How do I configure a http proxy host?

[wic]

Hi

I'm trying out the saml2-sample app, but it fails to initialize because I'm behind a corporate web proxy which blocks the GET to http://idp.ssocircle.com/idp-meta.xml.

How can I configure the saml extension to use my proxy host and port?

I tried -Dhttp.proxy, but it seems HttpClient doesn't use environment variables.

[vsch]

Hi,

I haven't tested this, but instantiating the org.opensaml.saml2.metadata.provider.HTTPMetadataP rovider bean in your metadata with constructor HTTPMetadataProvider(Timer backgroundTaskTimer, HttpClient client, String metadataURL) and configuring the supplied HttpClient bean with proxy settings should get the job done.

Vladi

[wic]

It sorta worked, but I had to create a subclass of HTTPMetaDataProvider which sets the HttpClient
This made it possible to boot the sample and download metadata ect.

But pressing the "Login" button fails with a timeout (after I login at ssocircle and get redirected back to localhost). It looks like this is a proxy problem again. It probably creates a new HttClient rather than using the one I provided?

Code:

- AuthNRequest;SUCCESS;127.0.0.1
- I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
- Retrying request
- I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
- Retrying request
- I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect
- Retrying request

org.opensaml.common.SAMLRuntimeException: Error decoding incoming SAML message
	org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:91)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:78)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
root cause

...

java.net.ConnectException: Connection timed out: connect
	java.net.PlainSocketImpl.socketConnect(Native Method)
	java.net.PlainSocketImpl.doConnect(Unknown Source)
	java.net.PlainSocketImpl.connectToAddress(Unknown Source)
	java.net.PlainSocketImpl.connect(Unknown Source)
	java.net.SocksSocketImpl.connect(Unknown Source)
	java.net.Socket.connect(Unknown Source)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
	com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
	org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:97)
	org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
	org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
	org.springframework.security.saml.websso.ArtifactResolutionProfileImpl.getArtifactResponse(ArtifactResolutionProfileImpl.java:96)
	org.springframework.security.saml.websso.ArtifactResolutionProfileBase.resolveArtifact(ArtifactResolutionProfileBase.java:98)
	org.opensaml.saml2.binding.decoding.HTTPArtifactDecoderImpl.doDecode(HTTPArtifactDecoderImpl.java:94)
	org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:79)
	org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70)
	org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:105)
	org.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:172)
	org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:77)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:78)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

[vsch]

Yes, same issue, just inject the same HttpClient with the proxy settings to the constructor of bean org.springframework.security.saml.websso.ArtifactR esolutionProfileImpl in your securityContext.xml (it's part of the HTTPArtifactBinding).

Vladimír Schäfer