You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Masoud Sahebolamri <ma...@10point1.com> on 2014/10/31 00:55:48 UTC
fediz sample idP client connection error
Hi,
I'm not sure if this is the right place to be asking this question, so if
there is anywhere else that i would be better suited, please let me know.
I'm trying to set up the sample applications. I have the sample spring rp
application in a jboss instance, and i have the sts and idp deployed
separately to a tomcat instance.
The idp seems to connect to, and receive a response from the sts
sucessfully, but then it seems to decide it doesn't like the way the
connection was neogtiated. But i can't figure out exactly what's wrong.
I've appended the relevant portion of the idp.log from my tomcat instance
below.
I've built these projects from the 1.1.2 release of fediz.
I've already double checked that the https conduit is configured with the
right keystore/passowrd combinations, i'm not sure what else could be wrong.
--------------------------------------
2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS -
Inbound Message
----------------------------
ID: 7
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct 2014
22:41:39 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="
http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body><RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns3="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="
http://docs.oasis-open.org/ws-sx/ws-trust/200802
"><RequestSecurityTokenResponse><TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
ID="_7447A8C432B36EB5A414147088997946"
IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
A</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
"/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJnHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFXW8+IWcrnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK5tYxFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsdubjeQ0jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1bQDTG2y6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="http://cxf.apache.org/sts">ted</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
NotBefore="2014-10-30T22:41:39.794Z"
NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns3:KeyIdentifier
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns3:KeyIdentifier
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing
"><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Created><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
--------------------------------------
2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - Token
[IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
[urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
stream: RequireClientCertificate is set, but no local certificates were
negotiated. Is the server set to ask for client authorization?
at
org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:223)
at
org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:174)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:835)
at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:57)
at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:52)
at
org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClientAction.java:273)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
at ognl.SimpleNode.getValue(SimpleNode.java:210)
at ognl.ASTChain.getValueBody(ASTChain.java:109)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
at ognl.SimpleNode.getValue(SimpleNode.java:210)
at ognl.Ognl.getValue(Ognl.java:333)
at
org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:85)
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at
org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at
org.springframework.webflow.engine.SubflowState.handleEvent(SubflowState.java:116)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFlowSession(FlowExecutionImpl.java:412)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.endActiveFlowSession(RequestControlContextImpl.java:238)
at org.springframework.webflow.engine.EndState.doEnter(EndState.java:107)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232)
at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196)
at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258)
at
org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:65)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate is
set, but no local certificates were negotiated. Is the server set to ask
for client authorization?
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
at
org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:215)
... 126 more
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
RequireClientCertificate is set, but no local certificates were
negotiated. Is the server set to ask for client authorization?
at
org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1716)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1276)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1246)
at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at
org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
at
org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:80)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
... 127 more
Re: Re: fediz sample idP client connection error
Posted by Masoud Sahebolamri <ma...@10point1.com>.
worked like a charm.
Thanks!
On Mon, Nov 3, 2014 at 3:33 AM, Jan Bernhardt <jb...@talend.com> wrote:
> You should change your Tomcat Configuration to request SSL client
> authentication like the following:
>
> <Connector port="9443" protocol="org.apache.coyote.http11.Http11Protocol"
> maxThreads="150" SSLEnabled="true"
> scheme="https" secure="true"
> keystoreFile="idp-ssl-server.jks"
> keystorePass="tompass"
> truststoreFile="idp-ssl-trust.jks"
> truststorePass="ispass"
> truststoreType="JKS"
> SSLVerifyClient="optional"
> clientAuth="want"
> sslProtocol="TLS" />
>
> Best regards
> Jan
>
> > -----Ursprüngliche Nachricht-----
> > Von: masoud [mailto:masoud@10point1.com]
> > Gesendet: Freitag, 31. Oktober 2014 17:21
> > An: users@cxf.apache.org
> > Betreff: Re: Re: fediz sample idP client connection error
> >
> > I had actually already tried this, but i double checked to make sure.
> > Still have the exact same issue. Here's the Connector from my server.xml
> >
> > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> > maxThreads="150" scheme="https" secure="true"
> > keystoreFile="idp-ssl-server.jks"
> > keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/>
> >
> > I get the same error message. Would I be getting a 200 response from the
> sts if
> > it was a this type of an issue?
> > On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote:
> > > Hi,
> > >
> > > Yes, it's the right place to ask questions about Fediz. This part of
> > > the log tells you what the problem is:
> > >
> > >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> > > stream: RequireClientCertificate is set, but no local
> > >> certificates were negotiated. Is the server set to ask for client
> > > authorization?
> > >
> > > >From Fediz 1.1.2, the second call from the IdP to the STS is secured
> > > >with
> > > client authentication at the transport level. As you say that the
> > > https conduit is already configured correctly, I suspect that your STS
> > > deployment is not set up to require client authentication.
> > >
> > > In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
> > > clientAuth="want" (your IdP does not require client auth, so "want"
> > > works if you are colocating the IdP + STS in the same container).
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri
> > > <ma...@10point1.com>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> I'm not sure if this is the right place to be asking this question,
> > >> so if there is anywhere else that i would be better suited, please
> let me know.
> > >>
> > >> I'm trying to set up the sample applications. I have the sample
> > >> spring rp application in a jboss instance, and i have the sts and idp
> > >> deployed separately to a tomcat instance.
