WebSphere + IHS/ODR plugin-cfg.xml with /ibm/saml20/*





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















we are using:




  • WLP 18.0.0.3

  • IBM HTTP Server 8.5.5.12


we are facing a following problem in our environemnt:



Two different applications with feature samlWeb-2.0 enabled on same server are in conflict when redirected back from ADFS, maybe due to routing caused by generated plugin-cfg.xml below.



In generated plugin-cfg.xml we have : 



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="**/ibm/saml20/***" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


In this case adfs authentication fails due to ODR doesnt know where to route back authenticated user.



We changed it to following:



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationA_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationB_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


So when Uri was changed explicitly to correct SP endpoint it started to work. Problem is that these changes had been done manually -> Is there any way how to specify explicit SP context root for saml for particular application in collective ?






apache cluster-computing httpd.conf websphere-liberty







share|improve this question























  • If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

    – covener
    Jan 3 at 15:32











  • I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

    – covener
    Jan 3 at 15:36











  • there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

    – covener
    Jan 6 at 22:38


















0















we are using:




  • WLP 18.0.0.3

  • IBM HTTP Server 8.5.5.12


we are facing a following problem in our environemnt:



Two different applications with feature samlWeb-2.0 enabled on same server are in conflict when redirected back from ADFS, maybe due to routing caused by generated plugin-cfg.xml below.



In generated plugin-cfg.xml we have : 



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="**/ibm/saml20/***" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


In this case adfs authentication fails due to ODR doesnt know where to route back authenticated user.



We changed it to following:



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationA_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationB_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


So when Uri was changed explicitly to correct SP endpoint it started to work. Problem is that these changes had been done manually -> Is there any way how to specify explicit SP context root for saml for particular application in collective ?






apache cluster-computing httpd.conf websphere-liberty







share|improve this question























  • If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

    – covener
    Jan 3 at 15:32











  • I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

    – covener
    Jan 3 at 15:36











  • there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

    – covener
    Jan 6 at 22:38














0












0








0








we are using:




  • WLP 18.0.0.3

  • IBM HTTP Server 8.5.5.12


we are facing a following problem in our environemnt:



Two different applications with feature samlWeb-2.0 enabled on same server are in conflict when redirected back from ADFS, maybe due to routing caused by generated plugin-cfg.xml below.



In generated plugin-cfg.xml we have : 



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="**/ibm/saml20/***" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


In this case adfs authentication fails due to ODR doesnt know where to route back authenticated user.



We changed it to following:



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationA_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationB_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


So when Uri was changed explicitly to correct SP endpoint it started to work. Problem is that these changes had been done manually -> Is there any way how to specify explicit SP context root for saml for particular application in collective ?






apache cluster-computing httpd.conf websphere-liberty







share|improve this question














we are using:




  • WLP 18.0.0.3

  • IBM HTTP Server 8.5.5.12


we are facing a following problem in our environemnt:



Two different applications with feature samlWeb-2.0 enabled on same server are in conflict when redirected back from ADFS, maybe due to routing caused by generated plugin-cfg.xml below.



In generated plugin-cfg.xml we have : 



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="**/ibm/saml20/***" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


In this case adfs authentication fails due to ODR doesnt know where to route back authenticated user.



We changed it to following:



<UriGroup Name="applicationA_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationA_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>

<UriGroup Name="applicationB_URIs">

    ...

    <Uri Name="/ibm/saml20/applicationB_SP/*" AffinityURLIdentifier="jsessionid" AffinityCookie="JSESSIONID"/>

    ...

</UriGroup>


So when Uri was changed explicitly to correct SP endpoint it started to work. Problem is that these changes had been done manually -> Is there any way how to specify explicit SP context root for saml for particular application in collective ?






apache cluster-computing httpd.conf websphere-liberty




apache cluster-computing httpd.conf websphere-liberty






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 3 at 10:45









TkTzTkTz

41




41













  • If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

    – covener
    Jan 3 at 15:32











  • I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

    – covener
    Jan 3 at 15:36











  • there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

    – covener
    Jan 6 at 22:38



















  • If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

    – covener
    Jan 3 at 15:32











  • I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

    – covener
    Jan 3 at 15:36











  • there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

    – covener
    Jan 6 at 22:38

















If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

– covener
Jan 3 at 15:32





If you're using the ODR / Intelligent Management, these generated stanzas are not really used at runtime. You should instead check the output of /server-status to see what the dynamic view of the apps are. But f you made a change and it worked, does it mean you are not using the ODR / Intelligent Management features in the plugin?

– covener
Jan 3 at 15:32













I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

– covener
Jan 3 at 15:36





I'm a bit confused, if they're really on the same server, the WAS Plugin can't misroute it. I could only imagine a problem if they were on different servers and the plugin-cfg.xml files were merged. Can yoou elaborate?

– covener
Jan 3 at 15:36













there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

– covener
Jan 6 at 22:38





there also seem to be masked characters (*) added to the XML so it's really difficult to tell what your generated config looks like, much less what the requests look like on the wire.

– covener
Jan 6 at 22:38












0






active

oldest

votes












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020745%2fwebsphere-ihs-odr-plugin-cfg-xml-with-ibm-saml20%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020745%2fwebsphere-ihs-odr-plugin-cfg-xml-with-ibm-saml20%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

MongoDB - Not Authorized To Execute Command

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
Read more

How to fix TextFormField cause rebuild widget in Flutter

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
Read more

in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

Image
1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
Read more