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2012-12-11T21:13:02.503Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>

Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: fbd00ec296882230cd8908393fc08636d4b6dfa6. Plugins 6.1.x EE GIT ID: 7a206d80a39256aa5c912caf1bdd1f2a048989be.

User is able to view the confirmation messages during the SP initiated SSO/SLO

Show

Justin Choi added a comment - 11/Dec/12 1:45 PM - edited PASSED Manual Testing using the following steps: Go to \bundle\webapps\saml-portlet\WEB-INF\classes. Open log4j.properties Replace the contents with the following: log4j.rootLogger=DEBUG, CONSOLE log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n Save the file. Start the first bundle configured as an IdP. Start the second bundle configured as an SP. In the IdP bundle, Go to Server Administration > Log Level. Add a new category: org.apache.xml.security.utils.DigesterOutputStream and set it as DEBUG. Save the category. Connect the IdP to the SP. On the IdP bundle, execute SP initiated SSO. The console will display something like the following: 21:03:34,515 DEBUG [velocity:155] Velocimacro : Default library not found. 21:03:34,516 DEBUG [velocity:155] Velocimacro : allowInline = true : VMs can be defined inline in templates 21:03:34,524 DEBUG [velocity:155] Velocimacro : allowInlineToOverride = false : VMs defined inline may NOT replace previous VM definitions 21:03:34,525 DEBUG [velocity:155] Velocimacro : allowInlineLocal = false : VMs defined inline will be global in scope if allowed. 21:03:34,535 DEBUG [velocity:155] Velocimacro : autoload off : VM system will not automatically reload global library macros 21:03:34,536 DEBUG [velocity:155] Velocimacro : Velocimacro : initialization complete. 21:03:34,538 DEBUG [velocity:155] RuntimeInstance successfully initialized. 21:03:34,590 DEBUG [DefaultHttpParams:151] Set parameter http.useragent = Jakarta Commons-HttpClient/3.1 21:03:34,593 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.version = HTTP/1.1 21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.class = class org.apache.commons.httpclient.SimpleHttpConnectionManager 21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.cookie-policy = default 21:03:34,597 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.element-charset = US-ASCII 21:03:34,599 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.content-charset = ISO-8859-1 21:03:34,602 DEBUG [DefaultHttpParams:151] Set parameter http.method.retry-handler = org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@2b260a37 21:03:34,603 DEBUG [DefaultHttpParams:151] Set parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z] 21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.timeout = 60000 21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.socket.timeout = 60000 21:03:34,618 DEBUG [HttpClient:72] Java version: 1.7.0_09 21:03:34,619 DEBUG [HttpClient:73] Java vendor: Oracle Corporation 21:03:34,620 DEBUG [HttpClient:74] Java class path: D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\bootstrap.jar;D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\tomcat-juli.jar 21:03:34,621 DEBUG [HttpClient:75] Operating system name: Windows 7 21:03:34,623 DEBUG [HttpClient:76] Operating system architecture: amd64 21:03:34,624 DEBUG [HttpClient:77] Operating system version: 6.1 21:03:34,626 DEBUG [HttpClient:82] SUN 1.7: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration) 21:03:34,627 DEBUG [HttpClient:82] SunRsaSign 1.7: Sun RSA signature provider 21:03:34,639 DEBUG [HttpClient:82] SunEC 1.7: Sun Elliptic Curve provider (EC, ECDSA, ECDH) 21:03:34,640 DEBUG [HttpClient:82] SunJSSE 1.7: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) 21:03:34,645 DEBUG [HttpClient:82] SunJCE 1.7: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) 21:03:34,648 DEBUG [HttpClient:82] SunJGSS 1.7: Sun (Kerberos v5, SPNEGO) 21:03:34,649 DEBUG [HttpClient:82] SunSASL 1.7: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) 21:03:34,650 DEBUG [HttpClient:82] XMLDSig 1.0: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory) 21:03:34,652 DEBUG [HttpClient:82] SunPCSC 1.7: Sun PC/SC provider 21:03:34,653 DEBUG [HttpClient:82] SunMSCAPI 1.7: Sun's Microsoft Crypto API provider Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/service.properties 21:03:35,366 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments) 21:03:35,368 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments) 21:03:35,371 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments) 21:03:35,374 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments) 21:03:35,379 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments) 21:03:35,380 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments) 21:03:35,385 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode) 21:03:35,388 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N) 21:03:35,389 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments) 21:03:35,391 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11) 21:03:35,393 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments) 21:03:35,395 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive) 21:03:35,397 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments) 21:03:35,400 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath) 21:03:35,404 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature) 21:03:35,408 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT) 21:03:35,409 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter) 21:03:35,410 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter) 21:03:35,415 DEBUG [SignatureAlgorithm:?] Init() called 21:03:35,427 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA) 21:03:35,428 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA 21:03:35,431 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1) 21:03:35,431 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1 21:03:35,442 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1) 21:03:35,442 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1 21:03:35,443 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5) 21:03:35,444 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5 21:03:35,452 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160) 21:03:35,453 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160 21:03:35,454 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256) 21:03:35,454 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256 21:03:35,455 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384) 21:03:35,455 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384 21:03:35,456 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512) 21:03:35,456 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512 21:03:35,458 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1) 21:03:35,458 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1 21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5) 21:03:35,459 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5 21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160) 21:03:35,460 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160 21:03:35,460 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256) 21:03:35,461 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256 21:03:35,462 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384) 21:03:35,462 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384 21:03:35,463 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512) 