The certificate you are using on the client side to encrypt the message to the STS does not match with the private key of the STS:
Client: > keytool -list -keystore src/main/resources/clientstore.jks -alias mystskey -v Enter keystore password: Alias name: mystskey Creation date: 07-Oct-2011 Entry type: trustedCertEntry Owner: [email protected], CN=Tom Token, O=Sample STS Key -- NOT FOR PRODUCTION USE, L=Baltimore, ST=Maryland, C=US STS: > keytool -list -keystore src/main/resources/stsstore.jks -alias mystskey -v Enter keystore password: Alias name: mystskey Creation date: 10-Apr-2012 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: [email protected], CN=stscn, OU=SCT, O=SDL, L=wakefield, ST=massachusetts, C=US Also, your client configuration should look something like this instead: <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort"; createdFromAPI="true"> <jaxws:properties> <entry key="ws-security.callback-handler" value="client.ClientCallbackHandler"/> <entry key="ws-security.signature.username" value="myclientkey"/> <entry key="ws-security.encryption.username" value="myservicekey"/> <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> <entry key="ws-security.sts.client"> <bean class="org.apache.cxf.ws.security.trust.STSClient"> <constructor-arg ref="cxf"/> <property name="wsdlLocation" value="DoubleItSTSService.wsdl"/> <property name="serviceName" value="{ http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/> <property name="endpointName" value="{ http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/> <property name="properties"> <map> <entry key="ws-security.signature.username" value="myclientkey"/> <entry key="ws-security.callback-handler" value="client.ClientCallbackHandler"/> <entry key="ws-security.username" value="alice"/> <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.username" value="mystskey"/> </map> </property> </bean> </entry> </jaxws:properties> </jaxws:client> Colm. On Fri, May 25, 2012 at 7:49 PM, Gina Choi <[email protected]> wrote: > I have this in my stsKeystore.properties. I think that I get > keystore.password wrong. The value that I put is password for strust store. > > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=stsspass > org.apache.ws.security.crypto.merlin.keystore.alias=mystskey > org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks > > The other thing that I might get it wrong is password callback handler. In > case of mystskey and my servicekey, should I put password for sts > truststore? Password for myservicekey is definitely wrong. > > > }else if ("mystskey".equals(pc.getIdentifier())) { > pc.setPassword("stskpass"); > break; > }else if ("myservicekey".equals(pc.getIdentifier())) { > pc.setPassword("sspass"); > break; > } > > On Fri, May 25, 2012 at 2:23 PM, Colm O hEigeartaigh <[email protected] > >wrote: > > > The STS is complaining that it can't find the private key to decrypt the > > request. What does your STS configuration look like? Is the private key > in > > a keystore that is pointed to be a crypto.properties file? > > > > Colm. > > > > On Fri, May 25, 2012 at 5:44 PM, Gina Choi <[email protected]> wrote: > > > > > Both web service and STS up running, but when I execute client on the > > > command line, I am seeing following error message in Tomcat log. Have > > been > > > try to