Hi,

I'm trying to validate users on the novell User Application (3.7 pachE)
using Kerberos and SAML assertions (edir 8.8.5, both UA and eDir are
runnig windows 2003)

When trying to log into UA there is the next error:

server.log

2012-03-21 16:21:47,942 INFO [STDOUT] (http-0.0.0.0-443-2) Debug is
true storeKey true useTicketCache false useKeyTab true doNotPrompt false
ticketCache is null isInitiator true KeyTab is
C:\Novell\idm\jboss\kerberos\rbpm.keytab refreshKrb5Config is false
principal is HTTP/gid.tragsa.es tryFirstPass is false useFirstPass is
true storePass is false clearPass is false
2012-03-21 16:21:47,942 INFO [STDOUT] (http-0.0.0.0-443-2) principal's
key obtained from the keytab
2012-03-21 16:21:47,942 INFO [STDOUT] (http-0.0.0.0-443-2) Acquire TGT
using AS Exchange
2012-03-21 16:21:47,958 INFO [STDOUT] (http-0.0.0.0-443-2) principal
is HTTP/gid.tragsa.es@TRAGSA.ES
2012-03-21 16:21:47,958 INFO [STDOUT] (http-0.0.0.0-443-2)
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 53 4D A0 4B 6D 68 AB
76 CF 7C 70 28 04 3D 96 AE SM.Kmh.v..p(.=..
2012-03-21 16:21:47,958 INFO [STDOUT] (http-0.0.0.0-443-2) Added
server's keyKerberos Principal HTTP/gid.tragsa.es@TRAGSA.ESKey Version
3key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 53 4D A0 4B 6D 68 AB 76 CF 7C 70 28 04 3D 96 AE
SM.Kmh.v..p(.=..
2012-03-21 16:21:47,958 INFO [STDOUT] (http-0.0.0.0-443-2)
[Krb5LoginModule] added Krb5Principal HTTP/gid.tragsa.es@TRAGSA.ES to
Subject
2012-03-21 16:21:47,958 INFO [STDOUT] (http-0.0.0.0-443-2) Commit
Succeeded
2012-03-21 16:21:47,958 INFO [com.novell.common.auth.sso.SSOFilter]
(http-0.0.0.0-443-2) Encabezado de SSO emitido por el filtro de SSO
kerberos para el usuario msaavedr.
2012-03-21 16:21:47,989 INFO
[com.novell.common.auth.saml.AuthTokenGenerator] (http-0.0.0.0-443-2) La
peticin emite el testigo de SAML a partir del filtro de SSO kerberos
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.novell.pwdmgt.util.AuthenticationHelper:authen ticateUser]
Authenticating User
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) DEBUG
[com.novell.pwdmgt.util.AuthenticationHelper:authen ticateUser]
AuthenticationHelper:uid: cn=msaavedr,ou=Activos,ou=usuarios,o=datos
2012-03-21 16:21:47,989 DEBUG
[com.novell.pwdmgt.util.AuthenticationHelper] (http-0.0.0.0-443-2)
AuthenticationHelper:uid: cn=msaavedr,ou=Activos,ou=usuarios,o=datos
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) DEBUG
[com.novell.pwdmgt.util.AuthenticationHelper:authen ticateUser]
AuthenticationHelperwd:
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz 48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lz Om5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgSXNzdWVJbn N0YW50PSIyMDEyLTAzLTIxVDE1OjIxOjQ3WiIgSXNzdWVyPSJy YnBtLmlkbS5ub3ZlbGwuY29tIiBNYWpvclZlcnNpb249IjEiIE 1pbm9yVmVyc2lvbj0iMSI+PHNhbWw6Q29uZGl0aW9ucyBOb3RP bk9yQWZ0ZXI9IjIwMTItMDMtMjFUMTY6MjE6NDdaIi8+PHNhbW w6QXV0aGVudGljYXRpb25TdGF0ZW1lbnQgQXV0aGVudGljYXRp b25JbnN0YW50PSIyMDEyLTAzLTIxVDE1OjIxOjQ3WiIgQXV0aG VudGljYXRpb25NZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpT QU1MOjEuMDphbTp1bnNwZWNpZmllZCI+PHNhbWw6U3ViamVjdD 48c2FtbDpOYW1lSWRlbnRpZmllciBGb3JtYXQ9InVybjpvYXNp czpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0Olg1MD lTdWJqZWN0TmFtZSI+Y249bXNhYXZlZHIsb3U9QWN0aXZvcyxv dT11c3VhcmlvcyxvPWRhdG9zPC9zYW1sOk5hbWVJZGVudGlmaW VyPjwvc2FtbDpTdWJqZWN0Pjwvc2FtbDpBdXRoZW50aWNhdGlv blN0YXRlbWVudD48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodH RwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxk czpTaWduZWRJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm 9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxkczpDYW5vbmljYWxp emF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My 5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiB4bWxuczpkcz0i aHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIvPg 0KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6 Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMS IgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv eG1sZHNpZyMiLz4NCjxkczpSZWZlcmVuY2UgVVJJPSIiIHhtbG 5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz aWcjIj4NCjxkczpUcmFuc2Zvcm1zIHhtbG5zOmRzPSJodHRwOi 8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxkczpU cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy 8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIg eG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG 1sZHNpZyMiLz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0bi MiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5 L3htbGRzaWcjIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyB4bW xuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwt ZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJkcyBzYW1sIi8+PC9kcz pUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGln ZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcm cvMjAwMC8wOS94bWxkc2lnI3NoYTEiIHhtbG5zOmRzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZH M6RGlnZXN0VmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMu b3JnLzIwMDAvMDkveG1sZHNpZyMiPnpxenJiSHhtVjBnREtWQU tlYzJtNzkrMUxZZz08L2RzOkRpZ2VzdFZhbHVlPg0KPC9kczpS ZWZlcmVuY2U+DQo8L2RzOlNpZ25lZEluZm8+DQo8ZHM6U2lnbm F0dXJlVmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDAvMDkveG1sZHNpZyMiPg0KQ201NG0xNm84OVYxRTRNbT FtdHh1K29mT3Bma003TGVlNEdJdnIySm9UYVB1aklycmIxbFJw RnVXdDhiUkVzZ0ZXaVZ6cTZvM2FkdA0KaHRVRVh6WXBpczdGME ZJK2xLQ3BiVjQ0bGlDVEJsZzRJS1NPN1JkN3JrUEJtbmk3YmM1 dEF4WGtWVHF5Zkl1ZVJSdWtybjZkLzczQQ0KSU1rdzc3VUk4Y1 d6c3FkanFGUT0NCjwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8L2Rz OlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==
2012-03-21 16:21:47,989 DEBUG