> > >> The idp seems to connect to, and receive a response from the sts
> > >> sucessfully, but then it seems to decide it doesn't like the way the
> > >> connection was neogtiated. But i can't figure out exactly what's
> wrong.
> > >>
> > >> I've appended the relevant portion of the idp.log from my tomcat
> > >> instance below.
> > >> I've built these projects from the 1.1.2 release of fediz.
> > >>
> > >> I've already double checked that the https conduit is configured with
> > >> the right keystore/passowrd combinations, i'm not sure what else
> > >> could be wrong.
> > >>
> > >> --------------------------------------
> > >> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
> > >> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
> > >> - Inbound Message
> > >> ----------------------------
> > >> ID: 7
> > >> Response-Code: 200
> > >> Encoding: UTF-8
> > >> Content-Type: text/xml;charset=UTF-8
> > >> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct
> > >> 2014
> > >> 22:41:39 GMT], Server=[Apache-Coyote/1.1],
> > >> transfer-encoding=[chunked]}
> > >> Payload: <soap:Envelope xmlns:soap="
> > >> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header
> > >> xmlns:SOAP-ENV="
> > >> http://schemas.xmlsoap.org/soap/envelope/
> > >> "/><soap:Body><RequestSecurityTokenResponseCollection
> > >> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="
> > >>
> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> > >> ility-1.0.xsd
> > >> "
> > >> xmlns:ns3="
> > >>
> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-se
> > >> cext-1.0.xsd
> > >> "
> > >> xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="
> > >> http://docs.oasis-open.org/ws-sx/ws-trust/200802
> > >> "><RequestSecurityTokenResponse><TokenType>
> > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> > >> 2.0 </TokenType><RequestedSecurityToken><saml2:Assertion
> > >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
> > >> http://www.w3.org/2001/XMLSchema-instance"
> > >> ID="_7447A8C432B36EB5A414147088997946"
> > >> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
> > >> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
> > >> A</saml2:Issuer><ds:Signature
> > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> > >> "><ds:SignedInfo><ds:CanonicalizationMethod
> > >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMet
> > >> hod
> > >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
> > >>
> > URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transfor
> > m
> > >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
> > >> "/><ds:Transform
> > >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> > >> "/></ds:Transforms><ds:DigestMethod
> > >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> > >>
> > >>
> > "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></d
> > s:
> > >>
> > Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJ
> > >>
> > nHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFX
> > W8+IWc
> > >>
> > rnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK
> > 5tY
> > >>
> > xFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsd
> > ubjeQ0
> > >>
> > jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1b
> > QDTG2y
> > >>
> > 6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><d
> > s:K
> > >>
> > eyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANB
> > >> gkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
> > >>
> > >>
> > MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZ
> > SRUFMTUEwggEiM
> > >> A0GCSqG
> > >>
> > >>
> > SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVl
> > Uo2eBNBa
> > >> OloKvyX
> > >>
> > >>
> > rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIa
> > ClLQr
> > >> rYT6zwd+NuV8d8p
> > >>
> > >>
> > ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGB
> > Q
> > >> sTGTvb4
> > >>
> > >>
> > N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVL
> > mWj
> > >> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+v1oDuLr
> > >>
> > >>
> > x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRx
> > A
> > >> gMBAAGj
> > >>
> > >>
> > ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQ
> > sFAAOCA
> > >> QEAnkmN
> > >>
> > >>
> > aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZ
> > mtH02CE
> > >> RUXZTbh
> > >>
> > >>
> > 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTE
> > eO
> > >> OanaG8R
> > >>
> > >>
> > 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA
> > 8/wVOZnGO
> > >> CkmnKs9
> > >>
> > >>
> > 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLL
> > k+AWzQA
> > >> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+ZDqpDwj
> > >>
> > >>
> > ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Dat
> > >> ys1YXREbVVFVlS+a></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:Na
> > >> ys1YXREbVVFVlS+meID
> > >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> > >> NameQualifier="http://cxf.apache.org/sts
> > >> ">ted</saml2:NameID><saml2:SubjectConfirmation
> > >>
> > >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml
> > >> 2:Conditions
> > >> NotBefore="2014-10-30T22:41:39.794Z"
> > >>
> > >> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><s
> > >> aml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestricti
> > >> on></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><Req
> > >> uestedAttachedReference><ns3:SecurityTokenReference
> > >> xmlns:wsse11="
> > >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > >> wsse11:TokenType="
> > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> > >> 2.0
> > >> "><ns3:KeyIdentifier
> > >> ValueType="
> > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> > >> D
> > >>
> > ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> > >>
> > TokenReference></RequestedAttachedReference><RequestedUnattachedRefer
> > >> ence><ns3:SecurityTokenReference
> > >> xmlns:wsse11="
> > >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > >> wsse11:TokenType="
> > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> > >> 2.0
> > >> "><ns3:KeyIdentifier
> > >> ValueType="
> > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> > >> D
> > >>
> > ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> > >> TokenReference></RequestedUnattachedReference><wsp:AppliesTo
> > >> xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="
> > >> http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsa:EndpointRefere
> > >> nce xmlns:wsa="http://www.w3.org/2005/08/addressing
> > >>
> > >> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></w
> > >> sp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Cre
> > >> ated><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></
> > >> RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection
> > >> ></soap:Body></soap:Envelope>
> > >> --------------------------------------
> > >> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
> > >> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction -
> > >> Token [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
> > >> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
> > >> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
> > >> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
> > >>
> > >> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenServic
> > >> e#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> > >> has thrown exception, unwinding now
> > >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> > >> stream: RequireClientCertificate is set, but no local certificates
> > >> were negotiated. Is the server set to ask for client authorization?
