You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by tazouxme <jo...@gmail.com> on 2015/08/20 23:49:01 UTC
[CXF Fediz]
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service.
Hello,
Using Fediz 1.2.1, I try to authenticate a user from springWebapp sample to
IDP.
The popup asking for credentials appears correctly.
Then, after entering the credentials, the STS side throws this Exception:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service.
at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:646)
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:728)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
at
com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationProvider.handleUsernamePassword(STSUPAuthenticationProvider.java:74)
at
com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationProvider.authenticate(STSUPAuthenticationProvider.java:59)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:177)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
com.tazouxme.security.saml.idp.STSPortFilter.doFilter(STSPortFilter.java:56)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:151)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at
org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1517)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1474)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
Problem parsing
'https://localhost:10443/tazouxme-security-saml-sts/TAZOUXME/STSServiceTransportUT?wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:231)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
... 58 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown
Source)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown
Source)
at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown
Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
... 63 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 84 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 90 more
Then the popup for credentials appears again.
What am I doing wrong?
Bad JKS or something else?
Thanks a lot for your help! :)
Joël
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-org-apache-cxf-service-factory-ServiceConstructionException-Failed-to-create-service-tp5760324.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: AW: [CXF Fediz]
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service.
Posted by tazouxme <jo...@gmail.com>.
I finally managed to solve this issue.
The problem was located in the class *PasswordCallbackHandler*. I didn't map
the correct keystore alias/password.
I will close this subject and open a new one because the problems I have are
more and more complex.
Thanks for your help on this subject :)
Joël
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-org-apache-cxf-service-factory-ServiceConstructionException-Failed-to-create-service-tp5760324p5760365.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: AW: [CXF Fediz]
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service.
Posted by tazouxme <jo...@gmail.com>.
Hi Jan,
I finally found where the problem came from: certificates have to be
registered in JRE cacerts.
Then the error disappears :)
Now I'm facing another issue:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystore
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: The
private key for the supplied alias does not exist in the keystore
Original Exception was java.security.UnrecoverableKeyException: Cannot
recover key
at
org.apache.wss4j.common.saml.SamlAssertionWrapper.signAssertion(SamlAssertionWrapper.java:529)
at
org.apache.cxf.sts.token.provider.AbstractSAMLTokenProvider.signToken(AbstractSAMLTokenProvider.java:111)
at
org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:304)
at
org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:114)
at
org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:177)
at
org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:236)
at
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at
org.apache.cxf.jaxws.JAXWSMethodInvoker.performInvocation(JAXWSMethodInvoker.java:66)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at
org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)
at
org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:85)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:74)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)
at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:151)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at
org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1517)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1474)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The private key
for the supplied alias does not exist in the keystore
Original Exception was java.security.UnrecoverableKeyException: Cannot
recover key
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:706)
at
org.apache.wss4j.common.saml.SamlAssertionWrapper.signAssertion(SamlAssertionWrapper.java:527)
... 64 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:695)
... 65 more
That's crazy! I correctly followed the steps in the webpage
HowToGenerateKeysREADME provided by Fediz team.
I feel a bit lost sometimes :(
Have you ever see this Exception?
Thanks for help (and patience).
Joël
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-org-apache-cxf-service-factory-ServiceConstructionException-Failed-to-create-service-tp5760324p5760364.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: AW: [CXF Fediz]
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service.
Posted by tazouxme <jo...@gmail.com>.
Hi Jan,
Thanks for replying.
So I did what you explained in your blog:
- Modify the server.xml and add keyStore and trustStore
- Enable https
- Copy .jar in /tomcat/lib/fediz folder
- Modify the catalina.properties
I launched it again and the same error appears at the same point.
Any other idea what could trigger this Exception?
I would just add that I separated IDP and STS (just in a few words, I did
this because when IDP and STS are in the same tomcat container, WSDL is not
accessible...):
IDP is on localhost:9443
STS is on localhost:10443
Of course, I checked all the redirections and everything is well done.
Thanks a lot again :)
Joël
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-org-apache-cxf-service-factory-ServiceConstructionException-Failed-to-create-service-tp5760324p5760356.html
Sent from the cxf-user mailing list archive at Nabble.com.