[com.novell.pwdmgt.util.AuthenticationHelper] (http-0.0.0.0-443-2)
AuthenticationHelperwd:
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz 48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lz Om5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgSXNzdWVJbn N0YW50PSIyMDEyLTAzLTIxVDE1OjIxOjQ3WiIgSXNzdWVyPSJy YnBtLmlkbS5ub3ZlbGwuY29tIiBNYWpvclZlcnNpb249IjEiIE 1pbm9yVmVyc2lvbj0iMSI+PHNhbWw6Q29uZGl0aW9ucyBOb3RP bk9yQWZ0ZXI9IjIwMTItMDMtMjFUMTY6MjE6NDdaIi8+PHNhbW w6QXV0aGVudGljYXRpb25TdGF0ZW1lbnQgQXV0aGVudGljYXRp b25JbnN0YW50PSIyMDEyLTAzLTIxVDE1OjIxOjQ3WiIgQXV0aG VudGljYXRpb25NZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpT QU1MOjEuMDphbTp1bnNwZWNpZmllZCI+PHNhbWw6U3ViamVjdD 48c2FtbDpOYW1lSWRlbnRpZmllciBGb3JtYXQ9InVybjpvYXNp czpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0Olg1MD lTdWJqZWN0TmFtZSI+Y249bXNhYXZlZHIsb3U9QWN0aXZvcyxv dT11c3VhcmlvcyxvPWRhdG9zPC9zYW1sOk5hbWVJZGVudGlmaW VyPjwvc2FtbDpTdWJqZWN0Pjwvc2FtbDpBdXRoZW50aWNhdGlv blN0YXRlbWVudD48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodH RwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxk czpTaWduZWRJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm 9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxkczpDYW5vbmljYWxp emF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My 5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiB4bWxuczpkcz0i aHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIvPg 0KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6 Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMS IgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv eG1sZHNpZyMiLz4NCjxkczpSZWZlcmVuY2UgVVJJPSIiIHhtbG 5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz aWcjIj4NCjxkczpUcmFuc2Zvcm1zIHhtbG5zOmRzPSJodHRwOi 8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCjxkczpU cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy 8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIg eG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG 1sZHNpZyMiLz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0bi MiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5 L3htbGRzaWcjIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyB4bW xuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwt ZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJkcyBzYW1sIi8+PC9kcz pUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGln ZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcm cvMjAwMC8wOS94bWxkc2lnI3NoYTEiIHhtbG5zOmRzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZH M6RGlnZXN0VmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMu b3JnLzIwMDAvMDkveG1sZHNpZyMiPnpxenJiSHhtVjBnREtWQU tlYzJtNzkrMUxZZz08L2RzOkRpZ2VzdFZhbHVlPg0KPC9kczpS ZWZlcmVuY2U+DQo8L2RzOlNpZ25lZEluZm8+DQo8ZHM6U2lnbm F0dXJlVmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDAvMDkveG1sZHNpZyMiPg0KQ201NG0xNm84OVYxRTRNbT FtdHh1K29mT3Bma003TGVlNEdJdnIySm9UYVB1aklycmIxbFJw RnVXdDhiUkVzZ0ZXaVZ6cTZvM2FkdA0KaHRVRVh6WXBpczdGME ZJK2xLQ3BiVjQ0bGlDVEJsZzRJS1NPN1JkN3JrUEJtbmk3YmM1 dEF4WGtWVHF5Zkl1ZVJSdWtybjZkLzczQQ0KSU1rdzc3VUk4Y1 d6c3FkanFGUT0NCjwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8L2Rz OlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.novell.pwdmgt.util.PasswordHelper:loginPortal] loginPortal
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.session.EboSessionManager:getEbiHttpSe ssion] found portal
session in the HTTP session =
com.sssw.fw.session.EboHttpSession@14438ff
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) DEBUG
[com.novell.pwdmgt.util.PasswordHelper:loginPortal] Attempting to
login....cn=msaavedr,ou=Activos,ou=usuarios,o=dato s
2012-03-21 16:21:47,989 DEBUG [com.novell.pwdmgt.util.PasswordHelper]
(http-0.0.0.0-443-2) Attempting to
login....cn=msaavedr,ou=Activos,ou=usuarios,o=dato s
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:setValue] Adding entry to
session for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_CREDENTIALS
and value = com.sssw.fw.directory.core.EboUserCredentials@1866 9c1
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:setValue] Writing to HTTP
session object for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_CREDENTIALS
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:getValue] Returning entry from
session for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_DIRECTORY_CONNECT ION
and value = null
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:getValue] Returning entry from
session for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_CREDENTIALS
and value = com.sssw.fw.directory.core.EboUserCredentials@1866 9c1
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:getValue] Returning entry from
session for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_DIRECTORY_CONNECT ION
and value = null
2012-03-21 16:21:47,989 INFO [STDOUT] (http-0.0.0.0-443-2) Sending
assertion
2012-03-21 16:21:51,223 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.sssw.fw.cachemgr.core.EboCacheHolder:removeVal ue] Removing entry
from session for key
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapUserConnectionInfoHelper:USER_CREDENTIALS
2012-03-21 16:21:51,223 INFO [com.novell.pwdmgt.util.PasswordHelper]
(http-0.0.0.0-443-2) [Login_Failure]
cn=msaavedr,ou=Activos,ou=usuarios,o=datos no ha entrado a la sesin
correctamente.
2012-03-21 16:21:51,223 INFO [STDOUT] (http-0.0.0.0-443-2) TRACE
[com.novell.pwdmgt.util.PasswordHelper:loginPortal]
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
com.sssw.fw.directory.api.EboInvalidCredentialsExc eption:
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.createBaseContext(EboLdapDirect oryConnection.java:299)
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.authenticate(EboLdapDirectoryCo nnection.java:167)
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnectionManager.getUserConnection(EboLda pDirectoryConnectionManager.java:218)
at
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapRealm.authUserPassword(EboJndiLdapRealm.java:67 6)
at
com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapCachingRealm.authUserPassword(EboJndiLdapCachin gRealm.java:318)
at
com.novell.pwdmgt.util.PasswordHelper.loginPortal( PasswordHelper.java:2453)
at
com.novell.pwdmgt.util.AuthenticationHelper.authen ticateUser(AuthenticationHelper.java:111)
at
com.novell.common.auth.PasswordBasedLoginModule.lo gin(PasswordBasedLoginModule.java:131)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
javax.security.auth.login.LoginContext.invoke(Logi nContext.java:769)
at
javax.security.auth.login.LoginContext.access$000( LoginContext.java:186)
at
javax.security.auth.login.LoginContext$5.run(Login Context.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeCreat orPriv(LoginContext.java:703)
at
javax.security.auth.login.LoginContext.login(Login Context.java:575)
at com.novell.common.auth.JAASManager.login(JAASManag er.java:122)
at com.novell.common.auth.JAASFilter.doFilter(JAASFil ter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
com.novell.common.auth.saml.AuthTokenGeneratorFilt er.doFilter(AuthTokenGeneratorFilter.java:155)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at com.novell.common.auth.sso.SSOFilter.doFilter(SSOF ilter.java:91)
at com.novell.common.auth.sso.SAPFilter.doFilter(SAPF ilter.java:37)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at com.novell.common.auth.sso.SSOFilter.doFilter(SSOF ilter.java:128)
at
com.novell.common.auth.sso.KerberosFilter.doFilter (KerberosFilter.java:58)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doF ilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:235)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
at
org.jboss.web.tomcat.security.SecurityAssociationV alve.invoke(SecurityAssociationValve.java:190)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:433)
at
org.jboss.web.tomcat.security.JaccContextValve.inv oke(JaccContextValve.java:92)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.process(SecurityContextEstablishment Valve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.invoke(SecurityContextEstablishmentV alve.java:70)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionV alve.invoke(CachedConnectionValve.java:158)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:330)
at
org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:829)
at
org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:601)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.jav a:3041)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2789)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:270 3)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.ja va:223)
at
javax.naming.ldap.InitialLdapContext.<init>(Initia lLdapContext.java:134)
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.createBaseContext(EboLdapDirect oryConnection.java:297)
... 51 more
2012-03-21 16:21:51,223 ERROR [com.novell.common.auth.JAASManager]
(http-0.0.0.0-443-2) Error de entrada de sesin del usuario:
cn=msaavedr,ou=Activos,ou=usuarios,o=datos
com.novell.pwdmgt.api.LoginFailedException: Compruebe el ID de usuario
o contrasea
at
com.novell.pwdmgt.util.PasswordHelper.loginPortal( PasswordHelper.java:2563)
at
com.novell.pwdmgt.util.AuthenticationHelper.authen ticateUser(AuthenticationHelper.java:111)
at
com.novell.common.auth.PasswordBasedLoginModule.lo gin(PasswordBasedLoginModule.java:131)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
javax.security.auth.login.LoginContext.invoke(Logi nContext.java:769)
at
javax.security.auth.login.LoginContext.access$000( LoginContext.java:186)
at
javax.security.auth.login.LoginContext$5.run(Login Context.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeCreat orPriv(LoginContext.java:703)
at
javax.security.auth.login.LoginContext.login(Login Context.java:575)
at com.novell.common.auth.JAASManager.login(JAASManag er.java:122)
at com.novell.common.auth.JAASFilter.doFilter(JAASFil ter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
com.novell.common.auth.saml.AuthTokenGeneratorFilt er.doFilter(AuthTokenGeneratorFilter.java:155)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at com.novell.common.auth.sso.SSOFilter.doFilter(SSOF ilter.java:91)
at com.novell.common.auth.sso.SAPFilter.doFilter(SAPF ilter.java:37)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at com.novell.common.auth.sso.SSOFilter.doFilter(SSOF ilter.java:128)
at
com.novell.common.auth.sso.KerberosFilter.doFilter (KerberosFilter.java:58)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doF ilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:235)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
at
org.jboss.web.tomcat.security.SecurityAssociationV alve.invoke(SecurityAssociationValve.java:190)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:433)
at
org.jboss.web.tomcat.security.JaccContextValve.inv oke(JaccContextValve.java:92)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.process(SecurityContextEstablishment Valve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.invoke(SecurityContextEstablishmentV alve.java:70)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionV alve.invoke(CachedConnectionValve.java:158)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:330)
at
org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:829)
at
org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:601)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)


