[gt-user] Bad hostbased service name. "@" missing

Fri, 23 Nov 2007 06:30:53 -0800 

Hi all,
when I try to contact a service with GSISecureConversation during the security handshake I get following exception on client side: 

AxisFault

faultCode: 
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}General

faultSubcode:

faultString: Authorization failed. [Caused by: Failure unspecified at 
GSS-API level (Mechanism level: Bad hostbased service

name. "@" missing)]
faultActor:
faultNode:
faultDetail:

       {http://xml.apache.org/axis/}stackTrace:Authorization failed. 
Caused by GSSException: Failure unspecified at GSS-API
level (Mechanism level: Bad hostbased service name. 
"@" missing)
       at 
org.globus.gsi.gssapi.GlobusGSSName.<init>(GlobusGSSName.java:105)
       at 
org.globus.gsi.gssapi.GlobusGSSManagerImpl.createName(GlobusGSSManagerImpl.java:299)
       at 
org.globus.wsrf.impl.security.authorization.HostAuthorization.getName(HostAuthorization.java:202)
       at 
org.globus.wsrf.impl.security.authorization.HostAuthorization.getName(HostAuthorization.java:193)
       at 
org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:210

)

       at 
org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
       at 
org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
       at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at 
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

       at 
org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)

       at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
       at org.apache.axis.client.Call.invoke(Call.java:2710)
       at org.apache.axis.client.Call.invoke(Call.java:2386)
       at org.apache.axis.client.Call.invoke(Call.java:2309)
       at org.apache.axis.client.Call.invoke(Call.java:1766)


The server logs do not contains anything related to the exception 
above (even enabling DEBUG level for the root logger).



The invocation is performed using credentials generated by a MyProxy 
Online CA and the service is authenticated using host credentials 
generated by the same CA.
Other test invocations between the same client and server works 
properly (so I suspect that CA certificates are set properly for the 
two hosts).



Googling I red that the hostbased service name is transmitted in the 
security handshake of GSS-API, but I was not able to find it in the 
container's logs (even enabling DEBUG level for the root logger). Is 
there any other place where it is logged?


Do you know what could be the cause of this exception?

Thanks in advance for your help.

Cheers,
Paolo Roccetti



Attachment:
smime.p7s

Description: S/MIME cryptographic signature














    











					Reply via email to