Integrating DXP 7 with WSO2 Identity Server for SAML authenticationIntegrating DXP 7 with WSO2 Identity Server for SAML authenticationhttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=813771372024-03-28T18:14:50Z2024-03-28T18:14:50ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationNaresh Reddy Kallamadihttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=952703872017-09-21T13:14:30Z2017-09-21T13:14:30ZHi Jan,<br /><br />Map first attribute like below :<br /><br /><br />screenName=http://wso2.org/claims/im<br />emailAddress=http://wso2.org/claims/emailaddress<br />firstName=http://wso2.org/claims/givenname<br />lastName=http://wso2.org/claims/lastname<br /><br /><br />or try reverse :<br /><br />http://wso2.org/claims/im=screenName<br />http://wso2.org/claims/emailaddress=emailAddress<br />http://wso2.org/claims/givenname=firstName<br />http://wso2.org/claims/lastname=lastName<br /><br />Thanks,<br />Naresh kallamadi.Naresh Reddy Kallamadi2017-09-21T13:14:30ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationJan Rodanhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=950753992017-09-19T15:02:23Z2017-09-19T15:02:23Z<html><head></head><body><div class="quote-title">Raihaan Cassim:</div><blockquote>Sorry, looks like I spoke too soon. I get the below error for any user other than the test user that's created at start up time.<br><br><pre><code>11:17:48,173 ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:46] com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeNull: Screen name must not be null for user 40600
com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeNull: Screen name must not be null for user 40600</code></pre><br><br>Still looking into it and will update this thread if I figure out more.</blockquote><br><br><br>Hi, <br><br>have you figured the reason out? Getting currently the same error. I think we have an issue with some SAML settings.<br><br>Thanks <br><br>Jan</body></html>Jan Rodan2017-09-19T15:02:23ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationRaihaan Cassimhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=822085172016-11-09T12:23:07Z2016-11-09T12:23:07Z<html><head></head><body>Sorry, looks like I spoke too soon. I get the below error for any user other than the test user that's created at start up time.<br><br><pre><code>11:17:48,173 ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:46] com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeNull: Screen name must not be null for user 40600
com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeNull: Screen name must not be null for user 40600</code></pre><br><br>Still looking into it and will update this thread if I figure out more.</body></html>Raihaan Cassim2016-11-09T12:23:07ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationRaihaan Cassimhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=819255512016-11-01T21:00:19Z2016-11-01T21:00:19Z<html><head></head><body>Hi,<br><br>My mapping looks like this:-<br><br><pre><code>im=http://wso2.org/claims/im
emailAddress=http://wso2.org/claims/emailaddress
firstName=http://wso2.org/claims/givenname
lastName=http://wso2.org/claims/lastname</code></pre><br><br>I think your problem is that there's no value for <strong><em></em>givenName</strong> for that user in Identity Server. You can verify this by viewing the users' profile inside IS. <br><br>Fill in all fields for the user in IS and then try logging in again.</body></html>Raihaan Cassim2016-11-01T21:00:19ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationAlbin M.https://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=819248232016-11-01T20:54:29Z2016-11-01T20:54:29ZHi Cassim,<br /><br />I have problem with Attribute Mapping added trough SAML Admin UI. This is my current mapping:<br /><br />screenName=http://wso2.org/claims/givenname<br />emailAddress=http://wso2.org/claims/emailaddress<br />firstName=http://wso2.org/claims/givenname<br />lastName=http://wso2.org/claims/lastname<br /><br />but it doesn't work. I got an error: com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeNull: Screen name must not be null for user 34527<br /><br />Can you please post your working Attribute Mapping?<br /><br />Thanks!