And this is the edir ds trace:


15:15:27 CE0 NMAS: 12: /DigestValue
15:15:27 CE0 NMAS: 12: /DigestMethod
15:15:27 CE0 NMAS: 12: /Transforms
15:15:27 CE0 NMAS: 12: TEXT
15:15:27 CE0 NMAS: 12: content(length: 1)=

15:15:27 CE0 NMAS: 12: /Reference
15:15:27 CE0 NMAS: 12: /SignatureMethod
15:15:27 CE0 NMAS: 12: /CanonicalizationMethod
15:15:27 CE0 NMAS: 12: TEXT
15:15:27 CE0 NMAS: 12: content(length: 1)=

15:15:27 CE0 NMAS: 12: ELEMENT SignatureValue
15:15:27 CE0 NMAS: 12: TEXT
15:15:27 CE0 NMAS: 12: content(length: 176)=
Pj7Vr5Zey4CqvjJDnJjge+JlGJPCm7jR+uhT08mXdbeja/VHMG1D8cozXwrHxwvsAUdUCsCofeP7
cr5NQ2NJ02lJrUxlxWbsQNTyRYTP5QCVZrkTXooAgyeraUUuro kX8uiywibmPuglUSdoD7GQ/4WG
eBXKFmHQYeXQT2Zt+nc=

