Hi All, I have my application as *Fediz RP* configured in my system. I have registered my application(Fediz RP) with *PING Identity IDP*. We have successful connection but when we get redirect to my webapp after verifying IDP, I get 401 error page. when I see in SAMLTracer it says: *HTTP/?.? 401 Unauthorized. *I am able to see the token in SAML Tracer but I am not able to display my jsp page which printing the SAML Token. I have configured key-store where I have imported my self-signed public certificate and private key(I have also shared my public certificate and private key to PING IDP). I also configured trust-store in my fediz-conf file where I imported Ping-identity IDP's public certificate. I am thinking that may be I did something wrong with importing/exporting certificates in keystore and truststore. Here is details what I did for generating keystore and truststore: 1. I created PKCS12 keystore from my selfsigned private key and public certificate. *openssl pkcs12 -export -name myservercert -in devcacert.pem -inkey devprivatekey.pem -out keystore.p12*
2. I converted PKCS12 keystore into a JKS keystore *keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert* 3. using below steps, I created truststore jks file *keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt* keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias rpcert -file *MyTCRP.cer* -noprompt but I have used following: keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias rpcert -file *PingIDP.cer* -noprompt Here I have confusion with realma.cert and MyTCRP.cer. Because I am thinking my RP is realma, so I used my public certificate here. I also imported Ping Identity IDP's certificate in this truststore. Where I am doing wrong. Plese explain the difference of MyTCRP.cer and realma.cer. Need for quick help. Regards, Raj
