The STS is complaining that it can't find the private key to decrypt the request. What does your STS configuration look like? Is the private key in a keystore that is pointed to be a crypto.properties file?
Colm. On Fri, May 25, 2012 at 5:44 PM, Gina Choi <[email protected]> wrote: > Both web service and STS up running, but when I execute client on the > command line, I am seeing following error message in Tomcat log. Have been > try to figure this out. > > --------------------------- > ID: 1 > Response-Code: 500 > Encoding: UTF-8 > Content-Type: text/xml > Headers: {} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity > error (No certificates were found for decryption > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope> > -------------------------------------- > May 25, 2012 12:42:12 PM > org.apache.cxf.services.SecurityTokenService.UT_Port.STS > INFO: Inbound Message > ---------------------------- > ID: 2 > Address: http://localhost:8088/DoubleItSTS/UT > Encoding: UTF-8 > Http-Method: POST > Content-Type: text/xml; charset=UTF-8 > Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], > content-type=[text/xml; charset=UTF-8], host=[localhost:8088], > pragma=[no-cache], SOAPAction=[" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], > transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action xmlns=" > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-22089110"> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue > </Action><MessageID > xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To > xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo > xmlns=" > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-2314373"><Address> > http://www.w3.org/2005/08/addressing/anonymous > </Address></ReplyTo><wsse:Security > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soap:mustUnderstand="1"><wsu:Timestamp > > wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig# > "><wsse:SecurityTokenReferencexmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "><wsse:KeyIdentifierEncodingType=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > ValueType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 > ">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc=" > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; > wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11=" > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > wsse11:TokenType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > " > wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc=" > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; > wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11=" > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > wsse11:TokenType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > " > wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc=" > http://www.w3.org/2001/04/xmlenc# > "><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference > URI="#ED-7"/><xenc:DataReference > URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#"; Id="ED-8" Type=" > http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod > Algorithm=" > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig# > "><wsse:SecurityTokenReferencexmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-7" Type=" > http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod > Algorithm=" > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig# > "><wsse:SecurityTokenReferencexmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#"; Id="ED-6" Type=" > http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm=" > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig# > "><wsse:SecurityTokenReferencexmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> > -------------------------------------- > May 25, 2012 12:42:12 PM > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage > WARNING: > org.apache.ws.security.WSSecurityException: General security error (No > certificates were found for decryption (KeyId)) > at > > org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255) > at > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102) > at > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > at > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for { > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas > thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: General security error (No > certificates were found for decryption (KeyId)) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > at > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: org.apache.ws.security.WSSecurityException: General security > error (No certificates were found for decryption (KeyId)) > at > > org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255) > at > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102) > at > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) > ... 27 more > May 25, 2012 12:42:12 PM > org.apache.cxf.services.SecurityTokenService.UT_Port.STS > INFO: Outbound Message > --------------------------- > ID: 2 > Response-Code: 500 > Encoding: UTF-8 > Content-Type: text/xml > Headers: {} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity > error (No certificates were found for decryption > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope> > -------------------------------------- > > On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[email protected]> wrote: > > > That file is referenced in the cxf.xml (https://github.com/gmazza/** > > blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/** > > resources/cxf.xml< > https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml > >) > > and used by the SOAP client to determine the authentication method it > needs > > to use when interacting with the STS. (It might be redundant in cases > > where the SOAP client makes a MEX--MetadataExchange--call to retrieve > that > > same WSDL--I'd have to look more into that.) > > > > Yes, it should be the same as the STS WSDL -- it looks duplicative only > > because the sample tutorial bundles the STS and WSC together but normally > > separate teams would be handling each component, each with a copy of the > > WSDL in their own project > > > > Glen > > > > > > On 05/25/2012 10:08 AM, Gina Choi wrote: > > > >> Hi Glen, > >> I was looking at http://svn.apache.org/viewvc/** > >> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-** > >> ut.xml?view=markup< > http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup > > > >> . > >> Later I was able to fix it based on apache-cxf-2.6.0-src. > >> You have DoubleItSTSService.wsdl file under \client\src\main\resources > as > >> well. What is role of the wsdl file in client side? The content should > be > >> same as sts side? > >> Thanks. > >> Gina > >> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[email protected]<mailto: > >> [email protected]>> wrote: > >> > >> Hmm, the sample doesn't have encryptionName under utService: > >> http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/ > >> main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml? > >> revision=1190520&view=markup# l69 > >> <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/** > >> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?** > >> revision=1190520&view=markup#**l69< > http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69 > > > >> > > >> > >> I'm not sure why you're placing such a property in. > >> > >> Glen > >> > >> > > > > -- > > Glen Mazza > > Talend Community Coders > > coders.talend.com > > blog: www.jroller.com/gmazza > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
