[IdP] Integrate Outsystems with Oracle Access Manager using SAML 2.0 authentication.

[IdP] Integrate Outsystems with Oracle Access Manager using SAML 2.0 authentication.

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins

Hello All,
We are trying to integrate |Outsystems with Oracle Access Manages as Idp provider using SAML 2.0 protocol.

We are getting the below error messages on Idp connector in Outsystems platform while configuring Outsystems as SP.


"ResponseId was not previous registered."

Please let me know if you need more details about the issues.


Regards,
Aravindkumar A

Hi,

Can you check in the saml response message whats the value from InResponseTo.

Then check in the SamlMessage_Log table if that ID is there (do the query without filter by a tenant)

Regards 

Hi Telmo,

Thanks for your response. 


Message ID "id-F9nL1GZIu-KfQSGVizy1GlvLFj3a5-Pu-PAJvZE9"

In Response To MessageID   <Its Empty>


In SAML Message log,


<saml:Assertion ID="id-5MbQGHkbxZCB5EwcOdPT2W9PMVZ-y-LsVfSnMsn8" IssueInstant="2018-05-03T11:24:57Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://dcoamtst.djd.gov.ae/oam/fed</saml:Issuer>

Attached SAML message.

Hi,

From the saml_message.xml it seems that the IdP connector did not request a Login, but by any other mean the IdPServer sent a saml LoginResponse to the IdP connector.

If that is the desired behavior? If yes, you need to customize the component to bypass that validation that only accept a saml Login response message if the respective ResponseId is registered on the IdP connector.


Regards


Telmo,

No, we want IdP connector to request a login. 


The log was from a TEST (From IdP Server). On successful login it redirected us to outsystems application, that is where we got that log.


Now we created a demo application in outsystems to use IdP. While trying to test it.


We are getting below error in browser.


UNABLE TO PROCESS REQUEST


FYI, If there is no IDP Server setting defined then it says there is no IDP server.


Thanks

Hi,

Do you have the detailed error message from the LogMessages detail screen?

Regards.

Hi,


There is no logs generated in Outsystems.


Thanks.

Hi,

You'll have to debug to check it out on which moment it has that error. Also from the browser debug tools, check if the saml message is present and as expected.

Regards.

Hello,
This is the error message that throws when checked in SAMl error log.


Could not initialize class org.opensaml.xml.XMLConfigurator
Environment Information
eSpaceVer: 1 (Id=2474, PubId=6381, CompiledWith=10.0.302.0)
 RequestUrl: https://dcsmartqa.dc.gov.ae/IdP/Login.jsf?OriginalURL=https%3A%2F%2Fdcsmartqa.dc.gov.ae%2FIdPExample%2FHomePage.jsf (Method: GET)
 ClassLoader: weblogic.utils.classloaders.ChangeAwareClassLoader@5edd18d3 finder: weblogic.utils.classloaders.CodeGenClassFinder@5ac22741 annotation: IdP@IdP.war(1591548115)
 FilePath: /IdP/DoLogin.jsp
 ClientIp: 10.249.255.12
 Locale: en-US
 DateFormat: dd-MM-yyyy
 PID: 26416 ('26416@outsysqanew.dxbcourts.int', Started='4/22/18 1:16:36 PM', Priv=1483Mb, Virt=3039Mb)
 TID: 26
 Thread Name: [ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'
 JRE: 25.71-b15

Stack:
Could not initialize class org.opensaml.xml.XMLConfigurator
 java.lang.NoClassDefFoundError: Could not initialize class org.opensaml.xml.XMLConfigurator
 at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:199)
 at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:186)
 at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:92)
 at outsystems.nossaml_utils.actions.ActSAML_CreateAuthnRequest.mosSAML_CreateAuthnRequest(ActSAML_CreateAuthnRequest.java:61)
 at osidp.referencesproxy.rssextensionsaml_utils.actions.ActSAML_CreateAuthnRequest.mosSAML_CreateAuthnRequest(Unknown Source)
 at osidp.actions.ActSAML_CreateAuthnRequest.executeSAML_CreateAuthnRequest(Unknown Source)
 at osidp.managedbean.flowauth.ScrnDoLogin.preparation(Unknown Source)
 at osidp.managedbean.flowauth.ScrnDoLogin.pageLoad(Unknown Source)
 at outsystems.hubedition.webwidgets.uicomponent.utils.ComponentUtils.invokeBeanPageLoad(Unknown Source)
 at outsystems.hubedition.webwidgets.uicomponent.os_controls.PageComponent.encodeBegin(Unknown Source)
 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:928)
 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
 at com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:268)
 at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:198)
 at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
 at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
 at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
 at outsystems.hubedition.webwidgets.managedbean.WebPage.doForward(Unknown Source)
 at osidp.managedbean.flowauth.EntryLogin.pageLoad(Unknown Source)
 at outsystems.hubedition.webwidgets.uicomponent.utils.ComponentUtils.invokeBeanPageLoad(Unknown Source)
 at outsystems.hubedition.webwidgets.uicomponent.os_controls.PageComponent.encodeBegin(Unknown Source)
 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:928)
 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
 at com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:268)
 at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:198)
 at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
 at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
 at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346)
 at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
 at outsystems.hubedition.webwidgets.BaseRequestStartupFilter.doFilter(Unknown Source)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
 at outsystems.hubedition.webwidgets.filters.HttpContextFilter.doFilter(Unknown Source)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
 at outsystems.hubedition.webwidgets.filters.CacheControlFilter.doFilter(Unknown Source)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
 at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3436)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3402)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
 at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
 at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2285)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2201)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1572)
 at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:255)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)