figure this out. > > > > > > --------------------------- > > > ID: 1 > > > Response-Code: 500 > > > Encoding: UTF-8 > > > Content-Type: text/xml > > > Headers: {} > > > Payload: <soap:Envelope xmlns:soap=" > > > http://schemas.xmlsoap.org/soap/envelope/ > > > > > > "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity > > > error (No certificates were found for decryption > > > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope> > > > -------------------------------------- > > > May 25, 2012 12:42:12 PM > > > org.apache.cxf.services.SecurityTokenService.UT_Port.STS > > > INFO: Inbound Message > > > ---------------------------- > > > ID: 2 > > > Address: http://localhost:8088/DoubleItSTS/UT > > > Encoding: UTF-8 > > > Http-Method: POST > > > Content-Type: text/xml; charset=UTF-8 > > > Headers: {Accept=[*/*], cache-control=[no-cache], > > connection=[keep-alive], > > > content-type=[text/xml; charset=UTF-8], host=[localhost:8088], > > > pragma=[no-cache], SOAPAction=[" > > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], > > > transfer-encoding=[chunked], user-agent=[Apache CXF 2.6.0]} > > > Payload: <soap:Envelope xmlns:soap=" > > > http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action > xmlns=" > > > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > wsu:Id="Id-22089110"> > > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue > > > </Action><MessageID > > > xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > > > > > > > wsu:Id="Id-8082967">urn:uuid:8aae248b-5070-483f-aeb6-7f25e4949d2b</MessageID><To > > > xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > wsu:Id="Id-12116">http://localhost:8088/DoubleItSTS/UT</To><ReplyTo > > > xmlns=" > > > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > wsu:Id="Id-2314373"><Address> > > > http://www.w3.org/2005/08/addressing/anonymous > > > </Address></ReplyTo><wsse:Security > > > xmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > " > > > xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > soap:mustUnderstand="1"><wsu:Timestamp > > > > > > > > > wsu:Id="TS-1"><wsu:Created>2012-05-25T16:42:12.623Z</wsu:Created><wsu:Expires>2012-05-25T16:47:12.623Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > > > Id="EK-86B5117A9FA78EFD2213379641328211"><xenc:EncryptionMethod > > Algorithm=" > > > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo > xmlns:ds=" > > > http://www.w3.org/2000/09/xmldsig# > > > "><wsse:SecurityTokenReferencexmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > "><wsse:KeyIdentifierEncodingType=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > > " > > > ValueType=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 > > > > > > ">yGuKymFPtTn/J/Hq7DHGxcwJ9IA=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>z13XYFuuSxQxtzB/X+9rLUoTZeWoCqKdARCF97Zw8MvvrTuipnLxlOGVr5sk81DzT6cA2EB92KS+AXT1S7y1TMESb3aLWLiCOle4o+ima89bTByqRe2GukztJ8GiLANkMzvoc8uiluL4IaWw+ORdCn2iMhX0j6T/E9V+f6mes0g=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsc:DerivedKeyTokenxmlns:wsc=" > > > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; > > > wsu:Id="DK-3"><wsse:SecurityTokenReference xmlns:wsse11=" > > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > > wsse11:TokenType=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > " > > > wsu:Id="STR-86B5117A9FA78EFD2213379641328412"><wsse:Reference > > > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > > > > "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>24</wsc:Length><wsc:Nonce>/jXB+2ccMwuCF/6ee7G1nQ==</wsc:Nonce></wsc:DerivedKeyToken><wsc:DerivedKeyTokenxmlns:wsc=" > > > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; > > > wsu:Id="DK-5"><wsse:SecurityTokenReference xmlns:wsse11=" > > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > > wsse11:TokenType=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > " > > > wsu:Id="STR-86B5117A9FA78EFD2213379641328785"><wsse:Reference > > > URI="#EK-86B5117A9FA78EFD2213379641328211" ValueType=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > > > > "/></wsse:SecurityTokenReference><wsc:Offset>0</wsc:Offset><wsc:Length>32</wsc:Length><wsc:Nonce>x6Kqo/t5hcDb4C53M3Gd9A==</wsc:Nonce></wsc:DerivedKeyToken><xenc:ReferenceListxmlns:xenc=" > > > http://www.w3.org/2001/04/xmlenc# > > > "><xenc:DataReferenceURI="#ED-6"/><xenc:DataReference > > > URI="#ED-7"/><xenc:DataReference > > > URI="#ED-8"/></xenc:ReferenceList><xenc:EncryptedData xmlns:xenc=" > > > http://www.w3.org/2001/04/xmlenc#"; Id="ED-8" Type=" > > > http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod > > > Algorithm=" > > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > > > http://www.w3.org/2000/09/xmldsig# > > > "><wsse:SecurityTokenReferencexmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>7S/6iJi2pElMDqqqEPNcECQWmHQmSBiKq42bBVaWJahH4+UIvFGj2RYIpKbQxS1S4LkUyHsAvKJzdK0A+kXi+QO+SJwhWG8jNe5Vc6tvyuSS+v9/9yZP12Ys/CUH3pLuRcXtsewsW2LcotgJ2jFckM2OTc4RIeYql2HGN0jjpVxpq5TPbFyaUuU4WrHvm83H5aC7RwdB7qi/EZIYcR6Cb8yukAlNTsjVAmcLw82e4RamsGNICLvM1rXXyoflo6tyyc6cbMTYp+boBBD8BbeulElF/kEoM1BJrgm8c+WsZE2cy600p1cYHnjzLGIHTRd1iuaikykm/NO5CzljwUiEPuJ2CGGQTMxdDXf8XbSrmVY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><xenc:EncryptedData > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-7" Type=" > > > http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod > > > Algorithm=" > > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > > > http://www.w3.org/2000/09/xmldsig# > > > "><wsse:SecurityTokenReferencexmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>j6AsZeds87wz/EuoP6oyHbpFBKxuGjpCSe1Zqsin0PAjYS91XyiZ1klBjhrljAMXcKMmjYU6uSv9wrSSefk96GWkjJj77WzglISqfyOelZVVik+S0mcDG+rVZ11HWhOBEol6RYg+yBvGa4L2vp2os1m1DcuLmcKN+7+Iv+lWfWzFQEjWL/wY7maBczmNdTj071bmx9SfvaPD5Ei8Sa5lGy45RSpMq0D4qI2cipi3+6rgYQ04j/T4dPFFLiuSbZmqIWTJMWqeIemnXll6x3noyjRuLXh/lTGIPhKqtEmqxU2vHr2hsPvACA1lJqA5K8pd+Yfh54q6tG0X3hiaZ5KWoimZXDuJnZCqV+Vd3iEXatziFrDVdv2QjdajUHHEuYBEhmHNh8XUqKUDGFIWxnwIKIrKSYgbAB99FOCtrwqyzgpFNQCGB8NZyQJGPgihfpNR7aAt+XpNLF7R77Mq8gTgvHi7CFHv1VD9lXcrX/sP8JwYp3Sx3sQCDwK2ptkW/CDWEIxD9QV955h6pWzOb6cPE/Sb3/YKMEw/HEjAVdq8R/AQ8Ag0eZokqA/85MRm8yvvHwE6s7pkoRlKVwLxXPgqWWP9QBzxiLhaC9qhbtWsLEKmYuorL2tbWW9PvCRrABu4uqhSDeB2UcYENv9abcXZlnM9dm6bzz+ej4/bU3kSUQxi4AlcVuAoJJZQTOvywLGw6OUSZJzI55HnoZ1Db82bEuLdYOk9uYEJvkNVH5BdrqgfOBnUpzGhLQYmFv3JGJNGigyRD0AJnMAYo5Yf7ouLsuQIT0m/j/I8vK+9J3V1jGG4TLBWfO8yJ7Ts53AEcXm90GGUwFE0fSbnjEYW4xIe9O02wsVySsJaDisVifbMZ4FzDsZ+ybhDJ+MQJ3AFWlRV/6IJnS41XjcOqZHdvjdjqeNfD7WyZQUqW8g7MYDzr3wvrkLDi9gsmS98nXRtVBwU5SlkuBV3o1+TChEdK4OnIZdkQI20g4IlE40laAyLd/xIM1qiQjxd1glPuLfPUwPTaH5ZMoH0AJvYle/BRQBtx7reIhldPcd39rrjjjsweOCaIICFHAzjONTjbOd4Q8Br3F86NT4J5MPEN9CIZzoT3FUMZ9+B8HJHwGl6ZQtc3qAr/4RtLWTsdo/lOKNFgAxpJo3kkuHpE01Qjsk3Tqdu1/KjAVmExShJX6fHDYzBPEki3IFE8R+wf7fuy8VOmKabFFilGeTOcVZOmQrblU5Y54GBVjR9z7XIYtA417zXhkR0lzUqqxwARANEGCwn/b65wbhbXmVAUjOMm12FVdQFuXKVgQetu6ezfInDmNH/PxCCvW83DPm2qmlJ9+IcUrQk7MqzB38gxkH19WPb/64gUF09jz+OY5yM4R6PY0tSi9UkQL/i5lH0QVzB/OgdU6rThBqKCpRUdzs1YJPmrzCGdSQXB+MrWpwvhV1+yBct3uhg/vYxxUrZoiOIwfrB1As266/e9bodXbx/PmWQtbcSLlmZ0PKKQf33/OZ8xF9AoY+DbDzlcUiEHANlP0dT5IhgpkXV2G65oxBTxxxQZ4ZzkpyZLfXoTUsuqRj83DITksXOI51Eqg1ijqWf7Dd0lVqdm2lassW/OLdks7Khv9eY0Ss7JDB8Vzk60RHah8+HvZAv2VQJ1qjaOHti3AeP3RoswWApD1BnlUYwdJVyfwvg2GprROxRkjirtnsggQS4xl4+nmUrDM2aM567wM5qftOywvq2wtCNNY9knNG/Wg953EPSDx00JtTif1kqdiBXuzffqWrkPebyq5JB90VlzKnmC82m48e43zBNGyekJuNiBGOap7rSG8C5SAoEX9XyYZeRQZOzlsAdc5lZkkOVVKr+iwFRn3f3cAhr7GeM7rWodx+0fzUAE+z/1DUwbyboNobPd8k4/lWXmnT5wokWT5mpybk+P4Qur1P2Qm5q6YVxDqYCANwYOyOrB3qFdCXBcCZRu54JiZHCXyZRYnTkKPHddSRsDrKM0jT8HlNY+J5Vuv8aKA4vnbo+P+b4TXvYYUwtWGbsRaSUyYSIRV7HE583zzxVpgBt2T+3eSjfjBWfkVTAEhOK1CdZdt1pBZ9tnf5EYAoENHRsPVsAfcISOAdK+XxAo+K3lXo7PZ75AuY6wmfawUerwMbLuqJxGtkRa7b0i6pY1RuNw91Zbs42NDtUUIV2nTfkBFG4VL1QVGwsG5Z6pmw33sARTl55qCXOIVUC8TChk4vhh3FDclI7ui1elVQdDDeQ7O+aYMb4Yhhh03kHiadCuwDSMN8QG+7GKFSI1e0LDOjUEhwOZwumQdC9xLoES7Oj1lvLEu4eNOxacN70Oa8LVN1QTZh37fqEptuKoOVjkWJ6XyLCpdmlotbMaQ+5a0ABMsb6X/kDLeFwvlZYkCWh6VH9uWuPl293yGqgDHW3h2GkfPMqdVIa+/nzcFVK8sT+UPxKwNMsMB/tGG4KVx9O9fs2nTNncVtR00XvPTWiNVNA7b1wmLkXiiowYtY7CRlZhCI+smsg5vL358v4ZjYlGfJ2Tyjt1oD2mdMP6+O4hPkkS9oWlTWY8jzogT4X5dZs566wvDP4Xs8R40T0yqSnSkuEvJYpKynJURE58Nwlpqme/0lY2vLWr4igu60kKe6CpX0BynXo4NRdF+Zs0+WzUL7LFiqKIExBSrLtqcSUnPJGyCIAE7B0I6SbykEYk9pEGHrR7r6K0Wp8FSYpXTmr1QylpL2kSKIMsCGCxV7uzOTAXAToP8Nb46WUPDhoABmAoqGBu8XPfrCZF9lMKfzpL2x2VQyU/JVWnNvLcCGCPRboagBY+c/EZlmhkhbZ9NSkTs5GDDMISWHss1OX83yOZUpjcGZYtCNFDdSuDR9Tuu6SadiTdC2N604YJmUv0lldjrAvsTlTeMehJEqaeo+t/Oda7KvsTHPNQ4anUpbXocQYHPYBjoiYMjt+fYd38WDCjW5Nte3s30qIflelXe5bMrIRVGkJuixv0Oyl1YPGRS/VChfnOXfzEY7tqbNIeF1oMC1pzNO/HnebZTc0jlbN7PQyi5yWZB4P+g/5c04yxOo8emSaN3YGwjtpAsP1MJXXfVcNPSC2rEQo2EEDfBfAk9KuHG8sHBbX2iDyDXBM0yj7gwW5Q43I9DLJJxNS3ZNd3NPqK/DsQpbJ6VVVR6hxHFXVnPcFQ61Y+t7O5WZBanOym3/z+Wq00ZHmyxOh9m7zPsdh1xyy6shsu1FJHdZHljSEYno3owKof89mGEyhuZ9sIilwj/e9iUnSOPPCPgkqpZShQagvFEKOHnCb02XIy8uo/g8Z9ACfcQnjAElapl9L8aoLi94/A5/U0XQUtsghZOSedyFlszkHS8GvNQMxVvZ2cE3bsM5naVU6/8aEIpnLakjo+aomtyaOygp0kjff99uW4WjforGLZznY45fYj717aZGDNz5XYrpULCyW6Oi2t4XF+pRy/gL/ULFs1l36WlmpwC/zj/mkApfZuDqSj3zuR+faBCfgenSHJHOpwxk/KG7bnAFh9D7YKx8VKXvHirrZJD1yMLYTrGzVsoADmjMwMjG6Zy3mT7vaiDlo1SrixnT0OKqAR9+i2HwyTVLMxvZWKq4FZwm85gcAoRdi46cBsst/h5HivQfKoM53/SDSgZACG7Sqq97pn1XlzHZ0NNfcd7Nky/4DLri+sYWkEX51jh3/p4gGGOCtI4QxHQGI0tmmwccB4hJFj4p2qvFkqocSUr5lmSx2VPAcQ3bnnnd/C5+9C2Z5TxL9MM1+lW7Q6nyEs0fJGCHJlxHHEjXqpy0zC44d1wtCeO0CnUnOwOb0drd8WcKn7hQSe9iQ+UdQPBw1V1LpdpRVIQk4bNyI44FwDv7MTF1tfKsDcHZeCKa1T6CQ1WgOe2CLhMYAnr0aRHRmrDKKZoAHYtGP5t4LmmGgvWTpB4LofWqhVR/r9xbS/6YOSVFOyjnq1Yq3yqPbg/5DmFpltjVPGT1oulwgdE3b/16n5qsoCHyJumY9poKkzSuwqf8+12tj5NDu8aNLM90at3wmjEMoQDFM98WVRE82CCOcuzot5eGQixmEkzN/lhpnplEeVK1w5SLAaW6HqT9zJYnClYHPqjhG8Cd8Dc6B95UOxX/1AdAJg4nQ8OGTZbVolH3APhiO4frsydSKb9SZ9ZG0Fm+d4c5iUXmB0d076HfAZi4erj6oPaLhnNstmOFEkyQP7OVSDo1F3st6S/AjOMVq4DCWRwCysELggvdj5qT3GLpLdgY7XDmS8QNKqdHP/noLkTotAQMsYEXyQmOJ86IJ5zvr4krCEUMsV2VyvpSSmTubl61jtxYUAYlBzoGVRJDsXXFL+Mr5C+RX2HssUx3Xnl+DRC7WfgwkLbS9vs0QqdIfvJyrKaLyuWbIzsjjnvsyLB2LzqcYj2oi96+s7iWETqvRoBCmZZs8O/6xdS7Ss4FagRbEoENpc5qeJe5f80uTsg3cGA8zDzxEldOieg+PphIpnpNYS2PmrNMKEDD640161RnEJLYzojaFA58t0+vV2bxBZtjmKZ7nujMHjHcmJLsfv8UoH8FPzB39tJS41P0QRI0UDKQ0DANcuufJGAkYAz1hfhiT+zdUs1oH+dlHYw4ETtj7THKrCytgDea2s2gXFd3wSpts6AdfGqS2/Tfek4kTdejcqmd0uE/horn4KUTJ3hffuQ/W53x9iQqwyUSNZzGgqoMKoY8DJQBVCUtdyHrQ8Sq+3HSXpcA224tJgCjFLBWE6i7jb4ASBvzF3NgwPvGTVkAbDxWPWAefu3ryUgVb29ipKznbJIkMYvdvd3y4U5JNYu8yxliPMaixmo7EuYJz/E2IOaV+arxO+OA3G1T787L+9FzK5Ibo0pAkVgyKQIKYPklPjRTBoSNoxh7wvbaRhnHvRo8MYse4yGts2y48J+o69+hmbJdUaX3UgvwC88gQNoPX8mUuiJ4JN752gw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse:Security></soap:Header><soap:Body > > > xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > wsu:Id="Id-10623141"><xenc:EncryptedData xmlns:xenc=" > > > http://www.w3.org/2001/04/xmlenc#"; Id="ED-6" Type=" > > > http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > > > Algorithm=" > > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds=" > > > http://www.w3.org/2000/09/xmldsig# > > > "><wsse:SecurityTokenReferencexmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > > "><wsse:ReferenceURI="#DK-5"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>R5MO17Yyg162316WY2xNN3rnhCKxZj2n9C2kcFMw3e5pkyPXrKJKua9qHBzZTLVUADx1AO+Y+WEeAl8JIAkfvPy7ShWN0hKHIKAyc3J/ir+w+xZ9iQ59LaSgg4s8iVLutxvLJCm3IviJGDz9Hy44RsZp2o3fuaAO4CiOO6BmgSVY8cs7XbKSFUbzqba5oCD4IsGgf7DKpzLYMytIbTzJ7bobaNsfn9qH8JkX0VH8skEPINOemE1SvlsL5ad8fRqF00FOTUAN6UDf5P7qW1Qc10heEQGwDtawF3FrmJtC50ZXpAGopFSou5NaFMjuH+AsElA4a7P0A3+PlCBal3sLOiCdsoAvgTF7zSiDITVtzD73nQPVH3l++Hx+XqIesTvv9zsfWNJL097dQ4J0HefGbCu86Cz1FKwSaZMgomiICe6qA6L1f5Pd6fC2z03iJB0xDZzCAs+ue1CcSy5ui/sx9K+MQchg9lyo6tgK4aj6kvbFR5iA3U9sHtAYrHlyGJgDBOv0CiNKdh4LQ3905iydR0FCalhwmEg02qnSy9xGz7osgnesKsAcY1Rx4yW7JXkViSelKBEI0HXxCnSFb/AwfMfp49Np+xoQcbLihxBtw1XQfOyQkuWPUdRfuTv27T/mVcZaTaIltU5L2CS9EKmqcTr33QZwXNb14jMrwTVzigTcykmHHFS9KKtYBWRsyp1yzctrM59JFYVgGghtybqawgQHxIxV5gN+sP7kTZp0Uy7+5U/D76gDvYarz38xxakwZDasFae3o60hw3coYRwm+GqLPDKEI+X3Un4JAnzxpz1qYIn3M6f+jGTFEUfPafKFrylQYB400Yf/GNHvVkmkMczOspI6oSjWKQWGJZo8MeZjashkggDd7qtazyyoY3Fo2wHmResoI070h2Ch4GxpsNCRSdplOSZKxLSvwqHhdBksW8VeDt2BDgAsuSGznHk2oASLokREmQ3fgci4KzEvy53/MDWo7S02sk0FqF5OfuiQXt0AFPEydJ5ybnlS49xh4HTAG167gZHZGWHzHhPel5npEh+GyVe9yrYzzJ4yal4kXpIbVeyfB5csZGXmic2T/XPCQ97miGCohjEz7q0FXYFUPpROQkvbzSXkRp8naxGpU+dc9JN3fbBHmq0f358cnYOhPs5BEk8Yn/IHtUHLs43n8wogb5958uuOTsH9/E1iZUlDr88iHMousDG5ABxJaZBdyTaark10tavCF0lumYemso3v+77zfHTqsY4D+En69b5U96WHtQz50qzwXZuMZ0dFP5U/pPMlStKGPhVm8W6GD+rHdJjV9yScnyTack3YwBnKCWaqO/zXNG4EzdhHlxKzlW5gGNdSUtqM2HmjtGuNvg/UHe/+VVsJyP21wmxR1FOQfVPyrZS5gsULntB1toXltfpWByVDxJRpGaI9B0bkUuJFCmRcC/H1ej6tkH16+fjzwd8h/2YdJI3bW38mUYPmfE+4fKQZ2ptzGk/PNpGylkyFRBe6tvXhj9RuB1h0bxIX72y8/UJEtGVvEr0VMVcfqKkghTlOtY18C06I1zH0U7zDJbVC/2eO5xQykuj3td2Qj6cPC8q/4xq16FTUpqB6fqunATslBV+/xTEXowkp/8T6Otdivo7ft1OJxY7qtT5mu7GrRoGEMDBN+puH/UNVxLO1MeAUUA7SUxl7V7vcXWvQZURf4VhFf88iOOhKy09Gf23VECFVYryO+75Kthsx92SU+wWzWebApb8DdPkjTRTU3kFT4tgmGDW0czuptk91g4n87rud0orK3bheNmxwqHIbQmwNplFBWkU3QKd82WcBMnykajjyBJfRwbk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> > > > -------------------------------------- > > > May 25, 2012 12:42:12 PM > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage > > > WARNING: > > > org.apache.ws.security.WSSecurityException: General security error (No > > > certificates were found for decryption (KeyId)) > > > at > > > > > > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255) > > > at > > > > > > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102) > > > at > > > > > > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > > > at > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > at > > > > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) > > > at > > > > > > > > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) > > > at > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > > > at > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > > at > > > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > > > at > > > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > > > at > > > > > > > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > > at > > > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > > > at > > > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > > > at > > > > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > > > at > > > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > > > at > > > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > > > at > > > > > > > > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > > > at > > > > > > > > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > > > at > > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > > > at java.lang.Thread.run(Thread.java:662) > > > May 25, 2012 12:42:12 PM org.apache.cxf.phase.PhaseInterceptorChain > > > doDefaultLogging > > > WARNING: Interceptor for { > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issuehas > > > thrown exception, unwinding now > > > org.apache.cxf.binding.soap.SoapFault: General security error (No > > > certificates were found for decryption (KeyId)) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > > > at > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > at > > > > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) > > > at > > > > > > > > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > > > at > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) > > > at > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > > > at > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > > at > > > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > > > at > > > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > > > at > > > > > > > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > > at > > > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > > > at > > > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > > > at > > > > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > > > at > > > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > > > at > > > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > > > at > > > > > > > > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > > > at > > > > > > > > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > > > at > > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > > > at java.lang.Thread.run(Thread.java:662) > > > Caused by: org.apache.ws.security.WSSecurityException: General security > > > error (No certificates were found for decryption (KeyId)) > > > at > > > > > > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:255) > > > at > > > > > > > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:102) > > > at > > > > > > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397) > > > at > > > > > > > > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) > > > ... 