You should change your Tomcat Configuration to request SSL client
authentication like the following:
<Connector port="9443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
keystoreFile="idp-ssl-server.jks"
keystorePass="tompass"
truststoreFile="idp-ssl-trust.jks"
truststorePass="ispass"
truststoreType="JKS"
SSLVerifyClient="optional"
clientAuth="want"
sslProtocol="TLS" />
Best regards
Jan
> -----Ursprüngliche Nachricht-----
> Von: masoud [mailto:[email protected]]
> Gesendet: Freitag, 31. Oktober 2014 17:21
> An: [email protected]
> Betreff: Re: Re: fediz sample idP client connection error
>
> I had actually already tried this, but i double checked to make sure.
> Still have the exact same issue. Here's the Connector from my server.xml
>
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="idp-ssl-server.jks"
> keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/>
>
> I get the same error message. Would I be getting a 200 response from the sts
> if
> it was a this type of an issue?
> On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote:
> > Hi,
> >
> > Yes, it's the right place to ask questions about Fediz. This part of
> > the log tells you what the problem is:
> >
> >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> > stream: RequireClientCertificate is set, but no local
> >> certificates were negotiated. Is the server set to ask for client
> > authorization?
> >
> > >From Fediz 1.1.2, the second call from the IdP to the STS is secured
> > >with
> > client authentication at the transport level. As you say that the
> > https conduit is already configured correctly, I suspect that your STS
> > deployment is not set up to require client authentication.
> >
> > In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have
> > clientAuth="want" (your IdP does not require client auth, so "want"
> > works if you are colocating the IdP + STS in the same container).
> >
> > Colm.
> >
> >
> > On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri
> > <[email protected]>
> > wrote:
> >
> >> Hi,
> >>
> >> I'm not sure if this is the right place to be asking this question,
> >> so if there is anywhere else that i would be better suited, please let me
> >> know.
> >>
> >> I'm trying to set up the sample applications. I have the sample
> >> spring rp application in a jboss instance, and i have the sts and idp
> >> deployed separately to a tomcat instance.
> >> The idp seems to connect to, and receive a response from the sts
> >> sucessfully, but then it seems to decide it doesn't like the way the
> >> connection was neogtiated. But i can't figure out exactly what's wrong.
> >>
> >> I've appended the relevant portion of the idp.log from my tomcat
> >> instance below.
> >> I've built these projects from the 1.1.2 release of fediz.
> >>
> >> I've already double checked that the https conduit is configured with
> >> the right keystore/passowrd combinations, i'm not sure what else
> >> could be wrong.
> >>
> >> --------------------------------------
> >> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO
> >> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
> >> - Inbound Message
> >> ----------------------------
> >> ID: 7
> >> Response-Code: 200
> >> Encoding: UTF-8
> >> Content-Type: text/xml;charset=UTF-8
> >> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct
> >> 2014
> >> 22:41:39 GMT], Server=[Apache-Coyote/1.1],
> >> transfer-encoding=[chunked]}
> >> Payload: <soap:Envelope xmlns:soap="
> >> http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header
> >> xmlns:SOAP-ENV="
> >> http://schemas.xmlsoap.org/soap/envelope/
> >> "/><soap:Body><RequestSecurityTokenResponseCollection
> >> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> >> ility-1.0.xsd
> >> "
> >> xmlns:ns3="
> >>
> >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-se
> >> cext-1.0.xsd
> >> "
> >> xmlns:ns4="http://www.w3.org/2005/08/addressing"; xmlns:ns5="
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200802
> >> "><RequestSecurityTokenResponse><TokenType>
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0 </TokenType><RequestedSecurityToken><saml2:Assertion
> >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="
> >> http://www.w3.org/2001/XMLSchema-instance";
> >> ID="_7447A8C432B36EB5A414147088997946"
> >> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0"
> >> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm
> >> A</saml2:Issuer><ds:Signature
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> "><ds:SignedInfo><ds:CanonicalizationMethod
> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMet
> >> hod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
> >>
> URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transfor
> m
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
> >> "/><ds:Transform
> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> >> "/></ds:Transforms><ds:DigestMethod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> >>
> >>
> "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></d
> s:
> >>
> Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJ
> >>
> nHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFX
> W8+IWc
> >>
> rnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK
> 5tY
> >>
> xFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsd
> ubjeQ0
> >>
> jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1b
> QDTG2y
> >>
> 6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><d
> s:K
> >>
> eyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANB
> >> gkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
> >>
> >>
> MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZ
> SRUFMTUEwggEiM
> >> A0GCSqG
> >>
> >>
> SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVl
> Uo2eBNBa
> >> OloKvyX
> >>
> >>
> rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIa
> ClLQr
> >> rYT6zwd+NuV8d8p
> >>
> >>
> ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGB
> Q
> >> sTGTvb4
> >>
> >>
> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVL
> mWj
> >> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+v1oDuLr
> >>
> >>
> x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRx
> A
> >> gMBAAGj
> >>
> >>
> ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQ
> sFAAOCA
> >> QEAnkmN
