Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-88302

Using SAML with LDAP import over secure connection to the LDAP server causes java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_1.0.16]

    Details

      Description

      Fixed in Liferay Connector to SAML 2.0 version

      • 5.0.0+ for DXP 7.2
      • 4.1.0+ for DXP 7.1

      Similar to LPS-69034, LPS-69168

      1. Create a keystore, export it to a certificate and import the certificate to the cacerts keystore. I used the below commands, of course you will need to use different paths
        keytool -genkey -alias gebr42 -keypass changeit -keyalg RSA -keystore keystore.jks
        keytool -export -alias gebr42 -keystore keystore.jks -keypass changeit -file /path/to/server.crt
        keytool -import -trustcacerts -keystore "/path/to/jre1.8.0_191/lib/security/cacerts" -storepass changeit -noprompt -alias gebr42 -file "/path/to/server.crt"
      1. In the Apache Directory Studio create an LDAP server (In the bottom left corner click on LDAP Servers, then right click -> New -> New Server)
      2. Double click on the created LDAP server to open the configuration
      3. Click on Advanced LDAP/LDAPS configuration
      4. Expand the SSL/Start TLS Keystore menu
      5. Specify the location of the created keystore file, make sure that you use slashes ("/") in the path
      6. Also enter the password which should be changeit
      7. Save the configuration (ctrl+s)
      8. Right click on the added LDAP server and click on Run
      9. Get two bundles
      10. For the one that you would like to use as an SP add the below 3 Java parameters to the setenv.bat/sh file (you will need to use different paths)
        -Djavax.net.ssl.keyStore=/path/to/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/path/to/jre1.8.0_191/lib/security/cacerts
      11. Install Liferay Connector to SAML 2.0
        1. Reproduced with 4.0.1 for DXP 7.1 and 3.1.1 for DXP 7.0
      12. Set up the portal as an SP and as an IdP
      13. On the SP add the created LDAP server using LDAPS, so select Apache Directory Server, hit reset values and change the Base Provider URL to ldaps://localhost:10636
      14. On the SP Go to Control Panel -> Configuration -> SAML Admin and click on the Service Provider tab
      15. Check the LDAP import enabled checkbox
      16. Log out
      17. Click on Sign In
      18. Log in with the test user again

      Experienced behavior: The following exception is thrown:

      2018-12-05 15:51:54.892 WARN  [http-nio-7070-exec-4][DefaultPortalLDAP:178] Unable to bind to the LDAP server
      javax.naming.CommunicationException: localhost:10636 [Root exception is java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_1.0.16]
              at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
              at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
              at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
              at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
              at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
              at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
              at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
              at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
              at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
              at javax.naming.InitialContext.init(InitialContext.java:244)
              at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
              at com.liferay.portal.security.ldap.internal.DefaultPortalLDAP.getContext(DefaultPortalLDAP.java:174)
              at com.liferay.portal.security.ldap.internal.DefaultPortalLDAP.getContext(DefaultPortalLDAP.java:120)
              at com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.importUser(LDAPUserImporterImpl.java:173)
              at com.liferay.portal.security.ldap.internal.exportimport.LDAPUserImporterImpl.importUser(LDAPUserImporterImpl.java:283)
              at com.liferay.saml.opensaml.integration.internal.resolver.DefaultUserResolver.importLdapUser(DefaultUserResolver.java:332)
              at com.liferay.saml.opensaml.integration.internal.resolver.DefaultUserResolver.resolveUser(DefaultUserResolver.java:94)
              at com.liferay.saml.opensaml.integration.internal.profile.WebSsoProfileImpl.doProcessResponse(WebSsoProfileImpl.java:629)
              at com.liferay.saml.opensaml.integration.internal.profile.WebSsoProfileImpl.processResponse(WebSsoProfileImpl.java:169)
              at com.liferay.saml.web.internal.portlet.action.AssertionConsumerServiceAction.doExecute(AssertionConsumerServiceAction.java:59)
              at com.liferay.saml.web.internal.portlet.action.BaseSamlStrutsAction.execute(BaseSamlStrutsAction.java:51)
              at com.liferay.portal.kernel.struts.BaseStrutsAction.execute(BaseStrutsAction.java:39)
              at com.liferay.portal.struts.ActionAdapter.execute(ActionAdapter.java:50)
              at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
              at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
              at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:170)
              at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
              at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
              at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:608)
              at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:585)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:119)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.frontend.compatibility.ie.servlet.filter.IEMimeTypeCompatibilityFilter.processFilter(IEMimeTypeCompatibilityFilter.java:48)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.servlet.filters.uploadservletrequest.UploadServletRequestFilter.processFilter(UploadServletRequestFilter.java:93)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:344)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.servlet.filters.secure.BaseAuthFilter.processFilter(BaseAuthFilter.java:340)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:263)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
              at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:181)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
              at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
              at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
              at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
              at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
              at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:65)
              at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
              at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:101)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1152)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_1.0.16
              at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:444)
              at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:357)
              at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:349)
              at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:160)
              at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
              at java.lang.Class.forName0(Native Method)
              at java.lang.Class.forName(Class.java:348)
              at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72)
              at com.sun.jndi.ldap.Connection.createSocket(Connection.java:281)
              at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
              ... 116 more

      Expected behavior: The users should be imported from LDAP without any issues (of course in this scenario even if the issue doesn't occur the user wouldn't have been updated as it doesn't exist in the LDAP server)

      Reproduced on 7.0.x 3178db1dcc22a414e8d47209685d89792ec41ef8


      QA Notes: Please reach out to P├ęter Simonyi in case you'd need help for the reproduction.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              joyce.wang Joyce Wang
              Reporter:
              tibor.lipusz Tibor Lipusz
              Participants of an Issue:
              Recent user:
              Tibor Lipusz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 42 weeks, 5 days ago

                  Packages

                  Version Package
                  7.0.X
                  7.1.X
                  7.2.X
                  Master