27 more > > > May 25, 2012 12:42:12 PM > > > org.apache.cxf.services.SecurityTokenService.UT_Port.STS > > > INFO: Outbound Message > > > --------------------------- > > > ID: 2 > > > Response-Code: 500 > > > Encoding: UTF-8 > > > Content-Type: text/xml > > > Headers: {} > > > Payload: <soap:Envelope xmlns:soap=" > > > http://schemas.xmlsoap.org/soap/envelope/ > > > > > > "><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Generalsecurity > > > error (No certificates were found for decryption > > > (KeyId))</faultstring></soap:Fault></soap:Body></soap:Envelope> > > > -------------------------------------- > > > > > > On Fri, May 25, 2012 at 10:21 AM, Glen Mazza <[email protected]> > wrote: > > > > > > > That file is referenced in the cxf.xml (https://github.com/gmazza/** > > > > blog-samples/blob/master/cxf_**sts_tutorial/client/src/main/** > > > > resources/cxf.xml< > > > > > > https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/client/src/main/resources/cxf.xml > > > >) > > > > and used by the SOAP client to determine the authentication method it > > > needs > > > > to use when interacting with the STS. (It might be redundant in > cases > > > > where the SOAP client makes a MEX--MetadataExchange--call to retrieve > > > that > > > > same WSDL--I'd have to look more into that.) > > > > > > > > Yes, it should be the same as the STS WSDL -- it looks duplicative > only > > > > because the sample tutorial bundles the STS and WSC together but > > normally > > > > separate teams would be handling each component, each with a copy of > > the > > > > WSDL in their own project > > > > > > > > Glen > > > > > > > > > > > > On 05/25/2012 10:08 AM, Gina Choi wrote: > > > > > > > >> Hi Glen, > > > >> I was looking at http://svn.apache.org/viewvc/** > > > >> cxf/fediz/trunk/services/sts/**src/main/webapp/WEB-INF/cxf-** > > > >> ut.xml?view=markup< > > > > > > http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-ut.xml?view=markup > > > > > > > >> . > > > >> Later I was able to fix it based on apache-cxf-2.6.0-src. > > > >> You have DoubleItSTSService.wsdl file under > \client\src\main\resources > > > as > > > >> well. What is role of the wsdl file in client side? The content > should > > > be > > > >> same as sts side? > > > >> Thanks. > > > >> Gina > > > >> On Thu, May 24, 2012 at 10:06 PM, Glen Mazza <[email protected] > > <mailto: > > > >> [email protected]>> wrote: > > > >> > > > >> Hmm, the sample doesn't have encryptionName under utService: > > > >> http://svn.apache.org/viewvc/ cxf/trunk/distribution/src/ > > > >> main/release/samples/sts/src/ demo/wssec/sts/wssec-sts.xml? > > > >> revision=1190520&view=markup# l69 > > > >> <http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/** > > > >> main/release/samples/sts/src/**demo/wssec/sts/wssec-sts.xml?** > > > >> revision=1190520&view=markup#**l69< > > > > > > http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup#l69 > > > > > > > >> > > > > >> > > > >> I'm not sure why you're placing such a property in. > > > >> > > > >> Glen > > > >> > > > >> > > > > > > > > -- > > > > Glen Mazza > > > > Talend Community Coders > > > > coders.talend.com > > > > blog: www.jroller.com/gmazza > > > > > > > > > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
