liferaysingle-sign-onpingfederate
PingFederate : Could not obtain attributes from the IdP Authentication Service
I am getting this exception while trying to invoke PingFederae StartSSO.ping endpoint.
12:49:54,153 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/startSSO.ping
12:49:54,157 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,157 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null} replacing Cookie{PF=F1OpbNzE8iYqMJq6UcG5wa; path=/; maxAge=-1; domain=null}
12:49:54,157 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: null, newKey: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS, value: 1)
12:49:54,157 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waLotsmXsBxdLFrhrm8OVFYE; path=/; maxAge=-1; domain=null}
12:49:54,160 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
12:49:54,232 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/ENvrS/resumeSAML20/idp/startSSO.ping
12:49:54,233 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] getAttr(key: LotsmXsBxdLFrhrm8OVFYE, name: NUMBER_OF_ATTEMPTS): 1
12:49:54,233 DEBUG [HttpServletRespProxy] adding lazy cookie Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null} replacing null
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] setAttr(oldKey: LotsmXsBxdLFrhrm8OVFYE, newKey: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS, value: 2)
12:49:54,233 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: TbQaafveigalePVvdwcdta, name: NUMBER_OF_ATTEMPTS): 2
12:49:54,233 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:sbwb-ppc-idp subject:null
12:49:54,233 ERROR [HandleAuthnRequest] Exception occurred during request processing
org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:54)
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:78)
at org.sourceid.saml20.profiles.ProfileProcessManager.resumeHandleRequest(ProfileProcessManager.java:73)
at $ProfileProcessMgmtService_1461cd08008.resumeHandleRequest($ProfileProcessMgmtService_1461cd08008.java)
at org.sourceid.websso.servlet.IntegrationControllerServlet.process(IntegrationControllerServlet.java:63)
at org.sourceid.websso.servlet.EnforcerServletBase.checkProcess(EnforcerServletBase.java:89)
at org.sourceid.websso.servlet.EnforcerServletBase.doGet(EnforcerServletBase.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:669)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1448)
at org.sourceid.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:55)
at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at org.sourceid.websso.servlet.ProxyFilter.doFilter(ProxyFilter.java:34)
at org.sourceid.servlet.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:53)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:126)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:368)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:141)
at org.sourceid.saml20.profiles.idp.HandleAuthnRequest.doResume(HandleAuthnRequest.java:245)
at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.exeResume(ResumableRequestHandlerBase.java:66)
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:50)
... 43 more
Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.
at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthNHelper(IdpAuthnAdapter.java:159)
at com.pingidentity.adapters.opentoken.IdpAuthnAdapter.lookupAuthN(IdpAuthnAdapter.java:78)
at org.sourceid.websso.authn.AdapterAuthnProcessor.lookupAuthN(AdapterAuthnProcessor.java:96)
at org.sourceid.saml20.profiles.idp.IdpAdapterSupportBase.lookupAuthN(IdpAdapterSupportBase.java:132)
... 46 more
12:49:54,238 DEBUG [HttpServletRespProxy] flush cookies: adding Cookie{PF=F1OpbNzE8iYqMJq6UcG5waTbQaafveigalePVvdwcdta; path=/; maxAge=-1; domain=null}
12:49:54,239 DEBUG [BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
And i think this exception is invoked when the PingFederate cannot find the OpenToken generated by application. But the cookie is present in the browser.
And the Ping Federate Application shows the error page :
And my Idp Adapter setting looks like :
cookie-path=/
use-verbose-error-messages=false
cipher-suite=2
obfuscate-password=true
session-cookie=false
password=Kyx+ElfeRRDkPRYZoVF3BQ==
token-name=opentoken
cookie-domain=.banka.liferay.com
token-notbefore-tolerance=0
token-renewuntil=43200
use-sunjce=false
secure-cookie=false
token-lifetime=300
use-cookie=true
I am struggling to find out the cause of this problem. But with no success.
What could be the cause of this problem? Is it related to Ping Federate or am i missing something in my configuration ?
And here is the Screen-shot of IdP Adapter :
And here is the summary of SP Connection :
Solution
Could it be that you're redirected to the resume URL with the hostname being localhost? In that case your browser won't send a cookie issued to .banka.liferay.com to the server, hence the error.
- Liferay Portlet Response: how to set status code?
- Can a liferay hook xml contain 2 servlet-filter configurations?
- Liferay 6.2: Allow public access to one JSON API method
- How to add/update security questions in Liferay DXP 7.4
- Uncaught TypeError: A.LiferayItemSelectorDialog is not a constructor - Liferay Portal 7.4 GA 105
- Can not find symbol class "OpenIdConnectProviderRegistry" & "OpenIdConnectUserInfoProcessor"
- Liferay upgrade ClassNotFound "import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;"
- Using plugins SDK in Liferay DXP
- "error: cannot find symbol import com.liferay.portal.kernel.uuid.PortalUUID;" in Liferay 7.4
- Liferay 7.4 | How to Check File Entry Permissions in a Servlet?
- Liferay 7.4 GA107: Unresolved requirement: Import-Package: com.ironsoftware.ironpdf_ [Sanitized]
- Eclipse indents new line with tabs instead of spaces
- Freemarker if statements inside html elements
- Liferay 7 - set shared session attribute in Authenticator class
- How to retreive instance scoped configuration in Liferay 7.4.3 (ga104)?
- Compiling a OSGi bundle with registered hook for Liferay
- Upgrading to Liferay 7.4 has caused existing code that called the JSONWS add-user-with-workflow call to fail
- liferay - how to render one portlet in another portlet
- Custom login method in liferay 7
- View only permission for community/site members for Wiki portlet is not working in Liferay
- Sign-in link in custom master page
- How to Install liferay sdk on netbean8?
- How to get global (company) group id in Liferay?
- How to get content from Liferay structure
- Liferay form POST to external URL and display the result in popup window
- Get my own properties in cas client and Liferay
- PingFederate : Could not obtain attributes from the IdP Authentication Service
- How can I get instance_id from menus and breadcrumbs in liferay 7.4
- I can't build Liferay Spring MVC Portlet Project
- converting time from BST to American timeZones CST MST EST PST