Uploaded image for project: 'PicketLink Federated Identity'
  1. PicketLink Federated Identity
  2. PLFED-254

NonSerializable exception when using clustered service provider

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Done
    • PLFED_2.0.1.final
    • PLFED_2.0.2.final
    • SAML
    • None

    Description

      To reproduce the error:

      • Deploy picketlink federation 2.0.1 ZIP bundle with sample applications to JBoss AS 5.1.0 according to instructions on https://community.jboss.org/wiki/CheatsheetPicketLinkAndJBossAS
      • In sales.war/WEB-INF/web/xml add only "<distributable />" tag to support clustering of attributes
      • Start the server
      • Go to "http://localhost:8080/sales" and authenticate. Now I have blank page on SP side because of error during processing SAML response. Exception in server log:
      2012-01-11 18:43:37,460 TRACE [org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator] (http-127.0.0.1-8080-1) Server Exception:
      java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute picketlink.principal
              at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1297)
              at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1258)
              at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:404)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:140)
              at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:72)
              at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:169)
              at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.handleSAMLResponse(SPRedirectFormAuthenticator.java:242)
              at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.authenticate(SPRedirectFormAuthenticator.java:154)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
              at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:151)
      

      The cause is creating of Principal in SAML2AuthenticationHandler$SPAuthenticationHandler.handleSAMLResponse, which is not Serializable.

      Another thing is that I need to enable TRACE logging to see the stacktrace. I think it can be better to log these non-expected RuntimeExceptions with bigger log level. And unfortunately IOException, which is rethrown from SPRedirectFormAuthenticator, is not logged anyway in Tomcat and only result is blank screen.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            mposolda@redhat.com Marek Posolda
            Archiver:
            samahaja@redhat.com Sagar Mahajan

            Dates

              Created:
              Updated:
              Resolved:
              Archived: