I've prepared a zip file which contains two tomcat instances: - tomcat-idp - tomcat-rp (contains the application)
You can download it here: https://docs.google.com/open?id=0B39bWm6JgpkfMDZDVkFZemdTX202YlVWM2xMUjEwdw After starting the two tomcat instances, open a browser and enter the following url: https://localhost:8443/fedizhelloworld/secureservlet/fed The following usernames are configured: user: alice password:ecila user: bob password:bob user: ted password:det HTH Oli ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: Oliver Wulff [[email protected]] Gesendet: Donnerstag, 8. März 2012 17:38 Bis: [email protected] Betreff: AW: AW: HTTP Status 403 - Requesting security token failed Hi there The fedizidp can't securely connect to the fedizidpsts (clientkeystore.jks). I'll prepare a package with two tomcat instances and upload it to google docs and send the link... Thanks ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: scmakhaye [[email protected]] Gesendet: Mittwoch, 7. März 2012 23:49 Bis: [email protected] Betreff: Re: AW: HTTP Status 403 - Requesting security token failed *Tomcat instance 2* Mar 7, 2012 11:47:00 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET / Mar 7, 2012 11:47:00 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:01 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:01 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /tomcat.css Mar 7, 2012 11:47:01 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:01 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:01 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /tomcat.png Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /bg-upper.png Mar 7, 2012 11:47:02 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /bg-nav.png Mar 7, 2012 11:47:02 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:02 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /bg-button.png Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /bg-middle.png Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /asf-logo.png Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:02 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:02 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /manager/html Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against GET /html --> true Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against GET /html --> true Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against GET /html --> false Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling hasUserDataPermission() Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase hasUserDataPermission FINE: User data constraint has no restrictions Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling authenticate() Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator authenticate FINE: authenticate invoked Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator authenticate FINE: Save request in session '46CDFE0A261E845160D624A96594A579' Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Failed authenticate() test Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET /fedizidp/ Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint *Tomcat instance 1* Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against PUT /html/deploy --> true Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against PUT /html/deploy --> true Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against PUT /html/deploy --> false Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase hasUserDataPermission FINE: User data constraint has no restrictions Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.CombinedRealm authenticate FINE: Attempting to authenticate user "admin" with realm "org.apache.catalina.realm.UserDatabaseRealm/1.0" Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.CombinedRealm authenticate FINE: Authenticated user "admin" with realm "org.apache.catalina.realm.UserDatabaseRealm/1.0" Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Checking roles GenericPrincipal[admin(manager-gui,)] Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase hasRole FINE: Username admin has role manager-gui Mar 7, 2012 11:42:36 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Role found: manager-gui Mar 7, 2012 11:42:38 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/fedizidp] Mar 7, 2012 11:42:39 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive C:\apache-tomcat-7.0.25\webapps\fedizidp.war Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against PUT /html/deploy --> true Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Text Manager interface (for scripts)]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[JMX Proxy interface]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[HTML Manager interface (for humans)]' against PUT /html/deploy --> true Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: Checking constraint 'SecurityConstraint[Status interface]' against PUT /html/deploy --> false Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase hasUserDataPermission FINE: User data constraint has no restrictions Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.CombinedRealm authenticate FINE: Attempting to authenticate user "admin" with realm "org.apache.catalina.realm.UserDatabaseRealm/1.0" Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.CombinedRealm authenticate FINE: Authenticated user "admin" with realm "org.apache.catalina.realm.UserDatabaseRealm/1.0" Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Checking roles GenericPrincipal[admin(manager-gui,)] Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase hasRole FINE: Username admin has role manager-gui Mar 7, 2012 11:43:32 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Role found: manager-gui Mar 7, 2012 11:43:33 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/fedizidpsts] Mar 7, 2012 11:43:34 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive C:\apache-tomcat-7.0.25\webapps\fedizidpsts.war I did what asked ... but still it complains about certificates can not deploy deploy fedizhelloworld it doesnt contain any files in the folder * This is how the tomcat server instance 2 after deploying fediz-(core and tomcat)* cate FINE: authenticate invoked Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator authenti cate FINE: Save request in session '46CDFE0A261E845160D624A96594A579' Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Failed authenticate() test Mar 7, 2012 11:47:09 PM org.apache.fediz.tomcat.FederationAuthenticator invoke FINE: WsFedAuthenticator:invoke() Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Security checking request GET /fedizidp/ Mar 7, 2012 11:47:09 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: No applicable constraints defined Mar 7, 2012 11:47:09 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Not subject to any constraint Mar 7, 2012 11:47:10 PM org.apache.cxf.configuration.jsse.spring.TLSParameterJax BUtils getKeyStore SEVERE: Could not load keystore resource clientstore.jks Mar 7, 2012 11:47:10 PM org.apache.cxf.configuration.jsse.spring.TLSParameterJax BUtils getKeyStore SEVERE: Could not load keystore resource clientstore.jks org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.talend.security.idp.IdpSTSClient.requestSecurityTokenResponse(Idp STSClient.java:44) at org.talend.security.idp.IdpSTSClient.requestSecurityTokenResponse(Idp STSClient.java:39) at org.talend.security.idp.IdpServlet.requestSecurityToken(IdpServlet.ja va:218) at org.talend.security.idp.IdpServlet.doGet(IdpServlet.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:472) at org.apache.fediz.tomcat.FederationAuthenticator.invoke(FederationAuth enticator.java:199) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:579) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoin t.java:1600) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:908) at java.lang.Thread.run(Thread.java:662) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/wsfedidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2133) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2325) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2357) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 24 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 649) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 93) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:893) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1165) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1149) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:1172) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:772) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:119) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:235) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:284) at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2123) ... 29 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:1185) ... 48 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 54 more Mar 7, 2012 11:47:10 PM org.talend.security.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.talend.security.idp.IdpSTSClient.requestSecurityTokenResponse(Idp STSClient.java:44) at org.talend.security.idp.IdpSTSClient.requestSecurityTokenResponse(Idp STSClient.java:39) at org.talend.security.idp.IdpServlet.requestSecurityToken(IdpServlet.ja va:218) at org.talend.security.idp.IdpServlet.doGet(IdpServlet.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:472) at org.apache.fediz.tomcat.FederationAuthenticator.invoke(FederationAuth enticator.java:199) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:579) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoin t.java:1600) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:908) at java.lang.Thread.run(Thread.java:662) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/wsfedidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2133) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2325) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2357) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 24 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 649) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 93) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:893) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1165) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1149) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:1172) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:772) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:119) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:235) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:284) at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2123) ... 29 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:1185) ... 48 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 54 more ----- _ _ _ _ _ _ _ Siboniso Makhaye -- View this message in context: http://cxf.547215.n5.nabble.com/HTTP-Status-403-Requesting-security-token-failed-tp5543684p5545896.html Sent from the cxf-user mailing list archive at Nabble.com.