Hi Aravindkumar,

Your app server is weblogic or wildfly?

Basically your application server does not seem that had included on IdP connector  web app class path some of the JARs that are part of the SAML_Utils extension that is included in the component. Try to redeploy the extension as also the IdP module to refresh the app and check if the JAR is included.

If for some reason it's a problem with the installation/generated WAR file, you'll need to manually add those JARs to the web app classpath.

Regards

Hello Telmo,
Thank you for the  response.

We are using weblogic server as application server for Outsystems. We have just reinstalled IdP and IdpExample
into Outsystems environment.Please let me know how to verify those JARs that are part of the SAML_Utils extension are available in the component.


Regards,
Aravindkumar A

Hi,

Not exactly sure how to check that in a OutSystems installation on weblogic, if you're unable to check it out you'll have to open a support ticket for that. You will have to find out the expanded WAR file directory in the file system (of not expanded WAR file) and check it out if the jar is missing.

The 'missing' jar is xmltooling-1.4.1.jar. If you find out that the jar is already present in the war/expanded directory, then most probably it's a jar conflict within weblogic itself, that should have a different version of that jar/class on it's own classpath, and to override it for instance you can set the xmltooling-1.4.1.jar in the weblogic PRE_CLASSPATH.

Regards.

Hello ,

I have verified the jar file and it is located on the below paths.I couldn't get such jar file from weblogic installation/weblogic home folder.

/opt/outsystems/platform/running/IPD_demo.01792197929.war/WEB-INF/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/running/IdP.01792388877.war/WEB-INF/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/running/IdPExample.01792480768.war/WEB-INF/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/share/IdP/full/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/share/IPD_demo/full/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/share/IdPExample/full/lib/xmltooling-1.4.1.jar

Regards,
Aravindkumar A

Hi,

You cannot find that specific version in weblogic itself, otherwise probably it wasn't a problem.

Try to check if weblogic has another version of xmltooling. There are also bash commands to find classes inside JARs files on the filesystem. Try also to find if the class XMLConfigurator its in some weblogic jar file.

Regards.

Hello Telmo,

Do you have any commands that provide class XMLConfigurator in weblogic.
We have even tried with Okta as IdP and it gives the same error.
I really appreciate if you can help us to fix this issue.

If you need any web-ex session to understand the problem please let me know .


Regards,
AravindkumarA

Hi,

You can found a class inside a jar file for instance in this way: https://stackoverflow.com/questions/1500141/find-a-jar-file-given-the-class-name

Can you also try to find if any file with the pattern name xmltooling*.jar exists in the server.


Regardless the outcome of it, I would try to add xmltooling-1.4.1.jar to weblogic PRE_CLASSPATH. On the weblogic startup scripts (setDomainEnv.sh I guess) you can add/modify the PRE_CLASSPATH variable. I would copy xmltooling-1.4.1.jar to some directory and add the full path of the jar to the pre_classpath.

Regards

Hello,
From the below output which path should I add as full path of the jar to the PRE_CLASSPATH in weblogic.

/opt/outsystems/platform/share/IdPExample/full/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/share/IPD_demo/full/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/share/IdP/full/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/running/IdP.0396281647.war/WEB-INF/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/running/IdPExample.01802438131.war/WEB-INF/lib/xmltooling-1.4.1.jar
/opt/outsystems/platform/running/IPD_demo.01802438452.war/WEB-INF/lib/xmltooling-1.4.1.jar


Regards,
Aravindkumar A

Hi,

I would say none of the above, I mean, those are folders of deployed applications which is not advised to include on pre classpath. Copy the jar file to any other location on the disk, outside deployed applications folder, and use that path.

Regards.

Hello Telmo,

I really appreciate if you can come on web-ex session to fix the issue.

Please help me on this.

Regards,

Atavindkumar A