Hi everybody.
I'm facing problems with the STS.
Let me explain what I did and which errors are appearing...
So I have two projects
- IDP
- STS
Both are located in a Tomcat 8 container. This container has the following
SSL config in the server.xml file
<Connector
SSLEnabled="true"
clientAuth="want"
maxThreads="150"
port="9443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https"
secure="true"
sslProtocol="TLS"
SSLVerifyClient="optional"
keystoreFile="E:\Certificates\identity-provider\tazouxme-idp-key.jks"
keystorePass="tompass"
truststoreFile="E:\Certificates\identity-provider\tazouxme-idp-trust.jks"
truststorePass="ispass"
truststoreType="JKS" />
All ports begin with 9*.
I launch my Tomcat and try to access Metadata and WSDL.
Here are the results:
- When I want to access the Metdata (via the idp url), it's fine ; the XML
is well displayed.
- When I want to access the WSDL (via the sts url), it's not displayed!
I understand that the server requires the client certificate.
It's seems that this step does not work... I'm using Firefox.
So here I'm blocked and if I want to connect an webapp to the IdP system, it
does not after setting the credentials in te Authetication box. the
following page is displayed
Sorry, CXF Fediz IDP cannot satisfy your request.
Reason : IDP is unavailable, please contact the administrator
And the root cause Exception is:
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
RequireClientCertificate is set, but no local certificates were negotiated.
Is the server set to ask for client authorization?
at
org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:136)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1739)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1292)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1262)
at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:211)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at
org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
... 177 more
Do you have any idea how to solve this server-client cert. request?
Thanks again for your big help !!
Joël
--
View this message in context:
http://cxf.547215.n5.nabble.com/Sorry-CXF-Fediz-IDP-cannot-satisfy-your-request-tp5760366.html
Sent from the cxf-user mailing list archive at Nabble.com.