> > >> at
> > >>
> > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> > >> rceptor.handleMessage(SAAJOutInterceptor.java:223)
> > >> at
> > >>
> > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> > >> rceptor.handleMessage(SAAJOutInterceptor.java:174)
> > >> at
> > >>
> > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
> > >> orChain.java:272) at
> > >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
> > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
> > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> > >> at
> > >>
> > >> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSC
> > >> lient.java:835)
> > >> at
> > >>
> > >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> > >> ponse(IdpSTSClient.java:57)
> > >> at
> > >>
> > >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> > >> ponse(IdpSTSClient.java:52)
> > >> at
> > >>
> > >> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClie
> > >> ntAction.java:273) at
> > >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> > >>
> > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> > >> java:57)
> > >> at
> > >>
> > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> > >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606)
> > >> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
> > >> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
> > >> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
> > >> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
> > >> at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
> > >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> > >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> > >> at ognl.ASTChain.getValueBody(ASTChain.java:109)
> > >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> > >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> > >> at ognl.Ognl.getValue(Ognl.java:333)
> > >> at
> > >>
> > >> org.springframework.binding.expression.ognl.OgnlExpression.getValue(O
> > >> gnlExpression.java:85)
> > >> at
> > >>
> > >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA
> > >> ction.java:75)
> > >> at
> > >>
> > >> org.springframework.webflow.action.AbstractAction.execute(AbstractAct
> > >> ion.java:188)
> > >> at
> > >>
> > >> org.springframework.webflow.execution.AnnotatedAction.execute(Annotat
> > >> edAction.java:145)
> > >> at
> > >>
> > >> org.springframework.webflow.execution.ActionExecutor.execute(ActionEx
> > >> ecutor.java:51)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> > >> va:101) at
> > >> org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> > >> wExecutionImpl.java:393)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> > >> cute(RequestControlContextImpl.java:214)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> > >> ansitionableState.java:119)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowSt
> > >> ate.java:116) at
> > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> > >> (FlowExecutionImpl.java:388)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> > >> dleEvent(RequestControlContextImpl.java:210)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFl
> > >> owSession(FlowExecutionImpl.java:412)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.end
> > >> ActiveFlowSession(RequestControlContextImpl.java:238)
> > >> at
> > >> org.springframework.webflow.engine.EndState.doEnter(EndState.java:107
> > >> ) at org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> > >> wExecutionImpl.java:393)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> > >> cute(RequestControlContextImpl.java:214)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> > >> ansitionableState.java:119) at
> > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> > >> (FlowExecutionImpl.java:388)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> > >> dleEvent(RequestControlContextImpl.java:210)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> > >> va:105) at
> > >> org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> > >> e.java:51) at
> > >> org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> > >> e.java:51) at
> > >> org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> > >> e.java:51) at
> > >> org.springframework.webflow.engine.State.enter(State.java:194)
> > >> at
> > >> org.springframework.webflow.engine.Transition.execute(Transition.java
> > >> :227)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> > >> wExecutionImpl.java:393)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> > >> cute(RequestControlContextImpl.java:214)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> > >> ansitionableState.java:119) at
> > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> > >> (FlowExecutionImpl.java:388)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> > >> dleEvent(RequestControlContextImpl.java:210)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja
> > >> va:232) at
> > >> org.springframework.webflow.engine.ViewState.resume(ViewState.java:19
> > >> 6) at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
> > >> at
> > >>
> > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow
> > >> ExecutionImpl.java:258)
> > >> at
> > >>
> > >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution
> > >> (FlowExecutorImpl.java:169)
> > >> at
> > >>
> > >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo
> > >> wHandlerAdapter.java:183)
> > >> at
> > >>
> > >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
> > >> erServlet.java:923)
> > >> at
> > >>
> > >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
> > >> rServlet.java:852)
> > >> at
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.processRequest(Frame
> > >> workServlet.java:882)
> > >> at
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
> > >> let.java:789) at
> > >> javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> > >> icationFilterChain.java:303)
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> > >> ilterChain.java:208) at
> > >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
> > >> )
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> > >> icationFilterChain.java:241)
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> > >> ilterChain.java:208)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:330)
> > >> at
> > >>
> > >> org.springframework.security.web.access.intercept.FilterSecurityInter
> > >> ceptor.invoke(FilterSecurityInterceptor.java:118)
> > >> at
> > >>
> > >> org.springframework.security.web.access.intercept.FilterSecurityInter
> > >> ceptor.doFilter(FilterSecurityInterceptor.java:84)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.access.ExceptionTranslationFilter.do
> > >> Filter(ExceptionTranslationFilter.java:113)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.session.SessionManagementFilter.doFi
> > >> lter(SessionManagementFilter.java:103)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.authentication.AnonymousAuthenticati
> > >> onFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
