SAML Module with Mx 7.1

1
Has anyone been able to run the SAML module with 7.1?  I've downloaded the lastest version of the module (1.9) and I'm able to complete the configuration, but when trying to start the application, I get the below errors.  If I take out the saml.startup microflow from the application startup, I don't get the errors.  I'll also see the same error when trying to activate the saml configuration, even if the saml.startup microflow hasn't run.  Is the configuration different in 7? java.lang.NoSuchMethodError: org.apache.commons.codec.digest.DigestUtils.sha1Hex([B)Ljava/lang/String; saml20.implementation.security.SecurityHelper.addAllToKeyStore(SecurityHelper.java:289) saml20.implementation.security.SecurityHelper.appendToIdPKeyStore(SecurityHelper.java:271) Thanks!
asked
3 answers
5

Yes, this is indeed related to the Commons Codec library: https://github.com/mendix/CommunityCommons/issues/31

If you have any version older than commons-codec 1.10 (part of the SAML module) in your userlib path you should remove them from the userlib directory.

Unfortunately when newer version of AppStore content is released the old libraries are not automatically removed. This is why it can be a good idea to remove all libraries from the userlib directory (unless you added them yourself for your own custom content that is) and import all the AppStore modules again every so often. A major version upgrade of Mendix is always a good time to do this as you will be updating most AppStore content during the upgrade anyway.

answered
10

I've got the same problem with DigestUtils.sha1Hex and found an easy way to find the conflicting jars without eclipse and without using extra tooling by just using the command line.

The source of the idea is linked below. I describe the commands in this answer just to be sure that the solution will be on the forum even if the source is gone.

Prerequisites

You need to have java sdk installed on your machine to use this tip. If you are a java developer, you might already have it on your computer.

Execution

You can use the below command to search for a class name in all the available jars in the current folder and the subfolders.

forfiles /S /M *.jar /C "cmd /c jar -tvf @file | findstr /C:"classname" && echo @path"

In this particular case we look for "DigestUtils" as classname.

Result

The DigestUtils class is available in the jar file of the AppCloudServices (org.apache.httpcomponents.httpclient-osgi.jar) as well as in commons-codec-1.10.jar which is used by the SAML2.0 app.

Inspection

For both jar files the extension is renamed in 'zip'. By doing so, you are able to inspect what the content of the jar is. It turns out that the org.apache.httpcomponents.httpclient-osgi.jar contains an older version of the DigestUtils class.

Alternative way of inspecting is to use this command per jar file which gives a listing, but you then lack the filedate of the classes and you still need to unzip de jar to remove the conflicting class:

jar -tvf commons-codec-1.10.jar | findstr /C:".class"

Action

I removed the Digest class from org.apache.httpcomponents.httpclient-osgi.jar after which the problem was solved.

Source

 https://www.windows-commandline.com/search-classes-in-jar-file/

answered
0

I am having the exact same issue with Modeller 7.3.0 and SAML 1.9.2. Did you get it to work?

answered