15:15:27 CE0 NMAS: 12: TEXT
15:15:27 CE0 NMAS: 12: content(length: 1)=

15:15:27 CE0 NMAS: 12: /SignatureValue
15:15:27 CE0 NMAS: 12: /SignedInfo
15:15:27 CE0 NMAS: 12: /Signature
15:15:27 CE0 NMAS: 12: /AuthenticationStatement
15:15:27 CE0 NMAS: 12: /Conditions
15:15:27 CE0 NMAS: 12: /Assertion
15:15:27 CE0 NMAS: 12: SAML LSM exiting with status: -1642
15:15:27 CE0 NMAS: 12: Server Module 0x00000024 Write
15:15:27 F8 NMAS: 12: ERROR: -1642 Client Module 0x00000024 End
15:15:27 CE0 NMAS: 12: ERROR: -1642 Server Module 0x00000024 End
15:15:27 CE0 NMAS: 12: WhatNext
15:15:27 CE0 NMAS: 12: Failed login delay 3 seconds
15:15:30 CE0 NMAS: 12: Failed login
15:15:30 CE0 NMAS: 12: Acknowledge
15:15:30 CE0 NMAS: 12: Server thread exited
15:15:30 CE0 NMAS: 12: Pool thread 0x1a11fc60 work complete
15:15:30 F8 NMAS: 12: ERROR: -1642 SASL_DoMechanism: NMAS_WhatNext
15:15:30 F8 NMAS: 12: Client Session Destroy Request
15:15:30 F8 LDAP: Failed to authenticate full context on connection
0x19f7a008, err = -1642 (0xfffff996)
15:15:30 1588 LDAP: Connection 0x19f7a008 read failure, setting err =
-5875
15:15:30 1588 LDAP: Monitor 0x1588 found connection 0x19f7a008 socket
failure, err = -5875, 0 of 0 bytes read
15:16:05 4D8 LDAP: BIO ctrl called with unknown cmd 7
15:16:05 6C8 NMAS: 13: Create NMAS Session
15:16:05 6C8 NMAS: 13: SASL SAML started
15:16:05 6C8 NMAS: 13: Found login sequence SAML Assertion for proxy
client
15:16:05 6C8 NMAS: 13: NMAS Client supplied user DN
aaemple3333.Activos.usuarios.datos
15:16:06 6C8 NMAS: 13: Actual user DN
CN=aaemple3333.OU=Activos.OU=usuarios.O=datos
15:16:06 6C8 NMAS: 13: Create thread request
15:16:06 6C8 NMAS: 13: Using thread 0x1a11fc60
15:16:06 6C8 NMAS: 13: Server thread started
15:16:06 6C8 NMAS: 13: Proxy client started local server session
15:16:06 CE0 NMAS: 13: Pool thread 0x1a11fc60 awake with new work
15:16:06 CE0 NMAS: 13: CanDo
15:16:06 CE0 NMAS: 13: No client network address
15:16:06 CE0 NMAS: 13: Selected requested login sequence == "SAML
Assertion"
15:16:06 CE0 NMAS: 13: Login Method 0x00000024
15:16:06 CE0 NMAS: 13: LSM00000024 Entered
15:16:06 CE0 NMAS: 13: Begin Server Module 0x00000024
15:16:06 CE0 NMAS: 13: Server Module 0x00000024 Read
15:16:06 6C8 NMAS: 13: Begin Client Module 0x00000024
15:16:06 6C8 NMAS: 13: Client Module 0x00000024 Get attribute AID: 6
15:16:06 6C8 NMAS: 13: Client Module 0x00000024 Get attribute AID: 6
15:16:06 6C8 NMAS: 13: Client Module 0x00000024 Write
15:16:06 6C8 NMAS: 13: Client Module 0x00000024 Write
15:16:06 6C8 NMAS: 13: Client Module 0x00000024 Read
15:16:06 CE0 NMAS: 13: RecvPacketAllocSize: 4096, size required: 4130
15:16:06 CE0 NMAS: 13: Server Module 0x00000024 Read
15:16:06 CE0 NMAS: 13: LSM: About to unpack assertion of 4118 bytes
15:16:06 CE0 NMAS: 13: LSM: handleAssertionPacket, received assertion
of 4114 bytes.
15:16:06 CE0 NMAS: 13: parseSAMLAssertion Entered
15:16:06 CE0 NMAS: 13: Succesfully created document.
15:16:06 CE0 NMAS: 13: ELEMENT Assertion
15:16:06 CE0 NMAS: 13: Found property content: 2012-03-22T14:16:05Z
15:16:06 CE0 NMAS: 13: Found property content: rbpm.idm.novell.com
15:16:06 CE0 NMAS: 13: ELEMENT Conditions
15:16:06 CE0 NMAS: 13: ATTRIBUTE NotOnOrAfter