> >>
> >>
> aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZ
> mtH02CE
> >> RUXZTbh
> >>
> >>
> 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTE
> eO
> >> OanaG8R
> >>
> >>
> 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA
> 8/wVOZnGO
> >> CkmnKs9
> >>
> >>
> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLL
> k+AWzQA
> >> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+ZDqpDwj
> >>
> >>
> ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Dat
> >> ys1YXREbVVFVlS+a></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:Na
> >> ys1YXREbVVFVlS+meID
> >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> >> NameQualifier="http://cxf.apache.org/sts
> >> ">ted</saml2:NameID><saml2:SubjectConfirmation
> >>
> >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml
> >> 2:Conditions
> >> NotBefore="2014-10-30T22:41:39.794Z"
> >>
> >> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><s
> >> aml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestricti
> >> on></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><Req
> >> uestedAttachedReference><ns3:SecurityTokenReference
> >> xmlns:wsse11="
> >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
> >> wsse11:TokenType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0
> >> "><ns3:KeyIdentifier
> >> ValueType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> >> D
> >>
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> >>
> TokenReference></RequestedAttachedReference><RequestedUnattachedRefer
> >> ence><ns3:SecurityTokenReference
> >> xmlns:wsse11="
> >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
> >> wsse11:TokenType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV
> >> 2.0
> >> "><ns3:KeyIdentifier
> >> ValueType="
> >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI
> >> D
> >>
> ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security
> >> TokenReference></RequestedUnattachedReference><wsp:AppliesTo
> >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointRefere
> >> nce xmlns:wsa="http://www.w3.org/2005/08/addressing
> >>
> >> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></w
> >> sp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Cre
> >> ated><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></
> >> RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection
> >> ></soap:Body></soap:Envelope>
> >> --------------------------------------
> >> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO
> >> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction -
> >> Token [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm
> >> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached.
> >> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN
> >> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {
> >>
> >> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenServic
> >> e#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> >> has thrown exception, unwinding now
> >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to
> >> stream: RequireClientCertificate is set, but no local certificates
> >> were negotiated. Is the server set to ask for client authorization?
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:223)
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:174)
> >> at
> >>
> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
> >> orChain.java:272) at
> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> >> at
> >>
> >> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSC
> >> lient.java:835)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> >> ponse(IdpSTSClient.java:57)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes
> >> ponse(IdpSTSClient.java:52)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClie
> >> ntAction.java:273) at
> >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> >>
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> >> java:57)
> >> at
> >>
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606)
> >> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517)
> >> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812)
> >> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61)
> >> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846)
> >> at ognl.ASTMethod.getValueBody(ASTMethod.java:73)
> >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> >> at ognl.ASTChain.getValueBody(ASTChain.java:109)
> >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170)
> >> at ognl.SimpleNode.getValue(SimpleNode.java:210)
> >> at ognl.Ognl.getValue(Ognl.java:333)
> >> at
> >>
> >> org.springframework.binding.expression.ognl.OgnlExpression.getValue(O
> >> gnlExpression.java:85)
> >> at
> >>
> >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA
> >> ction.java:75)
> >> at
> >>
> >> org.springframework.webflow.action.AbstractAction.execute(AbstractAct
> >> ion.java:188)
> >> at
> >>
> >> org.springframework.webflow.execution.AnnotatedAction.execute(Annotat
> >> edAction.java:145)
> >> at
> >>
> >> org.springframework.webflow.execution.ActionExecutor.execute(ActionEx
> >> ecutor.java:51)
> >> at
> >>
> >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> >> va:101) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119)
> >> at
> >>
> >> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowSt
> >> ate.java:116) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFl
> >> owSession(FlowExecutionImpl.java:412)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.end
> >> ActiveFlowSession(RequestControlContextImpl.java:238)
> >> at
> >> org.springframework.webflow.engine.EndState.doEnter(EndState.java:107
> >> ) at org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
> >> va:105) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat
> >> e.java:51) at
> >> org.springframework.webflow.engine.State.enter(State.java:194)
> >> at
> >> org.springframework.webflow.engine.Transition.execute(Transition.java
> >> :227)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
> >> wExecutionImpl.java:393)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
> >> cute(RequestControlContextImpl.java:214)
> >> at
> >>
> >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
> >> ansitionableState.java:119) at
> >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
