when I enter this URL https://localhost:8443/fedizhelloworld/secureservlet/fed, it says
The server localhost:9443 requires a username and password The server says :IDP and I have tried the configured usernames and passwords user: alice password:ecila user: bob password:bob user: ted password:det but it returns HTTP Status 403 - Requesting security token failed http://cxf.547215.n5.nabble.com/file/n5553575/page.gif *The tomacat-rp server shows this message * Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator invo ke FINE: WsFedAuthenticator:invoke() Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Security checking request GET /fedizhelloworld/secureservlet/fed Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Servlet Protected Area]' against GET /secureservlet/fed --> true Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Protected Area]' against GET /se cureservlet/fed --> false Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Servlet Protected Area]' against GET /secureservlet/fed --> true Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Protected Area]' against GET /se cureservlet/fed --> false Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Calling hasUserDataPermission() Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase hasUserDataPermissio n FINE: User data constraint has no restrictions Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Calling authenticate() Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth enticate FINE: authenticate invoked Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth enticate FINE: Save request in session '51E40EEB5F15CDF2646BA9EF90925D40' Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator redi rectToLoginPage INFO: Issuer url: https://localhost:9443/fedizidp/ Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator redi rectToLoginPage FINE: wtrealm=https://localhost:8443/fedizhelloworld/ Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Failed authenticate() test *tomcat-idp server report the following * Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:50) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:45) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpS ervlet.java:258) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:156 ) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin t.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:907) at java.lang.Thread.run(Thread.java:619) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/fedizidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 22 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 520) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 11) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:449) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1029) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1056) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1040) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:981) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more Mar 10, 2012 9:50:53 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:50) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:45) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpS ervlet.java:258) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:156 ) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin t.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:907) at java.lang.Thread.run(Thread.java:619) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/fedizidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 22 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 520) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 11) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:449) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1029) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1056) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1040) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:981) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more Thanks ----- scmakhaye ----- _ _ _ _ _ _ _ Siboniso Makhaye -- View this message in context: http://cxf.547215.n5.nabble.com/HTTP-Status-403-Requesting-security-token-failed-tp5543684p5553575.html Sent from the cxf-user mailing list archive at Nabble.com.
