weird, I've just unzipped the package again, started the two container and could successfully run the test.
The certificates are valid till 2021. I'm running the tests on ubuntu with JDK 1.6. Could you attach the full log of tomcat-idp? (wondering whether there is a message that the jdk security extensions must be installed) Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ Von: scmakhaye [[email protected]] Gesendet: Samstag, 10. März 2012 20:56 Bis: [email protected] Betreff: Re: AW: AW: HTTP Status 403 - Requesting security token failed when I enter this URL https://localhost:8443/fedizhelloworld/secureservlet/fed, it says The server localhost:9443 requires a username and password The server says :IDP and I have tried the configured usernames and passwords user: alice password:ecila user: bob password:bob user: ted password:det but it returns HTTP Status 403 - Requesting security token failed http://cxf.547215.n5.nabble.com/file/n5553575/page.gif *The tomacat-rp server shows this message * Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator invo ke FINE: WsFedAuthenticator:invoke() Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Security checking request GET /fedizhelloworld/secureservlet/fed Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Servlet Protected Area]' against GET /secureservlet/fed --> true Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Protected Area]' against GET /se cureservlet/fed --> false Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Servlet Protected Area]' against GET /secureservlet/fed --> true Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase findSecurityConstrai nts FINE: Checking constraint 'SecurityConstraint[Protected Area]' against GET /se cureservlet/fed --> false Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Calling hasUserDataPermission() Mar 10, 2012 9:20:04 PM org.apache.catalina.realm.RealmBase hasUserDataPermissio n FINE: User data constraint has no restrictions Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Calling authenticate() Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth enticate FINE: authenticate invoked Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator auth enticate FINE: Save request in session '51E40EEB5F15CDF2646BA9EF90925D40' Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator redi rectToLoginPage INFO: Issuer url: https://localhost:9443/fedizidp/ Mar 10, 2012 9:20:04 PM org.apache.cxf.fediz.tomcat.FederationAuthenticator redi rectToLoginPage FINE: wtrealm=https://localhost:8443/fedizhelloworld/ Mar 10, 2012 9:20:04 PM org.apache.catalina.authenticator.AuthenticatorBase invo ke FINE: Failed authenticate() test *tomcat-idp server report the following * Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:50) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:45) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpS ervlet.java:258) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:156 ) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin t.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:907) at java.lang.Thread.run(Thread.java:619) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/fedizidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 22 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 520) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 11) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:449) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1029) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1056) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1040) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:981) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more Mar 10, 2012 9:50:53 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.service.factory.ServiceConstructionException: Failed to create se rvice. at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:94) at org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.jav a:500) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:50) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes ponse(IdpSTSClient.java:45) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpS ervlet.java:258) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:156 ) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin t.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:907) at java.lang.Thread.run(Thread.java:619) Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Prob lem parsing 'https://localhost:9443/fedizidpsts/STSService?wsdl'.: javax.net.ssl .SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path bui lding failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl. java:244) at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.j ava:191) at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.ja va:92) ... 22 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 520) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 11) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:449) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1029) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1056) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1040) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:981) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http sURLConnectionImpl.java:234) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrent Entity(XMLEntityManager.java:677) at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineD ocVersion(XMLVersionDetector.java:186) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:771) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(X ML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser. java:107) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser. java:225) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Doc umentBuilderImpl.java:283) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustM anagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:954) ... 46 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 52 more Thanks ----- scmakhaye ----- _ _ _ _ _ _ _ Siboniso Makhaye -- View this message in context: http://cxf.547215.n5.nabble.com/HTTP-Status-403-Requesting-security-token-failed-tp5543684p5553575.html Sent from the cxf-user mailing list archive at Nabble.com.
