Getting issue after successfully passing the authentication from IDP in Picketlink with EAP 5.

Solution Unverified - Updated -

Issue

  • Getting issue after successfully passing the authentication from IDP(Identity Provider) in Picketlink with EAP 5.2 as follows :-

    • The SP(Service Provider) Instance where SP side war is deployed, the following security domain in the JBoss_HOME/server/sp/conf/login-config.xml file was added :-

    <application-policy name="sp"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/> </authentication> </application-policy>
    • On Identity Provider instance the following settings has been done in JBoss_HOME/server/idp/conf/login-config.xml:-
    <application-policy name="idp">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                <module-option name="usersProperties">props/idp-users.properties</module-option>
                <module-option name="rolesProperties">props/idp-roles.properties</module-option>
            </login-module>
        </authentication>
    </application-policy>
    
    • When the correct credentials are being provided at the Identity Provider site login page the the following error appears immediately:-
    ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-10.x.x.x-28080-2) An exception or error occurred in the container during the request processing
    java.lang.IllegalStateException: getOutputStream() has already been called for this response
        at org.apache.catalina.connector.Response.getWriter(Response.java:621)
        at org.picketlink.identity.federation.web.util.PostBindingUtil.sendPost(PostBindingUtil.java:104)
        at org.picketlink.identity.federation.web.util.IDPWebRequestUtil.send(IDPWebRequestUtil.java:231)
        at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:640)
        at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.invoke(AbstractIDPValve.java:383)
        at org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve.invoke(IDPSAMLDebugValve.java:57)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)
        at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
        at java.lang.Thread.run(Thread.java:722)
    

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content