> > >> eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:
> > >> 54)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter
> > >> .doFilter(RequestCacheAwareFilter.java:45)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.authentication.www.BasicAuthenticati
> > >> onFilter.doFilter(BasicAuthenticationFilter.java:201)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.context.SecurityContextPersistenceFi
> > >> lter.doFilter(SecurityContextPersistenceFilter.java:87)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter
> > >> .java:65)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> > >> doFilter(FilterChainProxy.java:342)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
> > >> lterChainProxy.java:192)
> > >> at
> > >>
> > >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
> > >> nProxy.java:160)
> > >> at
> > >>
> > >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> > >> elegatingFilterProxy.java:346)
> > >> at
> > >>
> > >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> > >> ingFilterProxy.java:259)
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> > >> icationFilterChain.java:241)
> > >> at
> > >>
> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> > >> ilterChain.java:208)
> > >> at
> > >>
> > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> > >> alve.java:220)
> > >> at
> > >>
> > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> > >> alve.java:122)
> > >> at
> > >>
> > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> > >> ava:170)
> > >> at
> > >>
> > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> > >> ava:103)
> > >> at
> > >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> > >> 950)
> > >> at
> > >>
> > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> > >> ve.java:116)
> > >> at
> > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> > >> a:421)
> > >> at
> > >>
> > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
> > >> 11Processor.java:1070)
> > >> at
> > >>
> > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> > >> AbstractProtocol.java:611)
> > >> at
> > >>
> > >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> > >> t.java:316)
> > >> at
> > >>
> > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
> > >> java:1145)
> > >> at
> > >>
> > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
> > >> .java:615)
> > >> at
> > >>
> > >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
> > >> read.java:61) at java.lang.Thread.run(Thread.java:745)
> > >> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate
> > >> is set, but no local certificates were negotiated. Is the server set
> > >> to ask for client authorization?
> > >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
> > >> at
> > >>
> > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> > >> rceptor.handleMessage(SAAJOutInterceptor.java:215)
> > >> ... 126 more
> > >> Caused by:
> > org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
> > >> RequireClientCertificate is set, but no local certificates were
> > >> negotiated. Is the server set to ask for client authorization?
> > >> at
> > >>
> > >> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorP
> > >> rovider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenIntercept
> > >> orProvider.java:117)
> > >> at
> > >>
> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTru
> > >> stDecision(HTTPConduit.java:1716)
> > >> at
> > >>
> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleH
> > >> eadersTrustCaching(HTTPConduit.java:1276)
> > >> at
> > >>
> > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
> > >> Write(HTTPConduit.java:1246)
> > >> at
> > >>
> > >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionW
> > >> rappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
> > >> at
> > >>
> > >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> > >> tputStream.java:47)
> > >> at
> > >>
> > >> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThre
> > >> sholdOutputStream.java:89)
> > >> at
> > >>
> > >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
> > >> ldOutputStream.java:63)
> > >> at
> > >>
> > >> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutput
> > >> Stream.java:80)
> > >> at
> > >>
> > >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> > >> tputStream.java:51) at
> > >> com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
> > >> at
> > >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
> > >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
> > >> ... 127 more
> > >>
> > >
> > >
>
>
AW: Re: fediz sample idP client connection error
Posted by Jan Bernhardt <jb...@talend.com>.
You should change your Tomcat Configuration to request SSL client authentication like the following:
<Connector port="9443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="idp-ssl-server.jks"
keystorePass="tompass"
truststoreFile="idp-ssl-trust.jks"
truststorePass="ispass"
truststoreType="JKS"
SSLVerifyClient="optional"
clientAuth="want"
sslProtocol="TLS" />
Best regards
Jan
> -----Ursprüngliche Nachricht-----
> Von: masoud [mailto:masoud@10point1.com]
> Gesendet: Freitag, 31. Oktober 2014 17:21
> An: users@cxf.apache.org
> Betreff: Re: Re: fediz sample idP client connection error
>
> I had actually already tried this, but i double checked to make sure.
> Still have the exact same issue. Here's the Connector from my server.xml
>
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="idp-ssl-server.jks"
> keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/>
>
> I get the same error message. Would I be getting a 200 response from the sts if
> it was a this type of an issue?
> On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote:
> > Hi,
> >
> > Yes, it's the right place to ask questions about Fediz. This part of
> > the log tells you what the problem is:
> >
> >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> > stream: RequireClientCertificate is set, but no local
> >> certificates were negotiated. Is the server set to ask for client
> > authorization?
> >
> > >From Fediz 1.1.2, the second call from the IdP to the STS is secured
> > >with
> > client authentication at the transport level. As you say that the
> > https conduit is already configured correctly, I suspect that your STS
> > deployment is not set up to require client authentication.
> >
> > In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
> > clientAuth="want" (your IdP does not require client auth, so "want"
> > works if you are colocating the IdP + STS in the same container).
> >
> > Colm.
> >
> >
> > On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri
> > <ma...@10point1.com>
> > wrote:
> >
> >> Hi,
> >>
> >> I'm not sure if this is the right place to be asking this question,
> >> so if there is anywhere else that i would be better suited, please let me know.
> >>
> >> I'm trying to set up the sample applications. I have the sample
> >> spring rp application in a jboss instance, and i have the sts and idp
> >> deployed separately to a tomcat instance.
