Hi Antonello

The short version: yes, I expect them to play together nicely, no I have not tried it :-)

The main point with using (OIO)SAML v2.0 is interoprability and OIOSAML is in compliance with that. That said she specific profiling like in OIOSAML might not be 'tickbox supported' but being a codeplex project it should be possible to get there. I would be very interested in hearing anyone trying it out.

As a note the current OIOSAML-based IdP's we have in government "Nem Log-In" and "Virk.dk BRS-login" are both Java based, whereas the next version that'll consolidate these will be .NET based - but probably not based on the codeplex project.

Best regards
Brian 

Hello Brian,

I installed thinktecture IdentityServer and I federated my .Net web applications without problems. 
I tried to federate the demo of OIOSAML SP (oiosaml.java-demo).

Using configuration wizard

1) I configured the application by entering IdP's file metadata.xml

2) I imported IdP certificate in my truststore.

3) I created my selfsigned certificate

4) I added OIO SP as IdentiServer reliyng party

login but returns this error:

"Request failed

The request failed. The reason is:

Stacktrace:

2012-02-16 17:45:06,073 [ERROR] OIOSAML_AUDIT_LOGGER - Dispatch:login <-- null null '' '' 'null'
java.lang.NullPointerException
at dk.itst.oiosaml.sp.service.LoginHandler.handleGet(LoginHandler.java:67)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doGet(DispatcherServlet.java:143)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)

[2012-02-16 17:45:06.078] [ERROR] ["http-bio-8080"-exec-7] [dk.itst.oiosaml.sp.service.DispatcherServlet] Unable to validate Response
java.lang.NullPointerException
at dk.itst.oiosaml.sp.service.LoginHandler.handleGet(LoginHandler.java:67)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doGet(DispatcherServlet.java:143)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)

What is going wrong?

Best Regards

Antonello

Hi Antonello

Hard to tell, can I see the metadata files? The best information you can provide are the actual HTTP requests (presumed):

* HTTP Redirect for AuthnRequest to IdP
* HTTP POST for Response to SP

catpture it with ex. tamperdata or fiddler. Have you cranked up loggin to 'debug'?

Also check these configuration options: 

oiosaml-sp.encryption.force : false
oiosaml-sp.assurancelevel: 0

Best regards
Brian 

Hi Brian,
I am not redirected to IdP, when I click on login link i have the error messages that you can read in the previous post.

I inserted configurations that you suggested, but still does not work.

The file metadata.xml is the default for IdentityServer.
I think the problem is in this file.

Regards

Antonello

Hi Antonello

From reading the metadata file it's obviously very WS-federation based though written in an SAML Metadata file. OIOSAML only supports SAML and for such information is missing, you can se in the example IdP-metadata file, for start a SingleSignOnService like in:

embedded in a IDPSSODescriptor section

Don't know if the identityserver supports generating this or you have to do it handheld presuming that it does in fact support the protocol/bindings and not just the tokens (Assertions) as such.

Brgds Brian