Enable logging for the Fediz RP + see what the stacktrace is first. This will tell you what the problem is with the request. In terms of verifying the request, you should just need the signing cert (or CA) in your truststore.
Colm. On Thu, Sep 17, 2015 at 8:12 AM, Rajnish ravi <[email protected]> wrote: > Hi All, > I have my application as *Fediz RP* configured in my system. I have > registered my application(Fediz RP) with *PING Identity IDP*. We have > successful connection but when we get redirect to my webapp after verifying > IDP, I get 401 error page. when I see in SAMLTracer it says: *HTTP/?.? 401 > Unauthorized. *I am able to see the token in SAML Tracer but I am not able > to display my jsp page which printing the SAML Token. > I have configured key-store where I have imported my self-signed public > certificate and private key(I have also shared my public certificate and > private key to PING IDP). I also configured trust-store in my fediz-conf > file where I imported Ping-identity IDP's public certificate. I am thinking > that may be I did something wrong with importing/exporting certificates in > keystore and truststore. > Here is details what I did for generating keystore and truststore: > 1. I created PKCS12 keystore from my selfsigned private key and public > certificate. > *openssl pkcs12 -export -name myservercert -in devcacert.pem -inkey > devprivatekey.pem -out keystore.p12* > > 2. I converted PKCS12 keystore into a JKS keystore > *keytool -importkeystore -destkeystore mykeystore.jks -srckeystore > keystore.p12 -srcstoretype pkcs12 -alias myservercert* > > 3. using below steps, I created truststore jks file > *keytool -import -trustcacerts -keystore ststrust.jks -storepass > storepass -alias realma -file realma.cert -noprompt* > > keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass > -alias rpcert -file *MyTCRP.cer* -noprompt but I have used following: > > keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass > -alias rpcert -file *PingIDP.cer* -noprompt > > Here I have confusion with realma.cert and MyTCRP.cer. Because I am > thinking my RP is realma, so I used my public certificate here. > I also imported Ping Identity IDP's certificate in this truststore. Where I > am doing wrong. Plese explain the difference of MyTCRP.cer and realma.cer. > > Need for quick help. > > Regards, > Raj > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