> >> The idp seems to connect to, and receive a response from the sts
> >> sucessfully, but then it seems to decide it doesn't like the way the
> >> connection was neogtiated. But i can't figure out exactly what's wrong.
> >>
> >> I've appended the relevant portion of the idp.log from my tomcat
> >> instance below.
> >> I've built these projects from the 1.1.2 release of fediz.
> >>
> >> I've already double checked that the https conduit is configured with
> >> the right keystore/passowrd combinations, i'm not sure what else
> >> could be wrong.
> >>
> >> --------------------------------------
> >> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
> >> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
> >> - Inbound Message
> >> ----------------------------
> >> ID: 7
> >> Response-Code: 200
> >> Encoding: UTF-8
> >> Content-Type: text/xml;charset=UTF-8
> >> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct
> >> 2014
> >> 22:41:39 GMT], Server=[Apache-Coyote/1.1],
> >> transfer-encoding=[chunked]}
> >> Payload: <soap:Envelope xmlns:soap="
> >> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header
> >> xmlns:SOAP-ENV="
> >> http://schemas.xmlsoap.org/soap/envelope/
> >> "/><soap:Body><RequestSecurityTokenResponseCollection
> >> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> >> ility-1.0.xsd
> >> "
> >> xmlns:ns3="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-se
> >> cext-1.0.xsd
> >> "
> >> xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200802
> >> "><RequestSecurityTokenResponse><TokenType>
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0 </TokenType><RequestedSecurityToken><saml2:Assertion
> >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
> >> http://www.w3.org/2001/XMLSchema-instance"
> >> ID="_7447A8C432B36EB5A414147088997946"
> >> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
> >> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
> >> A</saml2:Issuer><ds:Signature
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> "><ds:SignedInfo><ds:CanonicalizationMethod
> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMet
> >> hod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
> >>
> URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transfor
> m
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
> >> "/><ds:Transform
> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> >> "/></ds:Transforms><ds:DigestMethod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> >>
> >>
> "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></d
> s:
> >>
> Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJ
> >>
> nHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFX
> W8+IWc
> >>
> rnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK
> 5tY
> >>
> xFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsd
> ubjeQ0
> >>
> jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1b
> QDTG2y
> >>
> 6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><d
> s:K
> >>
> eyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANB
> >> gkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
> >>
> >>
> MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZ
> SRUFMTUEwggEiM
> >> A0GCSqG
> >>
> >>
> SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVl
> Uo2eBNBa
> >> OloKvyX
> >>
> >>
> rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIa
> ClLQr
> >> rYT6zwd+NuV8d8p
> >>
> >>
> ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGB
> Q
> >> sTGTvb4
> >>
> >>
> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVL
> mWj
> >> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+v1oDuLr
> >>
> >>
> x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRx
> A
> >> gMBAAGj
> >>
> >>
> ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQ
> sFAAOCA
> >> QEAnkmN
> >>
> >>
> aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZ
> mtH02CE
> >> RUXZTbh
> >>
> >>
> 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTE
> eO
> >> OanaG8R
> >>
> >>
> 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA
> 8/wVOZnGO
> >> CkmnKs9
> >>
> >>
> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLL
> k+AWzQA
> >> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+ZDqpDwj
> >>
> >>
> ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Dat
> >> ys1YXREbVVFVlS+a></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:Na
> >> ys1YXREbVVFVlS+meID
> >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> >> NameQualifier="http://cxf.apache.org/sts
> >> ">ted</saml2:NameID><saml2:SubjectConfirmation
> >>
> >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml
> >> 2:Conditions
> >> NotBefore="2014-10-30T22:41:39.794Z"
> >>
> >> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><s
> >> aml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestricti
> >> on></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><Req
> >> uestedAttachedReference><ns3:SecurityTokenReference
> >> xmlns:wsse11="
> >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> >> wsse11:TokenType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0
> >> "><ns3:KeyIdentifier
> >> ValueType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> >> D
> >>
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> >>
> TokenReference></RequestedAttachedReference><RequestedUnattachedRefer
> >> ence><ns3:SecurityTokenReference
> >> xmlns:wsse11="
> >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> >> wsse11:TokenType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0
> >> "><ns3:KeyIdentifier
> >> ValueType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> >> D
> >>
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> >> TokenReference></RequestedUnattachedReference><wsp:AppliesTo
> >> xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsa:EndpointRefere
> >> nce xmlns:wsa="http://www.w3.org/2005/08/addressing
> >>
> >> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></w
> >> sp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Cre
> >> ated><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></
> >> RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection
> >> ></soap:Body></soap:Envelope>
> >> --------------------------------------
> >> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
> >> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction -
> >> Token [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
> >> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
> >> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
> >> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
> >>
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenServic
> >> e#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> >> has thrown exception, unwinding now
> >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> >> stream: RequireClientCertificate is set, but no local certificates
> >> were negotiated. Is the server set to ask for client authorization?