15:16:06 CE0 NMAS: 13: content=2012-03-22T15:16:05Z
15:16:06 CE0 NMAS: 13: ELEMENT AuthenticationStatement
15:16:06 CE0 NMAS: 13: ATTRIBUTE AuthenticationInstant
15:16:06 CE0 NMAS: 13: content=2012-03-22T14:16:05Z
15:16:06 CE0 NMAS: 13: ATTRIBUTE AuthenticationMethod
15:16:06 CE0 NMAS: 13:
content=urnasis:names:tc:SAML:1.0:am:unspecified
15:16:06 CE0 NMAS: 13: ELEMENT Subject
15:16:06 CE0 NMAS: 13: ELEMENT NameIdentifier
15:16:06 CE0 NMAS: 13: Found NameIdentifier format:
urnasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
15:16:06 CE0 NMAS: 13: NameIdentifier format is valid
15:16:06 CE0 NMAS: 13: NameIdentifier contains name
cn=aaemple3333,ou=Activos,ou=usuarios,o=datos
15:16:06 CE0 NMAS: 13: ATTRIBUTE Format
15:16:06 CE0 NMAS: 13:
content=urnasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length:
45)=cn=aaemple3333,ou=Activos,ou=usuarios,o=datos
15:16:06 CE0 NMAS: 13: /NameIdentifier
15:16:06 CE0 NMAS: 13: /Subject
15:16:06 CE0 NMAS: 13: ELEMENT Signature
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT SignedInfo
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT CanonicalizationMethod
15:16:06 CE0 NMAS: 13: ATTRIBUTE Algorithm
15:16:06 CE0 NMAS: 13: content=http://www.w3.org/2001/10/xml-exc-c14n#
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT SignatureMethod
15:16:06 CE0 NMAS: 13: ATTRIBUTE Algorithm
15:16:06 CE0 NMAS: 13:
content=http://www.w3.org/2000/09/xmldsig#rsa-sha1
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT Reference
15:16:06 CE0 NMAS: 13: ATTRIBUTE URI
15:16:06 CE0 NMAS: 13: content=
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT Transforms
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT Transform
15:16:06 CE0 NMAS: 13: ATTRIBUTE Algorithm
15:16:06 CE0 NMAS: 13:
content=http://www.w3.org/2000/09/xmldsig#enveloped-signature
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT Transform
15:16:06 CE0 NMAS: 13: ATTRIBUTE Algorithm
15:16:06 CE0 NMAS: 13: content=http://www.w3.org/2001/10/xml-exc-c14n#
15:16:06 CE0 NMAS: 13: ELEMENT InclusiveNamespaces
15:16:06 CE0 NMAS: 13: ATTRIBUTE PrefixList
15:16:06 CE0 NMAS: 13: content=ds saml
15:16:06 CE0 NMAS: 13: /InclusiveNamespaces
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: /Transform
15:16:06 CE0 NMAS: 13: /Transform
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT DigestMethod
15:16:06 CE0 NMAS: 13: ATTRIBUTE Algorithm
15:16:06 CE0 NMAS: 13: content=http://www.w3.org/2000/09/xmldsig#sha1
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT DigestValue
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length:
28)=T7zfZ2WCFUgRwYWc8EoYwaKu/GU=
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: /DigestValue
15:16:06 CE0 NMAS: 13: /DigestMethod
15:16:06 CE0 NMAS: 13: /Transforms
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: /Reference
15:16:06 CE0 NMAS: 13: /SignatureMethod
15:16:06 CE0 NMAS: 13: /CanonicalizationMethod
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: ELEMENT SignatureValue
15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 176)=
Y5KFhvqzkGaWCY65L+vYDLqVPWe2BAZaPGG1qzAwyDGgM1f1Rg dyX+5h3yh4STvS3nZQKUuBtsKV
ck3/Uw36EfkXIOVUHiTr8jaSLs5PUgtK4QTFv77Pl5Xb0mWBLeOrea czkfXpw6EVDclVdXpv4wAR
cQwZV2a7Cvm2y3N9Ctk=

