Re: Re: fediz sample idP client connection error

[masoud]

I had actually already tried this, but i double checked to make sure. 
Still have the exact same issue. Here's the Connector from my server.xml

    <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           keystoreFile="idp-ssl-server.jks"
           keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/>
I get the same error message. Would I be getting a 200 response from the 
sts if it was a this type of an issue?
On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote:
Hi,

Yes, it's the right place to ask questions about Fediz. This part of the
log tells you what the problem is:

org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
stream: RequireClientCertificate is set, but no local
certificates were negotiated.  Is the server set to ask for client
authorization?

>From Fediz 1.1.2, the second call from the IdP to the STS is secured with
client authentication at the transport level. As you say that the https
conduit is already configured correctly, I suspect that your STS deployment
is not set up to require client authentication.

In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
clientAuth="want" (your IdP does not require client auth, so "want" works
if you are colocating the IdP + STS in the same container).

Colm.


On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri <mas...@10point1.com>
wrote:

Hi,

I'm not sure if this is the right place to be asking this question, so if
there is anywhere else that i would be better suited, please let me know.

I'm trying to set up the sample applications. I have the sample spring rp
application in a jboss instance, and i have the sts and idp deployed
separately to a tomcat instance.
The idp seems to connect to, and receive a response from the sts
sucessfully, but then it seems to decide it doesn't like the way the
connection was neogtiated. But i can't figure out exactly what's wrong.

I've appended the relevant portion of the idp.log from my tomcat instance
below.
I've built these projects from the 1.1.2 release of fediz.

I've already double checked that the https conduit is configured with the
right keystore/passowrd combinations, i'm not sure what else could be
wrong.

--------------------------------------
2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
  org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS  -
Inbound Message
----------------------------
ID: 7
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct 2014
22:41:39 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header
xmlns:SOAP-ENV="
http://schemas.xmlsoap.org/soap/envelope/
"/><soap:Body><RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:ns3="

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
xmlns:ns4="http://www.w3.org/2005/08/addressing"; xmlns:ns5="
http://docs.oasis-open.org/ws-sx/ws-trust/200802
"><RequestSecurityTokenResponse><TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
</TokenType><RequestedSecurityToken><saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance";
ID="_7447A8C432B36EB5A414147088997946"
IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
A</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#
"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1

"/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJnHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFXW8+IWcrnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK5tYxFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsdubjeQ0jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1bQDTG2y6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN

MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG

SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVlUo2eBNBaOloKvyX

rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIaClLQrNuV8d8p

ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGBQsTGTvb4

N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVLmWjv1oDuLr

x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRxAgMBAAGj

ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQsFAAOCAQEAnkmN

aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZmtH02CERUXZTbh

8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTEeOOanaG8R

2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA8/wVOZnGOCkmnKs9

6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLLk+AWzQAZDqpDwj

ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="http://cxf.apache.org/sts
">ted</saml2:NameID><saml2:SubjectConfirmation

Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
NotBefore="2014-10-30T22:41:39.794Z"

NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><saml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
"><ns3:KeyIdentifier
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
"><ns3:KeyIdentifier
ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing

"><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Created><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
--------------------------------------
2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
  org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction  - Token
[IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
[urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
  org.apache.cxf.phase.PhaseInterceptorChain  - Interceptor for {

http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
stream: RequireClientCertificate is set, but no local certificates were
negotiated.  Is the server set to ask for client authorization?
at

org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:223)
at

org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:174)
at

org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at

org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:835)
at

org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:57)
at

org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:52)
at

org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClientAction.java:273)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
at ognl.SimpleNode.getValue(SimpleNode.java:210)
at ognl.ASTChain.getValueBody(ASTChain.java:109)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
at ognl.SimpleNode.getValue(SimpleNode.java:210)
at ognl.Ognl.getValue(Ognl.java:333)
at

org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:85)
at

org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
at

org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at

org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at

org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at

org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at

org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at

org.springframework.webflow.engine.SubflowState.handleEvent(SubflowState.java:116)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFlowSession(FlowExecutionImpl.java:412)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.endActiveFlowSession(RequestControlContextImpl.java:238)
at org.springframework.webflow.engine.EndState.doEnter(EndState.java:107)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at

org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at

org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at

org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
at

org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at

org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232)
at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196)
at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
at

org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258)
at

org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
at

org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
at

org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at

org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at

org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at

org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at

org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at

org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter.java:65)
at

org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at

org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at

org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at

org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at

org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at

org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at

org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at

org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at

org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at

org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at

org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at

org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at

java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at

java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate is
set, but no local certificates were negotiated.  Is the server set to ask
for client authorization?
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
at

org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor.handleMessage(SAAJOutInterceptor.java:215)
... 126 more
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
RequireClientCertificate is set, but no local certificates were
negotiated.  Is the server set to ask for client authorization?
at

org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
at

org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1716)
at

org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1276)
at

org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1246)
at

org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at

org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at

org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
at

org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
at

org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:80)
at

org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
... 127 more