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:223)
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:174)
> >> at
> >>
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
> >> orChain.java:272) at
> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> >> at
> >>
> >> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSC
> >> lient.java:835)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> >> ponse(IdpSTSClient.java:57)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> >> ponse(IdpSTSClient.java:52)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClie
> >> ntAction.java:273) at
> >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> >>
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> >> java:57)
> >> at
> >>
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606)
> >> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
> >> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
> >> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
> >> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
> >> at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
> >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> >> at ognl.ASTChain.getValueBody(ASTChain.java:109)
> >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> >> at ognl.Ognl.getValue(Ognl.java:333)
> >> at
> >>
> >> org.springframework.binding.expression.ognl.OgnlExpression.getValue(O
> >> gnlExpression.java:85)
> >> at
> >>
> >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA
> >> ction.java:75)
> >> at
> >>
> >> org.springframework.webflow.action.AbstractAction.execute(AbstractAct
> >> ion.java:188)
> >> at
> >>
> >> org.springframework.webflow.execution.AnnotatedAction.execute(Annotat
> >> edAction.java:145)
> >> at
> >>
> >> org.springframework.webflow.execution.ActionExecutor.execute(ActionEx
> >> ecutor.java:51)
> >> at
> >>
> >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> >> va:101) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119)
> >> at
> >>
> >> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowSt
> >> ate.java:116) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFl
> >> owSession(FlowExecutionImpl.java:412)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.end
> >> ActiveFlowSession(RequestControlContextImpl.java:238)
> >> at
> >> org.springframework.webflow.engine.EndState.doEnter(EndState.java:107
> >> ) at org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> >> va:105) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja
> >> va:232) at
> >> org.springframework.webflow.engine.ViewState.resume(ViewState.java:19
> >> 6) at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow
> >> ExecutionImpl.java:258)
> >> at
> >>
> >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution
> >> (FlowExecutorImpl.java:169)
> >> at
> >>
> >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo
> >> wHandlerAdapter.java:183)
> >> at
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
> >> erServlet.java:923)
> >> at
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
> >> rServlet.java:852)
> >> at
> >>
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(Frame
> >> workServlet.java:882)
> >> at
> >>
> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
> >> let.java:789) at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:303)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208) at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
> >> )
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:241)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:330)
> >> at
> >>
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.invoke(FilterSecurityInterceptor.java:118)
> >> at
> >>
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.doFilter(FilterSecurityInterceptor.java:84)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.access.ExceptionTranslationFilter.do
> >> Filter(ExceptionTranslationFilter.java:113)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.session.SessionManagementFilter.doFi
> >> lter(SessionManagementFilter.java:103)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.authentication.AnonymousAuthenticati
> >> onFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
> >> eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:
> >> 54)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter
> >> .doFilter(RequestCacheAwareFilter.java:45)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.authentication.www.BasicAuthenticati
> >> onFilter.doFilter(BasicAuthenticationFilter.java:201)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.context.SecurityContextPersistenceFi
> >> lter.doFilter(SecurityContextPersistenceFilter.java:87)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter
> >> .java:65)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
> >> lterChainProxy.java:192)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
> >> nProxy.java:160)
> >> at
> >>
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegatingFilterProxy.java:346)
> >> at
> >>
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilterProxy.java:259)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:241)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208)
> >> at
> >>
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> >> alve.java:220)
> >> at
> >>
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> >> alve.java:122)
> >> at
> >>
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> >> ava:170)
> >> at
> >>
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> >> ava:103)
> >> at
> >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> >> 950)
> >> at
> >>
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> >> ve.java:116)
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> >> a:421)
> >> at
> >>
> >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
> >> 11Processor.java:1070)
> >> at
> >>
> >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> >> AbstractProtocol.java:611)
> >> at
> >>
> >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> >> t.java:316)
> >> at
> >>
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
> >> java:1145)
> >> at
> >>
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
> >> .java:615)
> >> at
> >>
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
> >> read.java:61) at java.lang.Thread.run(Thread.java:745)
> >> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate
> >> is set, but no local certificates were negotiated. Is the server set
> >> to ask for client authorization?
> >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:215)
> >> ... 126 more
> >> Caused by:
> org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
> >> RequireClientCertificate is set, but no local certificates were
> >> negotiated. Is the server set to ask for client authorization?
> >> at
> >>
> >> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorP
> >> rovider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenIntercept
> >> orProvider.java:117)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTru
> >> stDecision(HTTPConduit.java:1716)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleH
> >> eadersTrustCaching(HTTPConduit.java:1276)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
> >> Write(HTTPConduit.java:1246)
> >> at
> >>
> >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionW
> >> rappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
> >> at
> >>
> >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> >> tputStream.java:47)
> >> at
> >>
> >> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThre
> >> sholdOutputStream.java:89)
> >> at
> >>
> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
> >> ldOutputStream.java:63)
> >> at
> >>
> >> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutput
> >> Stream.java:80)
> >> at
> >>
> >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> >> tputStream.java:51) at
> >> com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
> >> at
> >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
> >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
> >> ... 127 more
> >>
> >
> >
Re: Re: fediz sample idP client connection error
Posted by masoud <ma...@10point1.com>.
I had actually already tried this, but i double checked to make sure.
Still have the exact same issue. Here's the Connector from my server.xml
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="idp-ssl-server.jks"
keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/>
I get the same error message. Would I be getting a 200 response from the
sts if it was a this type of an issue?