> >> (FlowExecutionImpl.java:388)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han
> >> dleEvent(RequestControlContextImpl.java:210)
> >> at
> >>
> >> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja
> >> va:232) at
> >> org.springframework.webflow.engine.ViewState.resume(ViewState.java:19
> >> 6) at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
> >> at
> >>
> >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow
> >> ExecutionImpl.java:258)
> >> at
> >>
> >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution
> >> (FlowExecutorImpl.java:169)
> >> at
> >>
> >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo
> >> wHandlerAdapter.java:183)
> >> at
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
> >> erServlet.java:923)
> >> at
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
> >> rServlet.java:852)
> >> at
> >>
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(Frame
> >> workServlet.java:882)
> >> at
> >>
> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
> >> let.java:789) at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:303)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208) at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
> >> )
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:241)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:330)
> >> at
> >>
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.invoke(FilterSecurityInterceptor.java:118)
> >> at
> >>
> >> org.springframework.security.web.access.intercept.FilterSecurityInter
> >> ceptor.doFilter(FilterSecurityInterceptor.java:84)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.access.ExceptionTranslationFilter.do
> >> Filter(ExceptionTranslationFilter.java:113)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.session.SessionManagementFilter.doFi
> >> lter(SessionManagementFilter.java:103)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.authentication.AnonymousAuthenticati
> >> onFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.servletapi.SecurityContextHolderAwar
> >> eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:
> >> 54)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter
> >> .doFilter(RequestCacheAwareFilter.java:45)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.authentication.www.BasicAuthenticati
> >> onFilter.doFilter(BasicAuthenticationFilter.java:201)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.context.SecurityContextPersistenceFi
> >> lter.doFilter(SecurityContextPersistenceFilter.java:87)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter
> >> .java:65)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
> >> doFilter(FilterChainProxy.java:342)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
> >> lterChainProxy.java:192)
> >> at
> >>
> >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
> >> nProxy.java:160)
> >> at
> >>
> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
> >> elegatingFilterProxy.java:346)
> >> at
> >>
> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
> >> ingFilterProxy.java:259)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:241)
> >> at
> >>
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:208)
> >> at
> >>
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> >> alve.java:220)
> >> at
> >>
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> >> alve.java:122)
> >> at
> >>
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> >> ava:170)
> >> at
> >>
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> >> ava:103)
> >> at
> >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> >> 950)
> >> at
> >>
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> >> ve.java:116)
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> >> a:421)
> >> at
> >>
> >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
> >> 11Processor.java:1070)
> >> at
> >>
> >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> >> AbstractProtocol.java:611)
> >> at
> >>
> >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
> >> t.java:316)
> >> at
> >>
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
> >> java:1145)
> >> at
> >>
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
> >> .java:615)
> >> at
> >>
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
> >> read.java:61) at java.lang.Thread.run(Thread.java:745)
> >> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate
> >> is set, but no local certificates were negotiated. Is the server set
> >> to ask for client authorization?
> >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255)
> >> at
> >>
> >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte
> >> rceptor.handleMessage(SAAJOutInterceptor.java:215)
> >> ... 126 more
> >> Caused by:
> org.apache.cxf.transport.http.UntrustedURLConnectionIOException:
> >> RequireClientCertificate is set, but no local certificates were
> >> negotiated. Is the server set to ask for client authorization?
> >> at
> >>
> >> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorP
> >> rovider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenIntercept
> >> orProvider.java:117)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTru
> >> stDecision(HTTPConduit.java:1716)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleH
> >> eadersTrustCaching(HTTPConduit.java:1276)
> >> at
> >>
> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst
> >> Write(HTTPConduit.java:1246)
> >> at
> >>
> >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionW
> >> rappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
> >> at
> >>
> >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> >> tputStream.java:47)
> >> at
> >>
> >> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThre
> >> sholdOutputStream.java:89)
> >> at
> >>
> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho
> >> ldOutputStream.java:63)
> >> at
> >>
> >> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutput
> >> Stream.java:80)
> >> at
> >>
> >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu
> >> tputStream.java:51) at
> >> com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
> >> at
> >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241)
> >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253)
> >> ... 127 more
> >>
> >
> >