<br />AlbinAlbin M.2016-11-01T20:54:29ZRE: Integrating DXP 7 with WSO2 Identity Server for SAML authenticationRaihaan Cassimhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=814477572016-10-19T21:07:07Z2016-10-19T21:07:07ZTo answer my own question :-) ...<br /><br />I was able to get this working eventually. I can't say for sure what the exact cause of my troubles was but I managed to solve my problems by configuring the SAML plugin via the UI rather than using portal-ext.properties. It appears to me that the two main problems were<br />1) plugin didn't like the idea of the metadata URL being HTTP as opposed to HTTPS.<br />2) metadata.xml was not being read from the location as set in the portal-ext.properties file.<br /><br />Once I corrected these two points I was able to make progress and have now managed to successfully authenticate and log in.Raihaan Cassim2016-10-19T21:07:07ZIntegrating DXP 7 with WSO2 Identity Server for SAML authenticationRaihaan Cassimhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=813771362016-10-18T11:21:40Z2016-10-18T11:21:40Z<html><head></head><body>Hi all,<br><br>I'm trying to integrate Liferay DXP7 (7.0 ga1) with WSO2's Identity Server 5.2.0 using the <a href="https://web.liferay.com/marketplace/-/mp/application/15188711">Liferay SAML 2.0 Provider</a>. <br><br>Obviously since I'm posting here I've not had any joy in getting this to work. I've referenced a number of blogs in trying to set this up without any success. The main ones being:-<br><a href="https://www.yenlo.com/blog/wso2-creating-single-sign-on-between-liferay-and-wso2-identity-server">Yenlo blog</a><br><a href="https://docs.wso2.com/display/IS520/Integrating+WSO2+Identity+Server+with+Liferay">WSO2 IS Tutorial</a><br><br>I've set up the Identity Provider and the Service Provider within IS as described on the referenced sites. I've then created the keystore and copied over the certificate as well. I've updated the portal-ext.properties file to contain the new config lines.<br><br>Both apps start up without incident. What happens is that when I click the 'Sign In' link in Liferay I'm presented with a blank page and an error in Liferay. The stack trace is as follows:-<br><pre><code>
2016-10-18 11:18:02 ERROR SamlSpSsoFilter:61 - com.liferay.saml.SamlException: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
com.liferay.saml.SamlException: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at com.liferay.saml.profile.WebSsoProfileImpl.sendAuthnRequest(WebSsoProfileImpl.java:188)
at com.liferay.saml.profile.WebSsoProfileUtil.sendAuthnRequest(WebSsoProfileUtil.java:55)
at com.liferay.saml.hook.filter.SamlSpSsoFilter.login(SamlSpSsoFilter.java:124)
at com.liferay.saml.hook.filter.SamlSpSsoFilter.processFilter(SamlSpSsoFilter.java:146)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:67)
at com.sun.proxy.$Proxy660.doFilter(Unknown Source)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:65)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:115)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: java.lang.NullPointerException
at com.liferay.saml.metadata.MetadataManagerImpl.getEntityDescriptor(MetadataManagerImpl.java:180)
at com.liferay.saml.metadata.MetadataManagerUtil.getEntityDescriptor(MetadataManagerUtil.java:52)
at com.liferay.saml.profile.BaseProfile.getSamlMessageContext(BaseProfile.java:167)
at com.liferay.saml.profile.BaseProfile.getSamlMessageContext(BaseProfile.java:221)
at com.liferay.saml.profile.WebSsoProfileImpl.doSendAuthnRequest(WebSsoProfileImpl.java:624)
at com.liferay.saml.profile.WebSsoProfileImpl.sendAuthnRequest(WebSsoProfileImpl.java:178)
... 47 more
Caused by: java.lang.NullPointerException
at org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager.getFactory(KeyInfoGeneratorManager.java:77)
at com.liferay.saml.util.OpenSamlUtil.buildKeyInfo(OpenSamlUtil.java:591)
at com.liferay.saml.metadata.MetadataGeneratorUtil.buildSpSsoDescriptor(MetadataGeneratorUtil.java:197)
at com.liferay.saml.metadata.MetadataGeneratorUtil.buildSpEntityDescriptor(MetadataGeneratorUtil.java:153)
at com.liferay.saml.metadata.MetadataManagerImpl.getEntityDescriptor(MetadataManagerImpl.java:171)
... 52 more
2016-10-18 11:18:03 DEBUG PoolingHttpClientConnectionManager:1