On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote:
> Hi,
>
> Yes, it's the right place to ask questions about Fediz. This part of the
> log tells you what the problem is:
>
>> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> stream: RequireClientCertificate is set, but no local
>> certificates were negotiated. Is the server set to ask for client
> authorization?
>
> >From Fediz 1.1.2, the second call from the IdP to the STS is secured with
> client authentication at the transport level. As you say that the https
> conduit is already configured correctly, I suspect that your STS deployment
> is not set up to require client authentication.
>
> In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
> clientAuth="want" (your IdP does not require client auth, so "want" works
> if you are colocating the IdP + STS in the same container).
>
> Colm.
>
>
> On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri <ma...@10point1.com>
> wrote:
>
>> Hi,
>>
>> I'm not sure if this is the right place to be asking this question, so if
>> there is anywhere else that i would be better suited, please let me know.
>>
>> I'm trying to set up the sample applications. I have the sample spring rp
>> application in a jboss instance, and i have the sts and idp deployed
>> separately to a tomcat instance.
>> The idp seems to connect to, and receive a response from the sts
>> sucessfully, but then it seems to decide it doesn't like the way the
>> connection was neogtiated. But i can't figure out exactly what's wrong.
>>
>> I've appended the relevant portion of the idp.log from my tomcat instance
>> below.
>> I've built these projects from the 1.1.2 release of fediz.
>>
>> I've already double checked that the https conduit is configured with the
>> right keystore/passowrd combinations, i'm not sure what else could be
>> wrong.
>>
>> --------------------------------------
>> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
>> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS -
>> Inbound Message
>> ----------------------------
>> ID: 7
>> Response-Code: 200
>> Encoding: UTF-8
>> Content-Type: text/xml;charset=UTF-8
>> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct 2014
>> 22:41:39 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
>> Payload: <soap:Envelope xmlns:soap="
>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header
>> xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/
>> "/><soap:Body><RequestSecurityTokenResponseCollection
>> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>> xmlns:ns3="
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>> xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="
>> http://docs.oasis-open.org/ws-sx/ws-trust/200802
>> "><RequestSecurityTokenResponse><TokenType>
>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
>> </TokenType><RequestedSecurityToken><saml2:Assertion
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
>> http://www.w3.org/2001/XMLSchema-instance"
>> ID="_7447A8C432B36EB5A414147088997946"
>> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
>> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
>> A</saml2:Issuer><ds:Signature
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>> "><ds:SignedInfo><ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
>> URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
>> "/><ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
>> "/></ds:Transforms><ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
>>
>> "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJnHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFXW8+IWcrnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK5tYxFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsdubjeQ0jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1bQDTG2y6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
>>
>> MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
>>
>> SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
>>
>> rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
>>
>> ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
>>
>> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
>>
>> x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
>>
>> ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
>>
>> aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
>>
>> 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
>>
>> 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
>>
>> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
>>
>> ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>> NameQualifier="http://cxf.apache.org/sts
>> ">ted</saml2:NameID><saml2:SubjectConfirmation
>>
>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
>> NotBefore="2014-10-30T22:41:39.794Z"
>>
>> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
>> xmlns:wsse11="
>> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
>> wsse11:TokenType="
>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
>> "><ns3:KeyIdentifier
>> ValueType="
>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
>> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
>> xmlns:wsse11="
>> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
>> wsse11:TokenType="
>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
>> "><ns3:KeyIdentifier
>> ValueType="
>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
>> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
>> xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsa:EndpointReference
>> xmlns:wsa="http://www.w3.org/2005/08/addressing
>>
>> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Created><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
>> --------------------------------------
>> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
>> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - Token
>> [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
>> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
>> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
>> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
>>
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
>> has thrown exception, unwinding now
>> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
>> stream: RequireClientCertificate is set, but no local certificates were
>> negotiated. Is the server set to ask for client authorization?
>> at
>>
>> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:223)
>> at
>>
>> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:174)
>> at
>>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
>> at
>>
>> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:835)
>> at
>>
>> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:57)
>> at
>>
>> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:52)
>> at
>>
>> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClientAction.java:273)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
>> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
>> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
>> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
>> at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
>> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
>> at ognl.SimpleNode.getValue(SimpleNode.java:210)
>> at ognl.ASTChain.getValueBody(ASTChain.java:109)
>> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
>> at ognl.SimpleNode.getValue(SimpleNode.java:210)
>> at ognl.Ognl.getValue(Ognl.java:333)
>> at
>>
>> org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:85)
>> at
>>
>> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
>> at
>>
>> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>> at
>>
>> org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
>> at
>>
>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>> at
>>
>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>> at
>>
>> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
>> at
>>
>> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowState.java:116)
>> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFlowSession(FlowExecutionImpl.java:412)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.endActiveFlowSession(RequestControlContextImpl.java:238)
>> at org.springframework.webflow.engine.EndState.doEnter(EndState.java:107)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>> at
>>
>> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
>> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
>> at
>>
>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> at
>> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>> at
>>
>> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
>> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
>> at
>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
>> at
>>
>> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232)
>> at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196)
>> at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
>> at
>>
>> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258)
>> at
>>
>> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
>> at
>>
>> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
>> at
>>
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
>> at
>>
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
>> at
>>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
>> at
>>
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>> at
>>
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>> at
>>
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:65)
>> at
>>
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> at
>>
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>> at
>>
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>> at
>>
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>> at
>>
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>>
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>> at
>>
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>> at
>>
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
>> at
>>
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
>> at
>>
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
>> at
>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
>> at
>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
>> at
>>
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
>> at
>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> at
>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> at
>>
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate is
>> set, but no local certificates were negotiated. Is the server set to ask
>> for client authorization?
>> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
>> at
>>
>> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:215)
>> ... 126 more
>> Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
>> RequireClientCertificate is set, but no local certificates were
>> negotiated. Is the server set to ask for client authorization?
>> at
>>
>> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
>> at
>>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1716)
>> at
>>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1276)
>> at
>>
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1246)
>> at
>>
>> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
>> at
>>
>> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
>> at
>>
>> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
>> at
>>
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
>> at
>>
>> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:80)
>> at
>>
>> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51)
>> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
>> at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
>> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
>> ... 127 more
>>
>
>
Re: fediz sample idP client connection error
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
Yes, it's the right place to ask questions about Fediz. This part of the
log tells you what the problem is:
> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
stream: RequireClientCertificate is set, but no local
> certificates were negotiated. Is the server set to ask for client
authorization?
>From Fediz 1.1.2, the second call from the IdP to the STS is secured with
client authentication at the transport level. As you say that the https
conduit is already configured correctly, I suspect that your STS deployment
is not set up to require client authentication.
In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
clientAuth="want" (your IdP does not require client auth, so "want" works
if you are colocating the IdP + STS in the same container).
Colm.
On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri <ma...@10point1.com>
wrote:
> Hi,
>
> I'm not sure if this is the right place to be asking this question, so if
> there is anywhere else that i would be better suited, please let me know.
>
> I'm trying to set up the sample applications. I have the sample spring rp
> application in a jboss instance, and i have the sts and idp deployed
> separately to a tomcat instance.
> The idp seems to connect to, and receive a response from the sts
> sucessfully, but then it seems to decide it doesn't like the way the
> connection was neogtiated. But i can't figure out exactly what's wrong.
>
> I've appended the relevant portion of the idp.log from my tomcat instance
> below.
> I've built these projects from the 1.1.2 release of fediz.
>
> I've already double checked that the https conduit is configured with the
> right keystore/passowrd combinations, i'm not sure what else could be
> wrong.
>
> --------------------------------------
> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS -
> Inbound Message
> ----------------------------
> ID: 7
> Response-Code: 200
> Encoding: UTF-8
> Content-Type: text/xml;charset=UTF-8
> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct 2014
> 22:41:39 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header
> xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/
> "/><soap:Body><RequestSecurityTokenResponseCollection
> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:ns3="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="
> http://docs.oasis-open.org/ws-sx/ws-trust/200802
> "><RequestSecurityTokenResponse><TokenType>
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
> </TokenType><RequestedSecurityToken><saml2:Assertion
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> ID="_7447A8C432B36EB5A414147088997946"
> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
> A</saml2:Issuer><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> "><ds:SignedInfo><ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
> URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
> "/><ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
>
> "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJnHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFXW8+IWcrnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK5tYxFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsdubjeQ0jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1bQDTG2y6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
>
> MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
>
> SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX
>
> rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p
>
> ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4
>
> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr
>
> x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj
>
> ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN
>
> aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh
>
> 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R
>
> 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9
>
> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj
>
> ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> NameQualifier="http://cxf.apache.org/sts
> ">ted</saml2:NameID><saml2:SubjectConfirmation
>
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
> NotBefore="2014-10-30T22:41:39.794Z"
>
> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
> "><ns3:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
> "><ns3:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
> xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsa:EndpointReference
> xmlns:wsa="http://www.w3.org/2005/08/addressing
>
> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Created><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
> --------------------------------------
> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - Token
> [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> stream: RequireClientCertificate is set, but no local certificates were
> negotiated. Is the server set to ask for client authorization?
> at
>
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:223)
> at
>
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:174)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> at
>
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:835)
> at
>
> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:57)
> at
>
> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:52)
> at
>
> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClientAction.java:273)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
> at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> at ognl.ASTChain.getValueBody(ASTChain.java:109)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> at ognl.Ognl.getValue(Ognl.java:333)
> at
>
> org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:85)
> at
>
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
> at
>
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
> at
>
> org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
> at
>
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
> at
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
>
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
> at
>
> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowState.java:116)
> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFlowSession(FlowExecutionImpl.java:412)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.endActiveFlowSession(RequestControlContextImpl.java:238)
> at org.springframework.webflow.engine.EndState.doEnter(EndState.java:107)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
>
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:227)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
>
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
>
> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232)
> at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196)
> at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
> at
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258)
> at
>
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
> at
>
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
> at
>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
> at
>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
> at
>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
> at
>
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> at
>
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:65)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
>
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
>
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at
>
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate is
> set, but no local certificates were negotiated. Is the server set to ask
> for client authorization?
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
> at
>
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:215)
> ... 126 more
> Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
> RequireClientCertificate is set, but no local certificates were
> negotiated. Is the server set to ask for client authorization?
> at
>
> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1716)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1276)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1246)
> at
>
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
> at
>
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
> at
>
> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
> at
>
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
> at
>
> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:80)
> at
>
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51)
> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
> at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
> ... 127 more
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com