-
Defect
-
Resolution: Done
-
Critical
-
1.3.0-M1
-
None
Direct downloads from data file listing pages via "Download" link are failing. The OpenIDRelyingParty (ORP) is throwing errors indicating the SAML response from the gateway ends prematurely.
Note the logging also shows the content-length of the response (presumably the AuthzDecisionStatement) is 0.
ORP logging output:
2011-02-14 15:06:36,780 esg.saml.common.SOAPServiceClient [DEBUG]: <?xml version
="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.o
rg/soap/envelope/">
<soap11:Body>
<saml2p:AuthzDecisionQuery xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:proto
col" ID="72d5f033-11f0-4d4a-a816-88f4e7e872bd" IssueInstant="2011-02-14T22:06:36
.777Z" Resource="http://tds.prototype.ucar.edu/thredds/fileServer/datazone/esg-c
dp/xserve/ccsm/csm/b30.004/atm/proc/tseries/monthly/b30.004.cam2.h0.CLDHGH.0350-
01_cat_0399-12.nc" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Forma
t="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">test issuer</saml2
:Issuer>
<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:NameID Format="urn:esg:openid">https://esg.prototype.ucar.edu
/myopenid/enienhouse</saml2:NameID>
</saml2:Subject>
<saml2:Action xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">Read<
/saml2:Action>
</saml2p:AuthzDecisionQuery>
</soap11:Body>
</soap11:Envelope>
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Server value=Apache-Coyote/1.1
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Location value=http://esg.prototype.ucar.edu/saml/soap/secure/authorizat
ionService.htm
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Content-Length value=0
2011-02-14 15:06:36,788 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Date value=Mon, 14 Feb 2011 22:06:36 GMT
2011-02-14 15:06:36,788 esg.saml.common.SOAPServiceClient [DEBUG]:
2011-02-14 15:06:36,788 esg.orp.app.SAMLAuthorizationServiceFilterCollaborator [
DEBUG]:
2011-02-14 15:06:36,788 esg.saml.authz.service.impl.SAMLAuthorizationServiceClie
ntSoapImpl [DEBUG]: Parsing authorization response=
2011-02-14 15:06:36,789 esg.orp.app.SAMLAuthorizationServiceFilterCollaborator [
WARN]: Invalid XML
org.opensaml.xml.parse.XMLParserException: Invalid XML
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:234
)
at esg.saml.common.SAMLBuilder.parse(SAMLBuilder.java:463)
at esg.saml.authz.service.impl.SAMLAuthorizationServiceClientSoapImpl.pa
rseAuthorizationResponse(SAMLAuthorizationServiceClientSoapImpl.java:101)
at esg.orp.app.SAMLAuthorizationServiceFilterCollaborator.parseAuthoriza
tionStatement(SAMLAuthorizationServiceFilterCollaborator.java:93)
at esg.orp.app.SAMLAuthorizationServiceFilterCollaborator.authorize(SAML
AuthorizationServiceFilterCollaborator.java:76)
at esg.orp.app.AuthorizationFilter.attemptValidation(AuthorizationFilter
.java:59)
at esg.orp.app.AccessControlFilterTemplate.doFilter(AccessControlFilterT
emplate.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at esg.orp.app.AccessControlFilterTemplate.doFilter(AccessControlFilterT
emplate.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at esg.node.filters.AccessLoggingFilter.doFilter(AccessLoggingFilter.jav
a:274)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at eske.web.filters.security.AuthorizationTokenValidationFilter.doFilter
(AuthorizationTokenValidationFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ss(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:48
9)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.xml.sax.SAXParseException: Premature end of file.
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(Bas
icParserPool.java:637)
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:231
)
... 28 more
2011-02-14 15:06:36,789 esg.orp.app.AuthorizationFilter [DEBUG]: Openid=https://
esg.prototype.ucar.edu/myopenid/enienhouse url=http://tds.prototype.ucar.edu/thr
edds/fileServer/datazone/esg-cdp/xserve/ccsm/csm/b30.004/atm/proc/tseries/monthl
y/b30.004.cam2.h0.CLDHGH.0350-01_cat_0399-12.nc operation=Read authorization res
ult=false
2011-02-14 15:06:36,806 esg.orp.app.tds.TDSAuthorizer [DEBUG]: Authorization Req
uest Attribute:null
Note the logging also shows the content-length of the response (presumably the AuthzDecisionStatement) is 0.