21:03:35,464 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512 21:03:35,471 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space 21:03:35,474 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system 21:03:35,475 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs 21:03:35,476 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents 21:03:35,478 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys 21:03:35,480 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys 21:03:35,481 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates 21:03:35,482 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages 21:03:35,483 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers 21:03:35,484 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages 21:03:35,485 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages 21:03:35,486 DEBUG [Init:?] Now I try to bind prefixes: 21:03:35,487 DEBUG [Init:?] Now I try to bind ds to http://www.w3.org/2000/09/xmldsig# 21:03:35,487 DEBUG [Init:?] Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc# 21:03:35,488 DEBUG [Init:?] Now I try to bind experimental to http://www.xmlsecurity.org/experimental# 21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2 21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2 21:03:35,489 DEBUG [Init:?] Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n# 21:03:35,489 DEBUG [Init:?] Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter 21:03:35,489 DEBUG [Init:?] XX_init 267 ms 21:03:35,489 DEBUG [Init:?] XX_prng 0 ms 21:03:35,490 DEBUG [Init:?] XX_parsing 119 ms 21:03:35,490 DEBUG [Init:?] XX_configure_i18n 2 ms 21:03:35,490 DEBUG [Init:?] XX_configure_reg_c14n 27 ms 21:03:35,490 DEBUG [Init:?] XX_configure_reg_jcemapper 4 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_keyInfo 5 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_keyResolver 9 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_prefixes 3 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_resourceresolver 7 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_sigalgos 52 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_transforms 31 ms 21:03:36,235 INFO [pool-2-thread-1][HookHotDeployListener:551] Registering hook for saml-portlet Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portal.properties 21:03:36,300 INFO [pool-2-thread-1][HookHotDeployListener:689] Hook for saml-portlet is available for use Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portlet.properties Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-9080"] Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-9009"] Dec 11, 2012 9:03:36 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 36146 ms 21:09:02,465 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:09:02,477 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:09:02,478 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" 21:09:02,478 DEBUG [Transform:?] The NodeList is null 21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:09:02,480 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 21:09:02,480 DEBUG [Transform:?] The NodeList is null 21:09:02,480 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:09:02,481 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,486 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1 21:09:02,489 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" 21:09:02,489 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:09:02,490 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA 21:09:02,492 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0 21:09:02,493 DEBUG [ResourceResolver:?] extra resolvers to my existing 4 system-wide resolvers 21:09:02,493 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP 21:09:02,494 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones 21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem 21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment 21:09:02,495 DEBUG [ResolverFragment:?] State I can resolve reference: "" 21:09:02,496 DEBUG [ResolverFragment:?] ResolverFragment with empty URI (means complete document) 21:09:02,499 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,500 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform 21:09:02,501 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,507 DEBUG [DigesterOutputStream:?] Pre-digested input: 21:09:02,508 DEBUG [DigesterOutputStream:?] <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="samlidp"><md:IDPSSODescriptor ID="samlidp" WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDdzCCAl+gAwIBAgIET0oeJTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdsaWZlcmF5MRAw DgYDVQQIEwdsaWZlcmF5MRAwDgYDVQQHEwdsaWZlcmF5MRAwDgYDVQQKEwdsaWZlcmF5MRAwDgYD VQQLEwdsZmllcmF5MRAwDgYDVQQDEwdsaWZlcmF5MB4XDTEyMTIwNjE3NDI1OFoXDTEzMDMwNjE3 NDI1OFowbDEQMA4GA1UEBhMHbGlmZXJheTEQMA4GA1UECBMHbGlmZXJheTEQMA4GA1UEBxMHbGlm ZXJheTEQMA4GA1UEChMHbGlmZXJheTEQMA4GA1UECxMHbGZpZXJheTEQMA4GA1UEAxMHbGlmZXJh eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDwtKSh2CEcELHXwbIFE5LFysdWQ0bk UAKnrjafNExgCT7oWNesIDl4Rh10+MvEx4ewBuLGQYErRZ5f3hhAIn+KZh23SPqFCmvixCvek0ea VcOlhmCI9igrKF5pABqt8x+zdOUtC5Tq2YySVbV3Ln+0+Fcyp6OWWxtd0IXkGHFsjijc0NULHGyq Ah3pmWpZ8onCCPOzW15FHnISGFyMZIvpP+Ek8us5eTQ5ofi5CwlJh7jPdx//GVTdrphzbKM5wvj6 YtswXTh1x2YioVGwA7iNG2A0vev02ZJ3oXQEXvTh7X+2psV04+M3H8cMqUQFFOc1+6IM0WRY0PnY 77yxDBECAwEAAaMhMB8wHQYDVR0OBBYEFA/9QELkUvrO/qSUNt8vrjMamAmKMA0GCSqGSIb3DQEB CwUAA4IBAQB3e980Lfgv4DUyr6xhhEQk7+OC2DcVbPgIjKBxkriGBs9UKJcIOCIpJ4wQQHLgOpmE O7womEWICvjeOkOlg3XdOcTJ4K5Lh+ucBx/shq5GzE6FyOjnFI20EWi42i/LDox9HH3UWuME3w9/ oU079PUoRyEV6D+y9bF2qfYbSmw6Faua8cNPXLL05LhM08A2NUFrMGkPUOg5hmG81LqabXfwP1Wp peBNrEKouciWmhzgHEaKr065U7a2XLMqcly6rOChBhBjbH4slHNpK6N8KyEyKO8KPBWhs+9TKdTn EyE+O8ORKClIVu0OYtGkgLMWo2yfAnwsuCxpgx5RJKmpr3EH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/slo_redirect"></md:SingleLogoutService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor> 21:09:02,513 DEBUG [SignerOutputStream:?] Canonicalized SignedInfo: 21:09:02,514 DEBUG [SignerOutputStream:?] <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>83Aw7gLn82KPECP9E9Cw0td11sU=</ds:DigestValue></ds:Reference></ds:SignedInfo> 21:09:03,094 DEBUG [HttpConnection:692] Open connection to 172.16.14.119:9080 21:09:03,140 DEBUG [header:70] >> "GET /c/portal/saml/metadata HTTP/1.1[\r][\n]" 21:09:03,141 DEBUG [HttpMethodBase:1352] Adding Host request header 21:09:03,150 DEBUG [header:70] >> "Accept-Encoding: gzip,deflate[\r][\n]" 21:09:03,151 DEBUG [header:70] >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" 21:09:03,151 DEBUG [header:70] >> "Host: 172.16.14.119:9080[\r][\n]" 21:09:03,152 DEBUG [header:70] >> "[\r][\n]" 21:09:03,166 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]" 21:09:03,167 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]" 21:09:03,168 DEBUG [header:70] << "Server: Apache-Coyote/1.1[\r][\n]" 21:09:03,169 DEBUG [header:70] << "Set-Cookie: JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; Path=/; HttpOnly[\r][\n]" 21:09:03,169 DEBUG [header:70] << "Content-Encoding: gzip[\r][\n]" 21:09:03,170 DEBUG [header:70] << "Set-Cookie: GUEST_LANGUAGE_ID=en_US; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]" 21:09:03,170 DEBUG [header:70] << "Set-Cookie: COOKIE_SUPPORT=true; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Liferay-Portal: Liferay Portal Community Edition 6.1.20 EE (Paton / Build 6120 / July 23, 2012)[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Content-Type: text/xml;charset=UTF-8[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Transfer-Encoding: chunked[\r][\n]" 21:09:03,172 DEBUG [header:70] << "Date: Tue, 11 Dec 2012 21:09:03 GMT[\r][\n]" 21:09:03,172 DEBUG [header:70] << "[\r][\n]" 21:09:03,176 DEBUG [CookieSpec:337] Unrecognized cookie attribute: name=HttpOnly, value=null 21:09:03,177 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; $Path=/" 21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; GUEST_LANGUAGE_ID=en_US; $Path=/" 21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; COOKIE_SUPPORT=true; $Path=/" 21:09:03,181 DEBUG [content:84] << "a" 21:09:03,182 DEBUG [content:84] << "[\r]" 21:09:03,182 DEBUG [content:70] << "[\n]" 21:09:03,183 DEBUG [content:84] << "[0x1f]" 21:09:03,183 DEBUG [content:84] << "[0x8b]" 21:09:03,184 DEBUG [content:84] << "[0x8]" 21:09:03,184 DEBUG [content:84] << "[0x0][0x0][0x0][0x0][0x0][0x0]" 21:09:03,184 DEBUG [content:84] << "[\r]" 21:09:03,185 DEBUG [content:70] << "[\n]" 21:09:03,185 DEBUG [content:84] << "4" 21:09:03,185 DEBUG [content:84] << "b" 21:09:03,186 DEBUG [content:84] << "1" 21:09:03,186 DEBUG [content:84] << "[\r]" 21:09:03,186 DEBUG [content:70] << "[\n]" 21:09:03,187 DEBUG [content:70] << "[0xad]VY[0x93][0x9a]X[0x18][0xfd]+[0x94][0xf3]h[0xa5]Aq[0x1]+[0xdd][0xa9][0xcb][0x8e][0x88][0x88]l[0xea][0xcb][0x14][0xc2]e_[0x84][0xb][0xa2][0xfe][0xfa][0xc1][0xd8][0xe9]t2[0x9d]<d[0xe6][0x8d]{[0xbe][0xe5][0x9e][0xef][0xa3]8[0x87][0xcf]_.y[0x86][0x9d]a[0x8d][0xe2][0xb2]x[0x1e][0x8c][0x9e][0x88][0x1][0x6][0xb][0xaf][0xf4][0xe3]"|[0x1e]X[0xa6][0xf0][0x89][0x1a]|y[0xc1]>[0xe7][0xfe][0x82]/[0x9a][0xb8][0xb9]r[0x10]yu|j[0xca][0xba][0xcf][0xbb][0x3]2[0xf7]<@n[0x9e][0xa1][0xd3][0x0][0xeb]{[0x15]h[0x91][0xfb][0xcf][0x83][0xb6].[0x16][0xa5][0x8b]b[0xb4]([0xdc][0x1c][0xa2]E[0xe3]-[0xc][0xa0][0xae][0x16][0xe3]'b[0x91][0xc3][0xc6][0xf5][0xdd][0xc6][0x1d][0xbc][0xdc][0xdb][0x1a][0x1b][0xc3][0xd0][0xde]u[0x5]m[0x13][0x15][X[0xb5][0x10]5[0xc8][0x88][0xc3][0x2][0xf6][0xed][0x2]7Cp[0x80][0xbd][0xbf][0xcb]q[0x8b][0x6] [0x4][0xeb][0xa6]g[0xfe]s[0xe2][0xa9].[0x9b][0xd2]+3[0xa3]=[0x9d][0xca][0xba][0xe1][0x8b]6[0x87][0xb5][0xdb]|[0x9d][0xf1]w[0xd4][0xbe][0xd5]=[0xa8])[0 xf0][0xfd][0xb8]-[0x82][0xfd][0xed][0xfd]=[0xfd]j[0xfa][0xb8][0x8f][0xee]q[0xb9][0x8][0xca][0xd7][0xb1]}[0xf4]<[0x88][0x9a][0xe6][0xb4][0xc0][0xf1][0xae][0xeb][0x9e]:[0xf2][0xa9][0xac]C|L[0x10][0x4]N[0xd0]x[0x9f][0xe3][0xf7][0xc5]⌂=*wS[0x82][0xe6][0xfa][0x15][0xbc][0x1d][0xd8][0xfb][0x1c]A[0xec][0xb9][\r]|Qe[0x99]3[0x12][0x96][0x5][0x89][0x12][0x82]Nf@([0xf3][0x96]L-i[0x13][0xac][0x99]0[0xad][0xa2]4[0x16][0xe9][0x8e]`[0x80]n[0x9][0x80]c[\n]" 21:09:03,188 DEBUG [content:70] << "UG[0x1d][0xab][0xef]9[[0xd7]E[0xbe][r[0xba][0xc9][0xeb]*[0x98][0x88]`d[0xf1][0x18][0xcb][0xa8][0xd2]Q[0xcc][0xf2][0xc3]n[0x19][0xc1]w[0x1][0xe6][0xf2]1[0xce]F[0xbf][0xc0][0xfb]|[0xec][0xa3][0x0][0xf8][0xa1][0x11][0x80]BG\[0xd4][0x84][0xef][0xd4]$[0xbd][0xaa][0x89]E[0xae]M[0xdf][0xfd][0x8a][0xdd][0xfa][0xcc][0xc4]{[0xc3]0U[0xf4].[0xec][\r],[0x99]pm3`o[0x82]t[0xcd][0xa8][[0xd0]q[0xe1][0xd7]Qd[0xbe][0xf3][0x91][0xeb][0x1c]2/[0x17][0xa6][0xef]p[0xe9]#[0x1c][0xeb][0x3][0xca]/[\n]" 21:09:03,188 DEBUG [content:70] << "V[0xbf][0xc0][0xb9][0x1f]pYf[0xe4][0xe4][0xb1]_[0xec][0xfb][0x82]y[0x1][0x0][0x8d][0x5]:[0x5][0xee][0x9]l[0xa8][0xf4][0xcf]<H[0xd9][0xbc]H[0x84]!aV[0xf6]6e[0xb]G[0xcd]o[0xb3]Y^x[0xc2]Pk[0xb5][0xa5][0xe1]K[0x96][0xab][0xed][0x86]u[0xa9][0xfb][0x1][0x89]M[0xcb][\n]" 21:09:03,188 DEBUG [content:84] << "D[0x1d][0xcc]&[0xfe][0xb5]" 21:09:03,189 DEBUG [content:70] << "-[0x15][0xb5][0xae][0xd6][0xd5]J[0xe8]jg[0x5][0x87]Ui9[0xc1]tC[0xf1][0x95][0xb9][0xd9][0xc9][0xa5]`[0xc4][0xcb][0xe9][0x94][0x0][0x7]M[0xa5][0xe8][0xa0]][0xe5][0xa9]|[0xcb][0xaf].