15:16:06 CE0 NMAS: 13: TEXT
15:16:06 CE0 NMAS: 13: content(length: 1)=

15:16:06 CE0 NMAS: 13: /SignatureValue
15:16:06 CE0 NMAS: 13: /SignedInfo
15:16:06 CE0 NMAS: 13: /Signature
15:16:06 CE0 NMAS: 13: /AuthenticationStatement
15:16:06 CE0 NMAS: 13: /Conditions
15:16:06 CE0 NMAS: 13: /Assertion
15:16:06 CE0 NMAS: 13: SAML LSM exiting with status: -1642
15:16:06 CE0 NMAS: 13: Server Module 0x00000024 Write
15:16:06 6C8 NMAS: 13: ERROR: -1642 Client Module 0x00000024 End
15:16:06 CE0 NMAS: 13: ERROR: -1642 Server Module 0x00000024 End
15:16:06 CE0 NMAS: 13: WhatNext
15:16:06 CE0 NMAS: 13: Failed login delay 3 seconds
15:16:09 CE0 NMAS: 13: Failed login
15:16:09 CE0 NMAS: 13: Acknowledge
15:16:09 CE0 NMAS: 13: Server thread exited
15:16:09 CE0 NMAS: 13: Pool thread 0x1a11fc60 work complete
15:16:09 6C8 NMAS: 13: ERROR: -1642 SASL_DoMechanism: NMAS_WhatNext
15:16:09 6C8 NMAS: 13: Client Session Destroy Request
15:16:09 6C8 LDAP: Failed to authenticate full context on connection
0x19f7a008, err = -1642 (0xfffff996)
15:16:09 1588 LDAP: Connection 0x19f7a008 read failure, setting err =
-5875
15:16:09 1588 LDAP: Monitor 0x1588 found connection 0x19f7a008 socket
failure, err = -5875, 0 of 0 bytes read

Thanks


--
gcatalan
------------------------------------------------------------------------
gcatalan's Profile: http://forums.novell.com/member.php?userid=125292
View this thread: http://forums.novell.com/showthread.php?t=453793