Re: [gt-user] Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]]

Wed, 12 Sep 2007 07:32:50 -0700

What happens from the client machine if you "grid-proxy-init -verify - debug"? The client doesn't usually bother to verify its own proxy, this will check the results against the installed certificates. 

You are using the same CA on both the client and server, right?


Charles

On Sep 12, 2007, at 6:51 AM, Fabian Lueghausen wrote:


Hello !

I have a big problem with my CA.
I wrote a simple hello world service and deployed it into a service
container.
Then I tried to invoke this service with my client using transport layer 
security.
But the result was not very satisfying.. The client is not able to find 
my CA although I made a valid grid-proxy-init.


++++ Client side: ++++

[EMAIL PROTECTED] SafetyHelloWorld]$ ant runClient
Buildfile: build.xml

setGlobus:

checkGlobus:
     [echo] Globus: /home/fabian/globus-4.0.5

defineClasspaths:

runClient:
     [echo] Connecting to service:
https://ingrid:9000/wsrf/services/mpcci/SafetyHelloWorld
     [java] JVM args ignored when same JVM is used.
     [java] Running the Grid Service Client
     [java] AxisFault
     [java]  faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
     [java]  faultSubcode:
     [java]  faultString: org.globus.common.ChainedIOException:
Authentication failed [Caused by: Failure unspecified at GSS-API level
[Caused by: Unknown CA]]
     [java]  faultActor:
     [java]  faultNode:
     [java]  faultDetail:
     [java]     {http://xml.apache.org/axis/}stackTrace:Authentication
failed. Caused by Failure unspecified at GSS-API level. Caused by
COM.claymoresystems.ptls.SSLThrewAlertException: Unknown CA
     [java]     at COM.claymoresystems.ptls.SSLConn.alert
(SSLConn.java:235)
[java] at COM.claymoresystems.ptls.SSLHandshake.recvCertificate 
(SSLHandshake.java:304)
     [java]     at
COM.claymoresystems.ptls.SSLHandshakeClient.processTokens
(SSLHandshakeClient.java:128)
     [java]     at
COM.claymoresystems.ptls.SSLHandshake.processHandshake
(SSLHandshake.java:135)
     [java]     at
org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext
(GlobusGSSContextImpl.java:483)
     [java]     at
org.globus.gsi.gssapi.net.GssSocket.authenticateClient
(GssSocket.java:102)
     [java]     at org.globus.gsi.gssapi.net.GssSocket.startHandshake
(GssSocket.java:140)
     [java]     at org.globus.gsi.gssapi.net.GssSocket.getOutputStream
(GssSocket.java:161)
     [java]     at
org.apache.axis.transport.http.HTTPSender.writeToSocket
(HTTPSender.java:433)
     [java]     at org.apache.axis.transport.http.HTTPSender.invoke
(HTTPSender.java:135)
     [java]     at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
     [java]     at org.apache.axis.SimpleChain.doVisiting
(SimpleChain.java:118)
     [java]     at org.apache.axis.SimpleChain.invoke
(SimpleChain.java:83)
     [java]     at org.apache.axis.client.AxisClient.invoke
(AxisClient.java:165)
     [java]     at org.apache.axis.client.Call.invokeEngine
(Call.java:2727)
     [java]     at org.apache.axis.client.Call.invoke(Call.java:2710)
     [java]     at org.apache.axis.client.Call.invoke(Call.java:2386)
     [java]     at org.apache.axis.client.Call.invoke(Call.java:2309)
     [java]     at org.apache.axis.client.Call.invoke(Call.java:1766)
     [java]     at
de.fhg.scai.mpcci.stubs.bindings.SafetyHelloWorldPortTypeSOAPBindingSt ub.getServiceSecurityMetadata (SafetyHelloWorldPortTypeSOAPBindingStub.java:722) 
     [java]     at

(.......)


++++ Server side: ++++

2007-09-12 12:55:10,139 ERROR container.GSIServiceThread
[ServiceThread-14,process:145] Error processing request
java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:168)
        at org.globus.gsi.gssapi.SSLUtil.read(SSLUtil.java:37)
        at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readToken
(GSIGssInputStream.java:64)
        at
org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken
(GSIGssInputStream.java:54)
        at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken
(GSIGssSocket.java:60)
        at org.globus.gsi.gssapi.net.GssSocket.authenticateServer
(GssSocket.java:122)
        at org.globus.gsi.gssapi.net.GssSocket.startHandshake
(GssSocket.java:142)
        at org.globus.gsi.gssapi.net.GssSocket.getOutputStream
(GssSocket.java:161)
        at org.globus.wsrf.container.GSIServiceThread.process
(GSIServiceThread.java:102)
        at org.globus.wsrf.container.ServiceThread.run
(ServiceThread.java:302)


++++ ++++ ++++




The curious is that it works when I'm just executing the client at the
same machine the server runs on. (*) But not when I'm running the client 
on my local machine.
Perhaps the cause is related to the fact that I installed my CA as root at the server and as non-root at my local machine? This is what I guess. 

Hope that you can help me??

Best greets from St. Augustin,

  Fabian



_______________________________
*)
  [EMAIL PROTECTED] SafetyHelloWorld]# ant runClient
  Buildfile: build.xml

  setGlobus:

  checkGlobus:
       [echo] Globus: /usr/local/globus-4.0.3

  defineClasspaths:

  runClient:
         [echo] Connecting to service:
https://ingrid:9000/wsrf/services/mpcci/S
       [java] JVM args ignored when same JVM is used.
       [java] Running the Grid Service Client

       [java] Hello Alice.
       [java] I recently read your message: "How are you?"
       [java] Yours Bob.
       [java] Zeit: 13:3

  BUILD SUCCESSFUL
  Total time: 12 seconds

Reply via email to