Pavithra's Blog

Thursday, September 12, 2013

How to resolve "java.lang.ClassNotFoundException: Error loading SSL Implementation edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation" when deploying Shibboleth on tomcat

If you encounter following error

java.lang.ClassNotFoundException: Error loading SSL Implementation edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation :java.lang.ClassNotFoundException: edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation
at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:77)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:156)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Sep 12, 2013 1:38:27 PM org.apache.catalina.core.StandardService initialize
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
LifecycleException: Protocol handler initialization failed: java.lang.ClassNotFoundException: Error loading SSL Implementation edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation :java.lang.ClassNotFoundException: edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation
at org.apache.catalina.connector.Connector.initialize(Connector.java:1125)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

what you have to do is to download tomcat6-dta-ssl-1.0.0.jar and place it inside TOMCAT_HOME/lib folder.

Tuesday, July 30, 2013

Adding users to WSO2 Identity server through SCIM end points when primary user store is OpenLDAP

Consider a scenario where OpenLDAP is used as the primary user store of WSO2 Identity Server .

	<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
	<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
	<Property name="ConnectionURL">ldap://openldap_ip:389</Property>
	<Property name="Disabled">false</Property>
	<Property name="ConnectionName">cn=admin,dc=wso2qa,dc=com</Property>
	<Property name="ConnectionPassword">password</Property>
	<Property name="passwordHashMethod">PLAIN_TEXT</Property>
	<Property name="UserNameListFilter">(objectClass=person)</Property>
	<Property name="UserEntryObjectClass">inetOrgPerson</Property>
	<Property name="UserSearchBase">ou=users,dc=wso2qa,dc=com</Property>
	<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
	<Property name="UserNameAttribute">uid</Property>
	<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-\|//]{3,30}$</Property>
	<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
	<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
	<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-\|//]{3,30}$</Property>
	<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
	<Property name="ReadGroups">true</Property>
	<Property name="WriteGroups">true</Property>
	<Property name="EmptyRolesAllowed">false</Property>
	<Property name="GroupSearchBase">ou=groups,dc=wso2qa,dc=com</Property>
	<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
	<Property name="GroupEntryObjectClass">groupOfNames</Property>
	<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
	<Property name="GroupNameAttribute">cn</Property>
	<Property name="SharedGroupNameAttribute">cn</Property>
	<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2qa,dc=com</Property>
	<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
	<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
	<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
	<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
	<Property name="SharedTenantNameAttribute">ou</Property>
	<Property name="SharedTenantObjectClass">organizationalUnit</Property>
	<Property name="MembershipAttribute">member</Property>
	<Property name="UserRolesCacheEnabled">true</Property>
	<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
	<Property name="MaxRoleNameListLength">100</Property>
	<Property name="MaxUserNameListLength">100</Property>
	</UserStoreManager>

view raw openldap hosted with ❤ by GitHub

Note : Above configuration is for WSO2 Identity Server 4.5.0

In this case if user provisioning is done through SCIM without any claim mappings, you'll observe below result.

curl -v -k --user admin:admin --data "{"schemas":[],"userName":"SureshAtt","password":"password"}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

view raw curl hosted with ❤ by GitHub

[2013-07-31 10:09:43,827] ERROR {org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint} - Error in adding the user: SureshAtt to the user store..
org.wso2.carbon.user.core.UserStoreException: Can not access the directory context or user already exists in the system
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:267)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:997)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:1020)
at org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.createUser(SCIMUserManager.java:109)
at org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint.create(UserResourceEndpoint.java:147)
at org.wso2.carbon.identity.scim.provider.resources.UserResource.createUser(UserResource.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:102)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:218)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:198)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:163)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - scimId: attribute type undefined]; remaining name 'uid=SureshAtt'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3110)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:397)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:259)
... 49 more

To avoid this, have to map SCIM claims to attributes in OpenLDAP. More details can be found in this blog post written by Suresh.

Note : Same claim mapping can be done for OpenLDAP

Tuesday, July 16, 2013

Error when starting OpenLDAP

If you encounter following error when starting openldap...

Starting OpenLDAP: slapd - failed:
/usr/sbin/slapd: /usr/local/lib/libldap_r-2.4.so.2: no version information available (required by /usr/sbin/slapd)
/usr/sbin/slapd: /usr/local/lib/liblber-2.4.so.2: no version information available (required by /usr/sbin/slapd)
/usr/sbin/slapd: relocation error: /usr/sbin/slapd: symbol ldap_pvt_sasl_mutex_dispose, version OPENLDAP_2.4_2 not defined in file libldap_r-2.4.so.2 with link time reference

solution is....

Changed the path for /etc/ld.so.conf.d/libc.conf

	# libc default configuration

	#old path
	#/usr/local/lib

	#new path
	/usr/lib

view raw openldap hosted with ❤ by GitHub

Ran following command (to setup correct link and to rebuild the cache)

/sbin/ldconfig -v

Please refer following for more information :

https://www.os3.nl/2012-2013/students/katerina_mparmpopoulou/cia/lab8

Monday, June 17, 2013

java.lang.IllegalStateException: No match found when installing Shibboleth

Have you ever encountered following error when installing Shibboleth.

Updating property file: IDP_HOME/shibboleth-identityprovider-2.4.0/src/installer/resources/install.properties
Created dir: IDP_HOME/bin
Created dir: IDP_HOME/conf
Created dir: IDP_HOME/credentials
Created dir: IDP_HOME/lib
Created dir: IDP_HOME/lib/endorsed
Created dir: IDP_HOME/logs
Created dir: IDP_HOME/metadata
Created dir: IDP_HOME/war

BUILD FAILED
IDP_HOME/shibboleth-identityprovider-2.4.0/src/installer/resources/build.xml:70: java.lang.IllegalStateException: No match found

It's because you've not provided a fully qualified hostname during installation.
e.g It should exactly match the format suggested by shibboleth. i.e. idp.example.org

If you specify localhost, example.org, etc.. then you'll encounter above error.

Friday, May 18, 2012

Adding virtual IP in Ubuntu

Following are the steps I followed to add new virtual IP in Ubuntu

- Edit interfaces file and add following entry to add a second ip

Command to be used: $ vi /etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
address 192.168.1.50
netmask 255.255.255.0

The new ip should be in the same network as currently using IP and it shouldn't be in use already.

Note : To check the ethernet device name, you can use following command

$ ifconfig | grep eth

- Now restart the network

$ /etc/init.d/networking restart

- If everything goes smoothly, you'll see following printed in console for above command

* Reconfiguring network interfaces...
ssh stop/waiting
ssh start/running, process 5436
start: Job failed to start
ssh stop/waiting
ssh start/running, process 5558
start: Job failed to start [ OK ]

- Verify the change using one of the following commands

$ ifconfig | grep eth
$ ifconfig

Tips : For /etc/init.d/networking restart, sometimes you may come across following error

* Reconfiguring network interfaces...
SIOCSIFADDR: No such device
etho:1: ERROR while getting interface flags: No such device
etho:1: ERROR while getting interface flags: No such device
Failed to bring up etho:1

To solve this go to interface file ($ vi /etc/network/interfaces)

There your entry will look like........

auto eth0:1

iface eth0:1 inet static

address 192.168.1.50

netmask 255.255.255.0

Just enter tab before 3rd and 4th lines....

auto eth0:1

iface eth0:1 inet static

address 192.168.1.50

netmask 255.255.255.0

And it will solve your issue....