Announcement Announcement Module
Collapse
No announcement yet.
How do I configure a http proxy host? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I configure a http proxy host?

    Hi

    I'm trying out the saml2-sample app, but it fails to initialize because I'm behind a corporate web proxy which blocks the GET to http://idp.ssocircle.com/idp-meta.xml.

    How can I configure the saml extension to use my proxy host and port?

    I tried -Dhttp.proxy, but it seems HttpClient doesn't use environment variables.

  • #2
    Hi,

    I haven't tested this, but instantiating the org.opensaml.saml2.metadata.provider.HTTPMetadataP rovider bean in your metadata with constructor HTTPMetadataProvider(Timer backgroundTaskTimer, HttpClient client, String metadataURL) and configuring the supplied HttpClient bean with proxy settings should get the job done.

    Vladi

    Comment


    • #3
      It sorta worked, but I had to create a subclass of HTTPMetaDataProvider which sets the HttpClient
      This made it possible to boot the sample and download metadata ect.

      But pressing the "Login" button fails with a timeout (after I login at ssocircle and get redirected back to localhost). It looks like this is a proxy problem again. It probably creates a new HttClient rather than using the one I provided?

      Code:
      - AuthNRequest;SUCCESS;127.0.0.1
      - I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
      - Retrying request
      - I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
      - Retrying request
      - I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
      - Retrying request
      
      org.opensaml.common.SAMLRuntimeException: Error decoding incoming SAML message
      	org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:91)
      	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
      	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:78)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
      	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
      	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
      root cause
      
      ...
      
      java.net.ConnectException: Connection timed out: connect
      	java.net.PlainSocketImpl.socketConnect(Native Method)
      	java.net.PlainSocketImpl.doConnect(Unknown Source)
      	java.net.PlainSocketImpl.connectToAddress(Unknown Source)
      	java.net.PlainSocketImpl.connect(Unknown Source)
      	java.net.SocksSocketImpl.connect(Unknown Source)
      	java.net.Socket.connect(Unknown Source)
      	com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
      	com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
      	com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
      	org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:97)
      	org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
      	org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
      	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
      	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
      	org.springframework.security.saml.websso.ArtifactResolutionProfileImpl.getArtifactResponse(ArtifactResolutionProfileImpl.java:96)
      	org.springframework.security.saml.websso.ArtifactResolutionProfileBase.resolveArtifact(ArtifactResolutionProfileBase.java:98)
      	org.opensaml.saml2.binding.decoding.HTTPArtifactDecoderImpl.doDecode(HTTPArtifactDecoderImpl.java:94)
      	org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:79)
      	org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70)
      	org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:105)
      	org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:172)
      	org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:77)
      	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
      	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:78)
      	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
      	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
      	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
      	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
      Last edited by wic; Mar 1st, 2013, 05:17 AM.

      Comment


      • #4
        Yes, same issue, just inject the same HttpClient with the proxy settings to the constructor of bean org.springframework.security.saml.websso.ArtifactR esolutionProfileImpl in your securityContext.xml (it's part of the HTTPArtifactBinding).

        Vladimír Schäfer

        Comment

        Working...
        X