Re: Fwd: Issues with getting Fediz up and running

Fri, 31 Aug 2012 09:23:26 -0700

Hi, are you using Fediz 1.0.1? It was released a couple of days ago, featuring new sample keystores and several other changes. More comments below: 

On 08/31/2012 12:04 PM, frank wrote:

Hi,

After having configured the IDP/STS and the RP sample, I run into the issue
that after the redirect to the IDP, a page with "*Access to the specified
resource (Requesting security token failed) has been forbidden.*" appears.
Tomcat's error trace suggests that there is something wrong with the
certificates.

Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target


... normally indicating a key was missing from a truststore


Possibly this is caused by the rather unclear path to creating the
keystores. It would seem that creating tomcat-idp.jks and tomcat-rp.jks is
sufficient to get the web application up and running, but in this process
stsstore.jks also needs to be created for MyIDP.cer.
Are you following this chart: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?revision=1364769&view=co (and using the sample Tomcat keys already provided in this folder?)
Further, stsstore.jks does not need to be "created" (it does for production, but not for running the sample), it should already be in the STS war. 



Strangely enough,
fediz-config.xml points to stsstore.jks in the conf directory whereas the
table for the keystores states that fediz-config.xml point tot
tomcat-rp.jks, which according to the same table should be in the base
directory of the RP samples.
It shouldn't be doing that, in Fediz 1.0.1 is should be pointing to tomcat-rp.jks: 

http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml?revision=1364755&view=markup
I don't know why your version has it pointing to stsstore.jks. Fediz 1.0.0 had it that way, but that was updated in 1.0.1. 

HTH,
Glen



What is the way out of this situation? How can I get things up and running?
Any help would be appreciated.

I tried generating my own keystores as well as using the keystores provided
in the source code samples. Neither of these work.

Cheers,

Frank




--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza

Reply via email to