Steps to reproduce (linux):
- Open terminal, go to root directory (/), or any other directory where current user does not have permissions to create new files
- Run /opt/liferay.git/bundles-ee-7.0.x/tomcat-8.0.32/bin/start.sh (exchange with your path to liferay.home)
Expected result: No error related to velocity.log in log files
Actual result: Stacktrace saml_error.txt can be found in the logs
On starting up a DXP instance with SAML deployed, the following error is thrown:
Caused by: java.io.FileNotFoundException: velocity.log (Permission denied) at java.io.FileOutputStream.open0(Native Method) at java.io.FileOutputStream.open(FileOutputStream.java:270) at java.io.FileOutputStream.<init>(FileOutputStream.java:213) at java.io.FileOutputStream.<init>(FileOutputStream.java:133) at org.apache.log4j.FileAppender.setFile(FileAppender.java:294) at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207) at org.apache.log4j.FileAppender.<init>(FileAppender.java:110) at org.apache.log4j.RollingFileAppender.<init>(RollingFileAppender.java:79) at org.apache.velocity.runtime.log.Log4JLogChute.initAppender(Log4JLogChute.java:118)
The full stacktrace is attached. This prevents SAML modules from registering correctly. The SAML Admin element shows up in Control Panel, but the page is blank; and even though we already have SAML settings in the database, it does not seem to be enabled.
This stems from com.liferay.saml.opensaml.integration.internal.velocity.VelocityEngineFactory.getVelocityEngine(ClassLoader), which hard-codes velocity configuration settings:
velocityEngine.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, Log4JLogChute.class.getName())
This was a problem in core, fixed several years ago by
. Solutions to similar issues found online (e.g. here) tend to revolve around changing the velocity configurations, but these configurations are hard-coded and thus not editable. LPS-17329
Core velocity configurations are editable in Control Panel at System Settings > Foundation > Velocity Engine. Ideally SAML would respect these same settings (which, by the way, default the log class to org.apache.velocity.runtime.log.SimpleLog4JLogSystem, which would also avoid this issue).
This is a blocker for us using SAML.