Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-68257

SAML does not use portal.proxy.path value

    Details

      Description

      Steps to reproduce/Testing done

      1. Setup 2 Liferay instances, one designed to be IDP and another to be SP
      2. Start both Liferay intances
      3. Deploy the SAML plugin in both instances
      4. On the IDP, setup a proxy server to access Liferay with the /portal path and add the following to your portal-ext
        portal.proxy.path=/portal
      5. Restart the IDP
      6. Setup both IDP and SP for SAML, pointing to the IDP's proxy as expected
      7. Attempt to login via SAML from the SP
      8. Receive the following error:
        17:05:12,628 ERROR [http-bio-8081-exec-10][BaseSamlStrutsAction:45] com.liferay.saml.SamlException: org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint
        com.liferay.saml.SamlException: org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint
        	at com.liferay.saml.profile.WebSsoProfileImpl.processAuthnRequest(WebSsoProfileImpl.java:146)
        	at com.liferay.saml.profile.WebSsoProfileUtil.processAuthnRequest(WebSsoProfileUtil.java:43)
        	at com.liferay.saml.hook.action.WebSsoAction.doExecute(WebSsoAction.java:38)
        	at com.liferay.saml.hook.action.BaseSamlStrutsAction.execute(BaseSamlStrutsAction.java:42)
        	at com.liferay.portal.kernel.struts.BaseStrutsAction.execute(BaseStrutsAction.java:39)
        	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        	at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:67)
        	at com.sun.proxy.$Proxy535.execute(Unknown Source)
        	at com.liferay.portal.struts.ActionAdapter.execute(ActionAdapter.java:50)
        	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
        	at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:168)
        	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
        	at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
        	at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
        	at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:557)
        	at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:534)
        	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.uploadservletrequest.UploadServletRequestFilter.processFilter(UploadServletRequestFilter.java:93)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:361)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.gzip.GZipFilter.processFilter(GZipFilter.java:123)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:308)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
        	at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:226)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
        	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
        	at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:57)
        	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
        	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:119)
        	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
        	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
        	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
        	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
        	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
        	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
        	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
        	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        	at java.lang.Thread.run(Thread.java:745)
        Caused by: org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint
        	at org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder.checkEndpointURI(BaseSAMLMessageDecoder.java:217)
        	at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:72)
        	at com.liferay.saml.profile.BaseProfile.decodeSamlMessage(BaseProfile.java:88)
        	at com.liferay.saml.profile.WebSsoProfileImpl.decodeAuthnRequest(WebSsoProfileImpl.java:346)
        	at com.liferay.saml.profile.WebSsoProfileImpl.doProcessAuthnRequest(WebSsoProfileImpl.java:383)
        	at com.liferay.saml.profile.WebSsoProfileImpl.processAuthnRequest(WebSsoProfileImpl.java:136)
        	... 93 more
        

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 2 weeks, 1 day ago

                Packages

                Version Package
                6.2.X EE
                7.0.X EE
                7.1.X
                Master