Re: [Resteasy-users] Resteasy OAuth 2.0 Skeleton Key Example launchs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
You have to provide a truststore or disable the trust manager. On 5/13/2014 4:26 PM, JOSÉ INÁCIO DA SILVA JÚNIOR wrote: Hi! I'm trying to implement SSO through Resteasy Skeleton Key. I'm following the Chapter 39. OAuth 2.0 and Resteasy Skeleton Key of Resteasy Reference Guide. I generated my keystore with: keytool -genkey -alias mydomain -keyalg rsa -keystore realmDINF.jks then I exported my certificate with: keytool -exportcert -alias mydomain -keystore /opt/jboss-7.1.1.Final/standalone/configuration/realmDINF.jks -file /opt/jboss-7.1.1.Final/standalone/configuration/mydomain.cer then I imported my certificate into cacerts: keytool -import -alias mydomain -keystore cacerts -trustcacerts -file /opt/jboss-7.1.1.Final/standalone/configuration/mydomain.cer The auth-server application e the customer-app applicaton were deployed When I access the customer-app application in my browser: https://localhost:8443/customer-app I see the login page and when I enter user and password I get the following exception: 17:09:35,499 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--127.0.0.1-8443-1) An exception or error occurred in the container during the request processing: javax.ws.rs.ProcessingException: Unable to invoke request at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:287) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:407) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.post(ClientInvocationBuilder.java:195) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.ServletOAuthLogin.resolveCode(ServletOAuthLogin.java:271) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.oauth(OAuthManagedResourceValve.java:273) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.authenticate(OAuthManagedResourceValve.java:175) [skeleton-key-as7-3.0.7.Final.jar:] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.invoke(OAuthManagedResourceValve.java:138) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) [jsse.jar:1.6] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1.jar:4.2.1] at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:283) [resteasy-client-3.0.7.Final.jar:] ...
Re: [Resteasy-users] Resteasy OAuth 2.0 Skeleton Key Example launchs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
BTW, take a look at keycloak.org Its the new project I started for security. On 5/13/2014 5:08 PM, Bill Burke wrote: You have to provide a truststore or disable the trust manager. On 5/13/2014 4:26 PM, JOSÉ INÁCIO DA SILVA JÚNIOR wrote: Hi! I'm trying to implement SSO through Resteasy Skeleton Key. I'm following the Chapter 39. OAuth 2.0 and Resteasy Skeleton Key of Resteasy Reference Guide. I generated my keystore with: keytool -genkey -alias mydomain -keyalg rsa -keystore realmDINF.jks then I exported my certificate with: keytool -exportcert -alias mydomain -keystore /opt/jboss-7.1.1.Final/standalone/configuration/realmDINF.jks -file /opt/jboss-7.1.1.Final/standalone/configuration/mydomain.cer then I imported my certificate into cacerts: keytool -import -alias mydomain -keystore cacerts -trustcacerts -file /opt/jboss-7.1.1.Final/standalone/configuration/mydomain.cer The auth-server application e the customer-app applicaton were deployed When I access the customer-app application in my browser: https://localhost:8443/customer-app I see the login page and when I enter user and password I get the following exception: 17:09:35,499 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--127.0.0.1-8443-1) An exception or error occurred in the container during the request processing: javax.ws.rs.ProcessingException: Unable to invoke request at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:287) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:407) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.post(ClientInvocationBuilder.java:195) [resteasy-client-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.ServletOAuthLogin.resolveCode(ServletOAuthLogin.java:271) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.oauth(OAuthManagedResourceValve.java:273) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.authenticate(OAuthManagedResourceValve.java:175) [skeleton-key-as7-3.0.7.Final.jar:] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:] at org.jboss.resteasy.skeleton.key.as7.OAuthManagedResourceValve.invoke(OAuthManagedResourceValve.java:138) [skeleton-key-as7-3.0.7.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) [jsse.jar:1.6] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1.jar:4.2.1] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1.jar:4.2.1] at