The problem is that you are not following the HowToGenerateKeysREADME.html exactly. The default realm is "Realm A" and so you need to generate a key for this realm + import the cert into tazouxme-trust.jks. I got it working with the default realm A cert by just doing:
keytool -import -trustcacerts -keystore tazouxme-trust.jks -storepass storepass -alias realma -file realma.cert -noprompt + then copy tazouxme-trust.jks into the Tomcat RP module (as well as the STS webapp). You also have to add in "tazouxme-trust.jks" to stsTruststore.properties in the STS if you haven't already. Colm. On Wed, Aug 26, 2015 at 3:42 PM, tazouxme <[email protected]> wrote: > I followed the instructions from the web file HowToGenerateKeysREADME.html. > Here are the steps > > keytool -genkeypair -validity 730 -alias tazouxmeidp -keystore > D:\Certificates\tazouxme\tazouxme-idp-tomcat.jks -dname "cn=localhost" > -keypass tompass -storepass tompass -keysize 2048 -keyalg RSA > > keytool -keystore D:\Certificates\tazouxme\tazouxme-idp-tomcat.jks > -storepass tompass -export -alias tazouxmeidp -file > D:\Certificates\tazouxme\tazouxmeidp.crt > > keytool -genkeypair -validity 730 -alias tazouxmerp -keystore > D:\Certificates\tazouxme\tazouxme-rp-tomcat.jks -dname "cn=localhost" > -keypass tompass -storepass tompass -keysize 2048 -keyalg RSA > > keytool -keystore D:\Certificates\tazouxme\tazouxme-rp-tomcat.jks > -storepass > tompass -export -alias tazouxmerp -file > D:\Certificates\tazouxme\tazouxmerp.crt > > keytool -import -trustcacerts -keystore > D:\Certificates\tazouxme\tazouxme-idp-trust.jks -storepass ispass -alias > tazouxmeidp -file D:\Certificates\tazouxme\tazouxmeidp.crt -noprompt > > keytool -genkeypair -keyalg RSA -validity 3600 -alias tazouxme -keystore > D:\Certificates\tazouxme\tazouxme.jks -dname "cn=TAZOUXME" -keypass > tazouxme > -storepass storepass -keysize 2048 > > keytool -export -rfc -keystore D:\Certificates\tazouxme\tazouxme.jks > -storepass storepass -alias tazouxme -file > D:\Certificates\tazouxme\tazouxme.crt > > keytool -import -trustcacerts -keystore > D:\Certificates\tazouxme\tazouxme-trust.jks -storepass storepass -alias > tazouxme -file D:\Certificates\tazouxme\tazouxme.crt -noprompt > > keytool -import -trustcacerts -keystore > D:\Certificates\tazouxme\tazouxme-trust.jks -storepass storepass -alias > tazouxmerp -file D:\Certificates\tazouxme\tazouxmerp.crt -noprompt > > And I finally added the *.crt in JRE cacerts to make it work. > > In the <http:conduit> are present > - tazouxme-idp-tomcat.jks in <keyManagers> > - tazouxme-idp-trust.jks in <trustManagers> > > In IDP tomcat I set > - tazouxme-idp-tomcat.jks > - tazouxme-idp-trust.jks > > In RP tomcat I set > - tazouxme-rp-tomcat.jks > > In IDP Webapp I put > - tazouxme-idp-tomcat.jks > - tazouxme-idp-trust.jks > - tazouxme.jks > > In STS Webapp I put > - tazouxme.jks > - tazouxme-trust.jks > > So finally in the RP Webapp is present > - tazouxme-trust.jks > > So here you have all aliases and passwords needed to test. > If it works then my complete IdP is bugged and I will have to rebuild it... > > Joël > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Sorry-CXF-Fediz-IDP-cannot-satisfy-your-request-tp5760366p5760467.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
