Symptom:
Upon an authentication failure, messages returned by the WSS Agent JAX-RPC Handler do not result in the expected "Authentication Failure" message. Instead, JBoss returns the following message:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header/> <env:Body> <env:Fault> <faultcode>env:Server</faultcode> <faultstring>JBWS025230: Illegal faultcode '{http://schemas.xmlsoap.org/soap/envelope/}Client.Authentication', allowed values are: [{http://schemas.xmlsoap.org/soap/envelope/}Client, {http://schemas.xmlsoap.org/soap/envelope/}Server, {http://schemas.xmlsoap.org/soap/envelope/}VersionMismatch, {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand]</faultstring> </env:Fault> </env:Body> </env:Envelope>
Solution:
By default, the JAX-RPC Handler provides extensible SOAPFault codes. However, some versions of JBoss can only handle simple SOAPFault codes, resulting in the previous message instead of the expected "Authentication Failure" message. If your version of JBoss does not handle extensible fault codes, configure the WSS Agent JAX-RPC Handler to provide simple fault codes.
Important! Configuring this property breaks SOAPFault on JAX-WS.
Follow these steps:
javax.xml.soap.SOAPFactory=org.jboss.ws.core.soap.SOAPFactoryImpl
Symptom:
The WSS Agent fails to generate signed SAML Session Ticket responses, producing the following error message:
[ERROR] stack.jbws.RequestHandlerImpl 8A2AF0AB-705F-08EF-DD11-2AA1C4AADF50 - Error processing web service request org.jboss.ws.WSException: ava.lang.ArrayIndexOutOfBoundsException
This error is because the generated SAML Session Ticket response results in an HTTP header larger than the JBoss default size limit of 4096.
Solution:
Increase the value of the maxHttpHeaderSize parameter in the JBoss server.xml file from 4096 to a value large enough to accommodate the generated header (for example, 8192).
The server.xml file is located in JBOSS_HOME\server\default\deploy\jbossweb.sar.
Note: For JBoss 5.1.2, increase the value of the maxHttpHeaderSize parameter in the HTTP/1.1 Connector and the AJP 1.3 Connector sections. For example:
<!-- A HTTP/1.1 Connector on port 8080 --> <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" connectionTimeout="20000" redirectPort="8443" maxHttpHeaderSize="32768"/>
<!-- A AJP 1.3 Connector on port 8009 --> <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" redirectPort="8443" maxHttpHeaderSize="32768" />
Copyright © 2014 CA.
All rights reserved.
|
|