ORP logging output:
2011-02-14 15:06:36,780 esg.saml.common.SOAPServiceClient [DEBUG]: <?xml version
="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.o
rg/soap/envelope/">
<soap11:Body>
<saml2p:AuthzDecisionQuery xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:proto
col" ID="72d5f033-11f0-4d4a-a816-88f4e7e872bd" IssueInstant="2011-02-14T22:06:36
.777Z" Resource="http://tds.prototype.ucar.edu/thredds/fileServer/datazone/esg-c
dp/xserve/ccsm/csm/b30.004/atm/proc/tseries/monthly/b30.004.cam2.h0.CLDHGH.0350-
01_cat_0399-12.nc" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Forma
t="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">test issuer</saml2
:Issuer>
<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:NameID Format="urn:esg:openid">https://esg.prototype.ucar.edu
/myopenid/enienhouse</saml2:NameID>
</saml2:Subject>
<saml2:Action xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">Read<
/saml2:Action>
</saml2p:AuthzDecisionQuery>
</soap11:Body>
</soap11:Envelope>
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Server value=Apache-Coyote/1.1
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Location value=http://esg.prototype.ucar.edu/saml/soap/secure/authorizat
ionService.htm
2011-02-14 15:06:36,787 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Content-Length value=0
2011-02-14 15:06:36,788 esg.saml.common.SOAPServiceClient [DEBUG]: Response head
er name=Date value=Mon, 14 Feb 2011 22:06:36 GMT
2011-02-14 15:06:36,788 esg.saml.common.SOAPServiceClient [DEBUG]:
2011-02-14 15:06:36,788 esg.orp.app.SAMLAuthorizationServiceFilterCollaborator [
DEBUG]:
2011-02-14 15:06:36,788 esg.saml.authz.service.impl.SAMLAuthorizationServiceClie
ntSoapImpl [DEBUG]: Parsing authorization response=
2011-02-14 15:06:36,789 esg.orp.app.SAMLAuthorizationServiceFilterCollaborator [
WARN]: Invalid XML
org.opensaml.xml.parse.XMLParserException: Invalid XML
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:234
)
at esg.saml.common.SAMLBuilder.parse(SAMLBuilder.java:463)
at esg.saml.authz.service.impl.SAMLAuthorizationServiceClientSoapImpl.pa
rseAuthorizationResponse(SAMLAuthorizationServiceClientSoapImpl.java:101)
at esg.orp.app.SAMLAuthorizationServiceFilterCollaborator.parseAuthoriza
tionStatement(SAMLAuthorizationServiceFilterCollaborator.java:93)
at esg.orp.app.SAMLAuthorizationServiceFilterCollaborator.authorize(SAML
AuthorizationServiceFilterCollaborator.java:76)
at esg.orp.app.AuthorizationFilter.attemptValidation(AuthorizationFilter
.java:59)
at esg.orp.app.AccessControlFilterTemplate.doFilter(AccessControlFilterT
emplate.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at esg.orp.app.AccessControlFilterTemplate.doFilter(AccessControlFilterT
emplate.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at esg.node.filters.AccessLoggingFilter.doFilter(AccessLoggingFilter.jav
a:274)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at eske.web.filters.security.AuthorizationTokenValidationFilter.doFilter
(AuthorizationTokenValidationFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ss(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:48
9)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.xml.sax.SAXParseException: Premature end of file.
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(Bas
icParserPool.java:637)
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:231
)
... 28 more
2011-02-14 15:06:36,789 esg.orp.app.AuthorizationFilter [DEBUG]: Openid=https://
esg.prototype.ucar.edu/myopenid/enienhouse url=http://tds.prototype.ucar.edu/thr
edds/fileServer/datazone/esg-cdp/xserve/ccsm/csm/b30.004/atm/proc/tseries/monthl
y/b30.004.cam2.h0.CLDHGH.0350-01_cat_0399-12.nc operation=Read authorization res
ult=false
2011-02-14 15:06:36,806 esg.orp.app.tds.TDSAuthorizer [DEBUG]: Authorization Req
uest Attribute:null