[0xb5]tY[0xf2][0x9a][0xa7]g[0xfb][0x8c][0x9][0x13][0xe7]"[0xed][\r][0xf1][0xcc][0xcd][0xa7][0x89][0xe4][0xb]'[0xbd]⌂[0xfd]##[0x16][0xe6][0xe9]~^DZ[0xec]t[0x15]%[0xb7]xN@\C[0xb1][0xe8][0xae][0xbb][\r][0x1a][0xda]~[0xcc]x[0x84]bj[0xb6][0xc2]r[0xc1][0xfa]<[0x17][0x88][0xb3]y[0xc4][0x82],To[0x14][0xa5]][0xad][0xc0][0xae][0xed][0x9c][0xa7].[0x87][0xf2],[0x8c][0xb6][0xe3][0x1b][0xc9]C[0xb2][0x98][0xb5][0x89][0x92][0x4]W[0x9f]A)oH2"[0x95]}[0xac]T5~[0xc8][0xf2][0xcc]S3[0xe1][0x0]$[0xb2][0xaa]w[0xf9]A[0xf][0xed][0x12][0xa3]9J[0xd9]F[0xcc]D[0xa0][0x96][0x9d][0xa2]I[0x95]o[0xac][0x85]Pc[0x85][0xbd]u[0xed][0xcc][0x9a]S[0x97][0x9b][0xf6]d[0x11][0x92][0xb2][0x84]L[0xa4]g[0xdb][0xd1]Y[0xe5][0xe4]<[0xa0][0x85][0x9d][0x83]P[0x86][0xb]IE[0x87][0xb9][0xdd][0xc9][0x1c][0xd0][0x1][0x83][0xa9][0 x80][0x10]Y[0xa3][0x12][\r][0xf9]Hr:[0xcf]0[0xba][0x5][0xc0][0xa4][0xff][0x12]t[0xa0][0x8a][0xe3][0x82][0xe]V[0x13][0xc3]W'[0x9a]g[0xcf]`DV[0x9b][0x89]!X[0x9b]Y([0x9f]=m[0xbf][0x89]TA9T[0x85][0xa2][0xab][0x8a]q[0xb2]5[0xc][0x85][0xad]3[0x83][0xdc][0x10]5e[0xb6]_[0xc9][0x9a]%[0x81][0xc8][0x9b][0xb9]3z[0xe2][0xe2][\n]" 21:09:03,190 DEBUG [content:70] << ";[0xd9][0xd5][0xba][0xa0][0xb][0xb5][0xb4]S=D&[0xe1]D[0x90][0xed]U][0x13][0x87]5[0xdd][0xe5][0xe4]![0x92][0xb6][0xe7][0x9b][0xe9]$[0x1b][0xfc]b\[0x12][0x7][0xf3][0xdc]P[\n]" 21:09:03,193 DEBUG [content:70] << "(*[0x8c][0xf7][0xb2]WG.[0xd3]I[0xb5][0xc8][0xeb][0x17][0xa7][[0x86][0xac]`[0xec]#[0xe8][0xb4][0xe2][0xf8][0xb4]s[0xaf]+bi[0x9e][0xe3][0xe9][0xf0][0x0][0xdb][0x12][0x1f][0xcf][0xe8][0xb3]4[0xd4]O[0xc7][0xa3][0xdc][0xca]g[0xad][0x93][0xf5][0x8e][0x9c]@l;S[0xf0]1[0xd2][0x8a][0xdd]U[0x14][0x3][0xce]R[0xe2][0xd4][0xb6][0xbd][0xd9]hI^K[0xd0]e[0xdb]5H[0xae][0xd3]V[0x18]M[0x8f])5[0xd4][0xe7]V[0xe0][0x87]a#[0xcd];[\n]" 21:09:03,194 DEBUG [content:84] << "?[0x8c]bg[0x17]O[0x89]SJ^[0xbb][2[0x9a]QC,&:\[0xda][0x86][0x9e][0x9e][0x8f]E-U[0x85][0x9]uRI[0xe2][0xa2][0xb1]%3TV8Z[0xd3][0xe][0xe5]8i6[0x8c][0x9d]@[0xb8][0x15]W[0x0][0xe6][0xd5]fn" 21:09:03,194 DEBUG [content:70] << "[0xac][0x82][0x9b]j[0x5][0x89]⌂[0xfb][0x8c]⌂ Eo[0xe0]C[0xac][0xf0][0xef][0xa2][0xd7][0x1f]~V[0xc8][0x87][0x9c][0xf7][0xea][0x98][0xc1]U[0x19][0x96]mc[0xc0][0xfa][0x1c]{[0x10]c[0xe2][0xe2][0xe1]'[0xbf][0x93][0xde][0xe3]#[0x9]-$[0xd3][0xdc]|[0xda]B?[0xae][0xa1][0xd7][0xc][0xb0]U[0xe9][0xbd][\n]" 21:09:03,195 DEBUG [content:84] << "[0xf7][0xab][0xb8][0x8e][0xe6][0xe3][0xa7][0xd1][0xec]i4y[0x1a][0x8d][0xe8][0x5]MP[0x4][0xee][0xe1]w[0x95]w3[0xfc]n[0xe]8[0xca][0xca][0xbf][0xeb]o[0xf5][0xf8][0xff][0xc4][0xca][0xd0][0xc0][0xe6]O[0xc9][0xa0][0xd2]=[0xbd][0x12]ys,[0xb6]7[0xad][0xbb])[0xfd][0x87][0x1d]m4[0xc3][0xfc][0x13]J[0xae][0x87][0x6]X[0xdf][0x9]^z[0xc3][0xef][0x9f][0x10][0x7][0x3][0xb7][0xcd][0x9a][0xe7]AS[0xb7][0xf0]N[0x14][0xff][0xb7]/?[0xc0][0x9f][0xff][0x1]^[0xfe][0x1]D-[0x16][0xf8]@[0x8][0x0][0x0]" 21:09:03,196 DEBUG [content:84] << "[\r]" 21:09:03,196 DEBUG [content:70] << "[\n]" 21:09:03,196 DEBUG [content:84] << "0" 21:09:03,197 DEBUG [content:84] << "[\r]" 21:09:03,197 DEBUG [content:70] << "[\n]" 21:09:03,198 DEBUG [content:84] << "[\r]" 21:09:03,198 DEBUG [content:70] << "[\n]" 21:09:03,201 DEBUG [header:70] << "[\r][\n]" 21:09:03,202 DEBUG [HttpMethodBase:1024] Resorting to protocol version default close connection policy 21:09:03,202 DEBUG [HttpMethodBase:1028] Should NOT close connection, using HTTP/1.1 21:09:03,203 DEBUG [HttpConnection:1178] Releasing connection back to connection manager. 