AW: [CXF Fediz]
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create
service.
Posted by Jan Bernhardt <jb...@talend.com>.
Hi Joel,
since Fediz 1.2.x the STS requires a client SSL certificate (from the IDP) for the transport endpoint.
Your exception looks like that this could be the root cause for your trouble:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
You can take a look on my blog for how to setup your tomcat container to enable client certificate SSL connections:
http://janbernhardt.blogspot.de/2015/01/single-logout-with-fediz-ws-federation.html
I would recommend to you to use the idp key- and truststore from tomcat/webapps/fediz-idp/WEB-INF/classes/idp-ssl-*.jks
for your tomcat SSL server settings.
Kind regards
Jan
--
Jan Bernhardt
Talend Community Coder
http://coders.talend.com
Visit my Blog
https://janbernhardt.blogspot.de
> -----Ursprüngliche Nachricht-----
> Von: tazouxme [mailto:joel.tazzari@gmail.com]
> Gesendet: Donnerstag, 20. August 2015 23:49
> An: users@cxf.apache.org
> Betreff: [CXF Fediz]
> org.apache.cxf.service.factory.ServiceConstructionException: Failed to create
> service.
>
> Hello,
>
> Using Fediz 1.2.1, I try to authenticate a user from springWebapp sample to IDP.
> The popup asking for credentials appears correctly.
>
> Then, after entering the credentials, the STS side throws this Exception:
>
> org.apache.cxf.service.factory.ServiceConstructionException: Failed to create
> service.
> at
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:8
> 7)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClie
> nt.java:646)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:
> 728)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:
> 61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:
> 55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:
> 51)
> at
> com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationP
> rovider.handleUsernamePassword(STSUPAuthenticationProvider.java:74)
> at
> com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationP
> rovider.authenticate(STSUPAuthenticationProvider.java:59)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(Pr
> oviderManager.java:167)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(Pr
> oviderManager.java:192)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilt
> er.doFilterInternal(BasicAuthenticationFilter.java:177)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(L
> ogoutFilter.java:120)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java
> :96)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(
> HeaderWriterFilter.java:64)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIn
> tegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.do
> Filter(SecurityContextPersistenceFilter.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> com.tazouxme.security.saml.idp.STSPortFilter.doFilter(STSPortFilter.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChain
> Proxy.java:213)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.j
> ava:176)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterP
> roxy.java:262)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilte
> rChain.java:239)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.j
> ava:206)
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(Chara
> cterEncodingFilter.java:85)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilte
> rChain.java:239)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.j
> ava:206)
> at
> org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilte
> rInternal(OpenSessionInViewFilter.java:151)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
> Filter.java:107)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilte
> rChain.java:239)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.j
> ava:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
> e.java:219)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:106)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
> .java:502)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:14
> 2)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogV
> alve.java:610)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:88)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Pro
> cessor.java:1091)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstr
> actProtocol.java:668)
> at
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.proce
> ss(Http11NioProtocol.java:223)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.j
> ava:1517)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java
> :1474)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThrea
> d.java:61)
> at java.lang.Thread.run(Unknown Source) Caused by:
> javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
> Problem parsing
> 'https://localhost:10443/tazouxme-security-saml-
> sts/TAZOUXME/STSServiceTransportUT?wsdl'.:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198
> )
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
> at
> org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.j
> ava:231)
> at
> org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.ja
> va:163)
> at
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:8
> 5)
> ... 58 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
> known
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> Source)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknow
> n
> Source)
> at
> com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntit
> y(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVe
> rsion(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unkno
> wn
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unkno
> wn
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown
> Source)
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188
> )
> ... 63 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown
> Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown
> Source)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> ... 84 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
> Source)
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 90 more
>
> Then the popup for credentials appears again.
> What am I doing wrong?
> Bad JKS or something else?
>
> Thanks a lot for your help! :)
> Joël
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-org-
> apache-cxf-service-factory-ServiceConstructionException-Failed-to-create-
> service-tp5760324.html
> Sent from the cxf-user mailing list archive at Nabble.com.