I tried to access the WSDL of the STS using Fediz 1.2.1 and the same configuration you have given and it worked fine. The only thing I spotted was that you have omitted the "keyPass" value. Here is my working snippet using the keys that ship with Fediz 1.2.1:
<Connector SSLEnabled="true" clientAuth="want" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" SSLVerifyClient="optional" keystoreFile="idp-ssl-key.jks" keystorePass="tompass" keyPass="tompass" truststoreFile="idp-ssl-trust.jks" truststorePass="ispass" truststoreType="JKS" /> Try adding in "keyPass" and see if it works. If it doesn't then try with the keys that ship with Fediz (idp-ssl-key.jks + idp-ssl-trust.jks) and see if that works. Colm. On Sat, Aug 22, 2015 at 11:00 PM, tazouxme <[email protected]> wrote: > Hi everybody. > > I'm facing problems with the STS. > Let me explain what I did and which errors are appearing... > > So I have two projects > - IDP > - STS > > Both are located in a Tomcat 8 container. This container has the following > SSL config in the server.xml file > > <Connector > SSLEnabled="true" > clientAuth="want" > maxThreads="150" > port="9443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" > secure="true" > sslProtocol="TLS" > SSLVerifyClient="optional" > keystoreFile="E:\Certificates\identity-provider\tazouxme-idp-key.jks" > keystorePass="tompass" > truststoreFile="E:\Certificates\identity-provider\tazouxme-idp-trust.jks" > truststorePass="ispass" > truststoreType="JKS" /> > > All ports begin with 9*. > > I launch my Tomcat and try to access Metadata and WSDL. > Here are the results: > > - When I want to access the Metdata (via the idp url), it's fine ; the XML > is well displayed. > - When I want to access the WSDL (via the sts url), it's not displayed! > > I understand that the server requires the client certificate. > It's seems that this step does not work... I'm using Firefox. > > So here I'm blocked and if I want to connect an webapp to the IdP system, > it > does not after setting the credentials in te Authetication box. the > following page is displayed > > Sorry, CXF Fediz IDP cannot satisfy your request. > Reason : IDP is unavailable, please contact the administrator > > And the root cause Exception is: > > Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: > RequireClientCertificate is set, but no local certificates were negotiated. > Is the server set to ask for client authorization? > at > > org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:136) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1739) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1292) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1262) > at > > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:211) > at > > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) > at > > org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89) > at > > org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63) > at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100) > at > com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241) > at > com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253) > ... 177 more > > Do you have any idea how to solve this server-client cert. request? > > Thanks again for your big help !! > Joël > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Sorry-CXF-Fediz-IDP-cannot-satisfy-your-request-tp5760366.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