21:09:03,222 INFO [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:122] New metadata succesfully loaded for 'http://172.16.14.119:9080/c/portal/saml/metadata' 21:09:03,223 INFO [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:142] Next refresh cycle for metadata provider 'http://172.16.14.119:9080/c/portal/saml/metadata' will occur on '2012-12-12T00:09:03.104Z' ('2012-12-12T00:09:03.104Z' local time) 21:13:02,570 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:13:02,577 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:13:02,578 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" 21:13:02,579 DEBUG [Transform:?] The NodeList is null 21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:13:02,581 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 21:13:02,581 DEBUG [Transform:?] The NodeList is null 21:13:02,582 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:13:02,583 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,584 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1 21:13:02,587 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" 21:13:02,588 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:13:02,588 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA 21:13:02,589 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0 21:13:02,590 DEBUG [ResourceResolver:?] extra resolvers to my existing 4 system-wide resolvers 21:13:02,590 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP 21:13:02,608 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones 21:13:02,609 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem 21:13:02,610 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment 21:13:02,613 DEBUG [ResolverFragment:?] State I can resolve reference: "#_33ce5e53f949c135aad2070293f6b494f0b3581d" 21:13:02,618 DEBUG [IdResolver:?] getElementByIdType() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d 21:13:02,619 DEBUG [IdResolver:?] getElementByIdUsingDOM() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d 21:13:02,654 DEBUG [IdResolver:?] I could find an Element using the simple getElementByIdUsingDOM method: saml2p:Response 21:13:02,655 DEBUG [ResolverFragment:?] Try to catch an Element with ID _33ce5e53f949c135aad2070293f6b494f0b3581d and Element was [saml2p:Response: null] 21:13:02,656 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,664 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform 21:13:02,665 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,666 DEBUG [DigesterOutputStream:?] Pre-digested input: 21:13:02,667 DEBUG [DigesterOutputStream:?] <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://172.16.14.119:9080/c/portal/saml/acs" ID="_33ce5e53f949c135aad2070293f6b494f0b3581d" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0cc757dd6215da67962ef72cc8c1da5f56cb0aae" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2012-12-11T21:43:02.503Z" Recipient="http://172.16.14.119:9080/c/port al/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2012-12-11T21:13:02.503Z" NotOnOrAfter="2012-12-11T21:43:02.503Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2012-12-11T21:13:02.503Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response> Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: fbd00ec296882230cd8908393fc08636d4b6dfa6. Plugins 6.1.x EE GIT ID: 7a206d80a39256aa5c912caf1bdd1f2a048989be. User is able to view the confirmation messages during the SP initiated SSO/SLO

People

Assignee:

Justin Choi

Reporter:

Mika Koivisto

Participants of an Issue:

Justin Choi, Mika Koivisto

Vote (0)

Watch (1)

Dates

Created:

06/Dec/12 5:53 PM

Updated:

22/Apr/13 10:00 AM

Resolved:

10/Dec/12 10:49 AM

Days since last comment:

22 weeks, 5 days ago

Agile

View on Board

LPS-13976	SSO - SAML 2.0 Web SSO
~~LPS-29415~~	SAML relayState works only for paths guarded by AutoLoginFilter
~~LPS-7961~~	com.liferay.portal.kernel.util.Http missing HEAD method and response headers
~~LPS-30697~~	SAML: the plugin should generate a keystore.jks in the liferay home\data folder if none exist
~~LPS-30130~~	SAML Incompatibility with Session Replication