Hi Glen, I am looking at your update on keystores right now.
<<<< Hi Gina, I updated Fediz trunk a few days ago with new specific keystores (all provided in the download) for each portion of the application and also fully spelled out the trust requirements between the various components. I also provided scripts on how to make your own keys should you wish to update yours: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co >>> I am looking at fediz_config.xml under trunk\examples\wsclientWebapp\webapp\src\main\config and there are following content. Since you created webappKeystore.jks for wsclientWebapp/webapp, shouldn't following highlighted in yellow part need to be updated to information corresponding webappKeystore.jks? Like keyStore file should reference to location of webappKeystore.jks and password should reference to "waspass". And idp-sts certificate also need to be imported to webappKeystore.jks. As we know idp-sts and wsclientWepapp are running on different Tomcat instances, I don't undertsand why does stsstore.jks has to be copied over to the Tomcat instance which running wsclientWepapp. <certificateStores> <trustManager> <keyStore file="*conf/stsstore.jks*" password="*stsspass*" type="JKS" /> </trustManager> </certificateStores> <trustedIssuers> <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust" name="DoubleItSTSIssuer" /> </trustedIssuers> Gina
