Error connecting to the Identity Provider while setting up SSO with OC using SAML: org.owasp.esapi.reference.JavaLogFactory
search cancel

Error connecting to the Identity Provider while setting up SSO with OC using SAML: org.owasp.esapi.reference.JavaLogFactory

book

Article ID: 409943

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

While attempting to set up SSO with OC using SAML, the integration continues to fail with an HTTP 500 Internal Server Error during the login attempt

 

 

saml-debug.log: 
 
SEVERE: Servlet.service() for servlet [default] in context with path [/samlsso] threw exception [org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document] with root cause
java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1349)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155)

 

Wasp.log: 
 
 
Sep 02 13:13:24:497 ERROR [https-jsse-nio-8443-exec-8, org.apache.catalina.core.ContainerBase.[wasp-engine].[localhost].[/samlsso].[default]] invoke() Servlet.service() for servlet [default] in context with path [/samlsso] threw exception [org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document] with root cause
Sep 02 13:13:24:497 ERROR [https-jsse-nio-8443-exec-8, org.apache.catalina.core.ContainerBase.[wasp-engine].[localhost].[/samlsso].[default]] java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1349)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155)
at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:85)
at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:109)
at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Environment

DX UIM 23.4.3 (CU3-CU4)

Cause

In some environments conflicts can be oserved when establishing a connection between the OC server and the IDP server. esapi-2.5.2.0 could cause this issue 

Resolution

Replace esapi-2.5.2.0.jar with esapi-2.2.0.0.jar (attached to this article) and test again. 

Note: This issue is resolved on DX UIM 23.4CU5 and later

Additional Information

Additional questions: 

  • XML Serialization ClassNotFoundException: Solution is to Copy serializer-2.7.3.jar from operatorconsole_portlet to samlsso webapp , is this also fixed in CU5?

    The issue was addressed in 23.4 CU5.

  • SAML Attribute - Root Cause: IdP not sending required schema.  Is documentation update to make it clear in the SAML docs wjat is the correct attribute UIM expects?

    Documentation is being updated to clarify that UIM requires this attribute. The updated documentation will be available in the 23.4 CU6 release.

Attachments

esapi-2.2.0.0.jar get_app
Powered by Wolken Software