i am using 1.4.2.
my stsKeystore.properties is as follows, but i have had to modify values
for security
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=mypassword (jks
password NOT certificate password)
org.apache.ws.security.crypto.merlin.keystore.alias=realmmyrealm (same
as the alias of the cert in the jks)
org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_myrealm.jks
(name of the jks located in the same directory as this file)
Matthew
On 19/10/2017 16:48, Colm O hEigeartaigh wrote:
What Fediz version are you using? Are you specifying a
"org.apache.ws.security.crypto.merlin.keystore.alias"
in your keystore properties and does it match "
realmmyrealm"?
Colm.
On Thu, Oct 19, 2017 at 12:52 PM, Matthew Broadhead <
[email protected]> wrote:
Thanks Colm, yes that was caused by a typo in stsKeystore.properties.
but now I get this:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystore
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
The private key for the supplied alias does not exist in the keystore
Original Exception was java.security.UnrecoverableKeyException: Cannot
recover key
at org.apache.wss4j.common.saml.SamlAssertionWrapper.signAssert
ion(SamlAssertionWrapper.java:542)
at org.apache.cxf.sts.token.provider.AbstractSAMLTokenProvider.
signToken(AbstractSAMLTokenProvider.java:121)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSa
mlToken(SAMLTokenProvider.java:319)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createTo
ken(SAMLTokenProvider.java:117)
at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle
(TokenIssueOperation.java:171)
but if i do keytool -list -v -keystore stsrealm_myrealm.jks i get
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: realmmyrealm
Creation date: 17-Oct-2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
On 19/10/2017 13:27, Colm O hEigeartaigh wrote:
The error is that the STS can't load the signature properties file. For
example, in the default STS the RealmProperties references the
signaturePropertiesFile for the realm here:
https://github.com/apache/cxf-fediz/blob/aee07e167458e468f12
3954f177c79f17df2c083/services/sts/src/main/webapp/
WEB-INF/data/realms.xml#L62
which in turn is here:
https://github.com/apache/cxf-fediz/blob/master/services/sts
/src/main/resources/stsKeystoreA.properties
On Thu, Oct 19, 2017 at 10:31 AM, Matthew Broadhead <
[email protected]> wrote:
Hi,
I am following this article by Jan https://janbernhardt.blogspot.
com.es/2016/02/apache-fediz-installation-in-productive.html and I think
I
am close to getting it working but I have hit this error that I cannot
work
out. Can anyone help?
org.apache.cxf.sts.token.provider.SAMLTokenProvider -
org.apache.cxf.ws.security.sts.provider.STSException: Configuration
error: cannot load signature properties
at org.apache.cxf.sts.token.realm.RealmProperties.getSignatureC
rypto(RealmProperties.java:156)
at org.apache.cxf.sts.token.provider.AbstractSAMLTokenProvider.
signToken(AbstractSAMLTokenProvider.java:59)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSa
mlToken(SAMLTokenProvider.java:319)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createTo
ken(SAMLTokenProvider.java:117)
at org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle
(TokenIssueOperation.java:171)
