worked like a charm. Thanks! On Mon, Nov 3, 2014 at 3:33 AM, Jan Bernhardt <[email protected]> wrote:
> You should change your Tomcat Configuration to request SSL client > authentication like the following: > > <Connector port="9443" protocol="org.apache.coyote.http11.Http11Protocol" > maxThreads="150" SSLEnabled="true" > scheme="https" secure="true" > keystoreFile="idp-ssl-server.jks" > keystorePass="tompass" > truststoreFile="idp-ssl-trust.jks" > truststorePass="ispass" > truststoreType="JKS" > SSLVerifyClient="optional" > clientAuth="want" > sslProtocol="TLS" /> > > Best regards > Jan > > > -----Ursprüngliche Nachricht----- > > Von: masoud [mailto:[email protected]] > > Gesendet: Freitag, 31. Oktober 2014 17:21 > > An: [email protected] > > Betreff: Re: Re: fediz sample idP client connection error > > > > I had actually already tried this, but i double checked to make sure. > > Still have the exact same issue. Here's the Connector from my server.xml > > > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > keystoreFile="idp-ssl-server.jks" > > keystorePass="tompass" sslProtocol="TLS" clientAuth="want"/> > > > > I get the same error message. Would I be getting a 200 response from the > sts if > > it was a this type of an issue? > > On 2014-10-31 10:29 AM, Colm O hEigeartaigh wrote: > > > Hi, > > > > > > Yes, it's the right place to ask questions about Fediz. This part of > > > the log tells you what the problem is: > > > > > >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to > > > stream: RequireClientCertificate is set, but no local > > >> certificates were negotiated. Is the server set to ask for client > > > authorization? > > > > > > >From Fediz 1.1.2, the second call from the IdP to the STS is secured > > > >with > > > client authentication at the transport level. As you say that the > > > https conduit is already configured correctly, I suspect that your STS > > > deployment is not set up to require client authentication. > > > > > > In your CATALINA_HOME/conf/server.xml, the HTTPS connector should have > > > clientAuth="want" (your IdP does not require client auth, so "want" > > > works if you are colocating the IdP + STS in the same container). > > > > > > Colm. > > > > > > > > > On Thu, Oct 30, 2014 at 11:55 PM, Masoud Sahebolamri > > > <[email protected]> > > > wrote: > > > > > >> Hi, > > >> > > >> I'm not sure if this is the right place to be asking this question, > > >> so if there is anywhere else that i would be better suited, please > let me know. > > >> > > >> I'm trying to set up the sample applications. I have the sample > > >> spring rp application in a jboss instance, and i have the sts and idp > > >> deployed separately to a tomcat instance. > > >> The idp seems to connect to, and receive a response from the sts > > >> sucessfully, but then it seems to decide it doesn't like the way the > > >> connection was neogtiated. But i can't figure out exactly what's > wrong. > > >> > > >> I've appended the relevant portion of the idp.log from my tomcat > > >> instance below. > > >> I've built these projects from the 1.1.2 release of fediz. > > >> > > >> I've already double checked that the https conduit is configured with > > >> the right keystore/passowrd combinations, i'm not sure what else > > >> could be wrong. > > >> > > >> -------------------------------------- > > >> 2014-10-30 18:41:39,823 [http-bio-9443-exec-10] INFO > > >> org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > > >> - Inbound Message > > >> ---------------------------- > > >> ID: 7 > > >> Response-Code: 200 > > >> Encoding: UTF-8 > > >> Content-Type: text/xml;charset=UTF-8 > > >> Headers: {content-type=[text/xml;charset=UTF-8], Date=[Thu, 30 Oct > > >> 2014 > > >> 22:41:39 GMT], Server=[Apache-Coyote/1.1], > > >> transfer-encoding=[chunked]} > > >> Payload: <soap:Envelope xmlns:soap=" > > >> http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header > > >> xmlns:SOAP-ENV=" > > >> http://schemas.xmlsoap.org/soap/envelope/ > > >> "/><soap:Body><RequestSecurityTokenResponseCollection > > >> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:ns2=" > > >> > > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut > > >> ility-1.0.xsd > > >> " > > >> xmlns:ns3=" > > >> > > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-se > > >> cext-1.0.xsd > > >> " > > >> xmlns:ns4="http://www.w3.org/2005/08/addressing"; xmlns:ns5=" > > >> http://docs.oasis-open.org/ws-sx/ws-trust/200802 > > >> "><RequestSecurityTokenResponse><TokenType> > > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV > > >> 2.0 </TokenType><RequestedSecurityToken><saml2:Assertion > > >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi=" > > >> http://www.w3.org/2001/XMLSchema-instance"; > > >> ID="_7447A8C432B36EB5A414147088997946" > > >> IssueInstant="2014-10-30T22:41:39.794Z" Version="2.0" > > >> xsi:type="saml2:AssertionType"><saml2:Issuer>STS Realm > > >> A</saml2:Issuer><ds:Signature > > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig# > > >> "><ds:SignedInfo><ds:CanonicalizationMethod > > >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMet > > >> hod > > >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference > > >> > > URI="#_7447A8C432B36EB5A414147088997946"><ds:Transforms><ds:Transfor > > m > > >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature > > >> "/><ds:Transform > > >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > > >> "/></ds:Transforms><ds:DigestMethod > > >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > > >> > > >> > > "/><ds:DigestValue>cJZQTFmmmbmsXpqC4uuVQQ5kA/w=</ds:DigestValue></d > > s: > > >> > > Reference></ds:SignedInfo><ds:SignatureValue>Q3eo1Ns98UfZZPqa9h1MiUKJ > > >> > > nHMddOd/2bChGQytN/Pi6oyNUcaQ/ckhQKxIRjR5Lm1a4gh6jbPCQOVxmmB0jFX > > W8+IWc > > >> > > rnWTISxDAMLIEPlm4kQ6zXfAE03D6S4wLv177nHPB4EPcmJnjJ2ciUAq/QFD3fIdaK > > 5tY > > >> > > xFZkhdOJCWZSUrmha8WBFnhNuhhw4UKQgOQSBH99P4u/HvZFCxITuhVilKCCdsd > > ubjeQ0 > > >> > > jFUKhA0HnLVC/mPfZCXQH4p8negyLmzyaXWDp528hmp9fxPbVEHa5F+VVnySn1b > > QDTG2y > > >> > > 6HjoI5BlHf6U+tO+GvBDVuMyyU9f9siHwY2wGLUGBQ==</ds:SignatureValue><d > > s:K > > >> > > eyInfo><ds:X509Data><ds:X509Certificate>MIICwTCCAamgAwIBAgIEFKo9KjANB > > >> gkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN > > >> > > >> > > MTMwOTAzMjAyMjMxWhcNMjMwNzEzMjAyMjMxWjARMQ8wDQYDVQQDEwZ > > SRUFMTUEwggEiM > > >> A0GCSqG > > >> > > >> > > SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmQKgcHaFmTG/rMzlSP1DDVUn1AIVl > > Uo2eBNBa > > >> OloKvyX > > >> > > >> > > rYT6zwd+mno1Skj9EQMntx9LvK6xLiquLvuKP0XGeWHhJwgG4dBB1QQ71hosrWIa > > ClLQr > > >> rYT6zwd+NuV8d8p > > >> > > >> > > ztSkPfVrL5SdmlqDUAlC598rGhU7ttXPKp2FF8set2QIDSFZrRURpeAoh7aCdlySrJGB > > Q > > >> sTGTvb4 > > >> > > >> > > N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+nQ8q8soiwfGcVL > > mWj > > >> N6yF8yoxKcVBIBb62q4xS1qU10Oa+iYig3+b+vNwSzcN5RE9Etw+v1oDuLr > > >> > > >> > > x1BOqL2zXxmISlJgv2/cC3DVnPb6IOmHaEklLbod7Nq0JgD0L27s4Js+ccXtkoBcQtRx > > A > > >> gMBAAGj > > >> > > >> > > ITAfMB0GA1UdDgQWBBSSn4p1eScqsNyywCH37ipMdZNykzANBgkqhkiG9w0BAQ > > sFAAOCA > > >> QEAnkmN > > >> > > >> > > aVR3lXJWh4nOvNvzXz6vBSMbm/K4khu8mRtUWHikbwZE72ZLCD2Bv69YhNsaAZ > > mtH02CE > > >> RUXZTbh > > >> > > >> > > 8YXfZ0VnMh9ieTKHWpNGDOBdvfsd8jSLd4svIrP2vfMciS0px0Q87W4jntiQovhPuTE > > eO > > >> OanaG8R > > >> > > >> > > 2eaROTONRsTQxWWGep5FqhH6Of2hL7kwEjFyLDE/NIMHHeURlxmbwwMbnJoA > > 8/wVOZnGO > > >> CkmnKs9 > > >> > > >> > > 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+NDPEjXOv/7MzpiCSMLL > > k+AWzQA > > >> 6DXHD+MBCboD+2UMl76GONiksAsD+LjiqZwZeWsZCP+ZDqpDwj > > >> > > >> > > ys1YXREbVVFVlS+3Sob0hd0SJr/hsHl9Hw==</ds:X509Certificate></ds:X509Dat > > >> ys1YXREbVVFVlS+a></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:Na > > >> ys1YXREbVVFVlS+meID > > >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" > > >> NameQualifier="http://cxf.apache.org/sts > > >> ">ted</saml2:NameID><saml2:SubjectConfirmation > > >> > > >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml > > >> 2:Conditions > > >> NotBefore="2014-10-30T22:41:39.794Z" > > >> > > >> NotOnOrAfter="2014-10-30T23:01:39.794Z"><saml2:AudienceRestriction><s > > >> aml2:Audience>urn:fediz:idp</saml2:Audience></saml2:AudienceRestricti > > >> on></saml2:Conditions></saml2:Assertion></RequestedSecurityToken><Req > > >> uestedAttachedReference><ns3:SecurityTokenReference > > >> xmlns:wsse11=" > > >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > >> wsse11:TokenType=" > > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV > > >> 2.0 > > >> "><ns3:KeyIdentifier > > >> ValueType=" > > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI > > >> D > > >> > > ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security > > >> > > TokenReference></RequestedAttachedReference><RequestedUnattachedRefer > > >> ence><ns3:SecurityTokenReference > > >> xmlns:wsse11=" > > >> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > >> wsse11:TokenType=" > > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV > > >> 2.0 > > >> "><ns3:KeyIdentifier > > >> ValueType=" > > >> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLI > > >> D > > >> > > ">_7447A8C432B36EB5A414147088997946</ns3:KeyIdentifier></ns3:Security > > >> TokenReference></RequestedUnattachedReference><wsp:AppliesTo > > >> xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst=" > > >> http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wsa:EndpointRefere > > >> nce xmlns:wsa="http://www.w3.org/2005/08/addressing > > >> > > >> "><wsa:Address>urn:fediz:idp</wsa:Address></wsa:EndpointReference></w > > >> sp:AppliesTo><Lifetime><ns2:Created>2014-10-30T22:41:39.794Z</ns2:Cre > > >> ated><ns2:Expires>2014-10-30T23:01:39.794Z</ns2:Expires></Lifetime></ > > >> RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection > > >> ></soap:Body></soap:Envelope> > > >> -------------------------------------- > > >> 2014-10-30 18:41:39,837 [http-bio-9443-exec-10] INFO > > >> org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction - > > >> Token [IDP_TOKEN=_7447A8C432B36EB5A414147088997946] for realm > > >> [urn:org:apache:cxf:fediz:idp:realm-A] successfully cached. > > >> 2014-10-30 18:41:39,880 [http-bio-9443-exec-10] WARN > > >> org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for { > > >> > > >> http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenServic > > >> e#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue > > >> has thrown exception, unwinding now > > >> org.apache.cxf.binding.soap.SoapFault: Problem writing SAAJ model to > > >> stream: RequireClientCertificate is set, but no local certificates > > >> were negotiated. Is the server set to ask for client authorization? > > >> at > > >> > > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte > > >> rceptor.handleMessage(SAAJOutInterceptor.java:223) > > >> at > > >> > > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte > > >> rceptor.handleMessage(SAAJOutInterceptor.java:174) > > >> at > > >> > > >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept > > >> orChain.java:272) at > > >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570) > > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479) > > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382) > > >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335) > > >> at > > >> > > >> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSC > > >> lient.java:835) > > >> at > > >> > > >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes > > >> ponse(IdpSTSClient.java:57) > > >> at > > >> > > >> org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenRes > > >> ponse(IdpSTSClient.java:52) > > >> at > > >> > > >> org.apache.cxf.fediz.service.idp.beans.STSClientAction.submit(STSClie > > >> ntAction.java:273) at > > >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > > >> > > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > > >> java:57) > > >> at > > >> > > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > > >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) > > >> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:517) > > >> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:812) > > >> at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:61) > > >> at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:846) > > >> at ognl.ASTMethod.getValueBody(ASTMethod.java:73) > > >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170) > > >> at ognl.SimpleNode.getValue(SimpleNode.java:210) > > >> at ognl.ASTChain.getValueBody(ASTChain.java:109) > > >> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:170) > > >> at ognl.SimpleNode.getValue(SimpleNode.java:210) > > >> at ognl.Ognl.getValue(Ognl.java:333) > > >> at > > >> > > >> org.springframework.binding.expression.ognl.OgnlExpression.getValue(O > > >> gnlExpression.java:85) > > >> at > > >> > > >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA > > >> ction.java:75) > > >> at > > >> > > >> org.springframework.webflow.action.AbstractAction.execute(AbstractAct > > >> ion.java:188) > > >> at > > >> > > >> org.springframework.webflow.execution.AnnotatedAction.execute(Annotat > > >> edAction.java:145) > > >> at > > >> > > >> org.springframework.webflow.execution.ActionExecutor.execute(ActionEx > > >> ecutor.java:51) > > >> at > > >> > > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja > > >> va:101) at > > >> org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo > > >> wExecutionImpl.java:393) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe > > >> cute(RequestControlContextImpl.java:214) > > >> at > > >> > > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr > > >> ansitionableState.java:119) > > >> at > > >> > > >> org.springframework.webflow.engine.SubflowState.handleEvent(SubflowSt > > >> ate.java:116) at > > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent > > >> (FlowExecutionImpl.java:388) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han > > >> dleEvent(RequestControlContextImpl.java:210) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.endActiveFl > > >> owSession(FlowExecutionImpl.java:412) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.end > > >> ActiveFlowSession(RequestControlContextImpl.java:238) > > >> at > > >> org.springframework.webflow.engine.EndState.doEnter(EndState.java:107 > > >> ) at org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo > > >> wExecutionImpl.java:393) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe > > >> cute(RequestControlContextImpl.java:214) > > >> at > > >> > > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr > > >> ansitionableState.java:119) at > > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent > > >> (FlowExecutionImpl.java:388) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han > > >> dleEvent(RequestControlContextImpl.java:210) > > >> at > > >> > > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja > > >> va:105) at > > >> org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat > > >> e.java:51) at > > >> org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat > > >> e.java:51) at > > >> org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.DecisionState.doEnter(DecisionStat > > >> e.java:51) at > > >> org.springframework.webflow.engine.State.enter(State.java:194) > > >> at > > >> org.springframework.webflow.engine.Transition.execute(Transition.java > > >> :227) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo > > >> wExecutionImpl.java:393) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.exe > > >> cute(RequestControlContextImpl.java:214) > > >> at > > >> > > >> org.springframework.webflow.engine.TransitionableState.handleEvent(Tr > > >> ansitionableState.java:119) at > > >> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent > > >> (FlowExecutionImpl.java:388) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.RequestControlContextImpl.han > > >> dleEvent(RequestControlContextImpl.java:210) > > >> at > > >> > > >> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja > > >> va:232) at > > >> org.springframework.webflow.engine.ViewState.resume(ViewState.java:19 > > >> 6) at org.springframework.webflow.engine.Flow.resume(Flow.java:545) > > >> at > > >> > > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow > > >> ExecutionImpl.java:258) > > >> at > > >> > > >> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution > > >> (FlowExecutorImpl.java:169) > > >> at > > >> > > >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo > > >> wHandlerAdapter.java:183) > > >> at > > >> > > >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch > > >> erServlet.java:923) > > >> at > > >> > > >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatche > > >> rServlet.java:852) > > >> at > > >> > > >> org.springframework.web.servlet.FrameworkServlet.processRequest(Frame > > >> workServlet.java:882) > > >> at > > >> > > >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ > > >> let.java:789) at > > >> javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > > >> icationFilterChain.java:303) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > > >> ilterChain.java:208) at > > >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52 > > >> ) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > > >> icationFilterChain.java:241) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > > >> ilterChain.java:208) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:330) > > >> at > > >> > > >> org.springframework.security.web.access.intercept.FilterSecurityInter > > >> ceptor.invoke(FilterSecurityInterceptor.java:118) > > >> at > > >> > > >> org.springframework.security.web.access.intercept.FilterSecurityInter > > >> ceptor.doFilter(FilterSecurityInterceptor.java:84) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.access.ExceptionTranslationFilter.do > > >> Filter(ExceptionTranslationFilter.java:113) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.session.SessionManagementFilter.doFi > > >> lter(SessionManagementFilter.java:103) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.authentication.AnonymousAuthenticati > > >> onFilter.doFilter(AnonymousAuthenticationFilter.java:113) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.servletapi.SecurityContextHolderAwar > > >> eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java: > > >> 54) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter > > >> .doFilter(RequestCacheAwareFilter.java:45) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.authentication.www.BasicAuthenticati > > >> onFilter.doFilter(BasicAuthenticationFilter.java:201) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.context.SecurityContextPersistenceFi > > >> lter.doFilter(SecurityContextPersistenceFilter.java:87) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.apache.cxf.fediz.service.idp.STSPortFilter.doFilter(STSPortFilter > > >> .java:65) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. > > >> doFilter(FilterChainProxy.java:342) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi > > >> lterChainProxy.java:192) > > >> at > > >> > > >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChai > > >> nProxy.java:160) > > >> at > > >> > > >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D > > >> elegatingFilterProxy.java:346) > > >> at > > >> > > >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat > > >> ingFilterProxy.java:259) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > > >> icationFilterChain.java:241) > > >> at > > >> > > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > > >> ilterChain.java:208) > > >> at > > >> > > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV > > >> alve.java:220) > > >> at > > >> > > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV > > >> alve.java:122) > > >> at > > >> > > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j > > >> ava:170) > > >> at > > >> > > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j > > >> ava:103) > > >> at > > >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: > > >> 950) > > >> at > > >> > > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal > > >> ve.java:116) > > >> at > > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav > > >> a:421) > > >> at > > >> > > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp > > >> 11Processor.java:1070) > > >> at > > >> > > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( > > >> AbstractProtocol.java:611) > > >> at > > >> > > >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin > > >> t.java:316) > > >> at > > >> > > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. > > >> java:1145) > > >> at > > >> > > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor > > >> .java:615) > > >> at > > >> > > >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh > > >> read.java:61) at java.lang.Thread.run(Thread.java:745) > > >> Caused by: com.ctc.wstx.exc.WstxIOException: RequireClientCertificate > > >> is set, but no local certificates were negotiated. Is the server set > > >> to ask for client authorization? > > >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:255) > > >> at > > >> > > >> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInte > > >> rceptor.handleMessage(SAAJOutInterceptor.java:215) > > >> ... 126 more > > >> Caused by: > > org.apache.cxf.transport.http.UntrustedURLConnectionIOException: > > >> RequireClientCertificate is set, but no local certificates were > > >> negotiated. Is the server set to ask for client authorization? > > >> at > > >> > > >> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorP > > >> rovider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenIntercept > > >> orProvider.java:117) > > >> at > > >> > > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTru > > >> stDecision(HTTPConduit.java:1716) > > >> at > > >> > > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleH > > >> eadersTrustCaching(HTTPConduit.java:1276) > > >> at > > >> > > >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirst > > >> Write(HTTPConduit.java:1246) > > >> at > > >> > > >> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionW > > >> rappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201) > > >> at > > >> > > >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu > > >> tputStream.java:47) > > >> at > > >> > > >> org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThre > > >> sholdOutputStream.java:89) > > >> at > > >> > > >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresho > > >> ldOutputStream.java:63) > > >> at > > >> > > >> org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutput > > >> Stream.java:80) > > >> at > > >> > > >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOu > > >> tputStream.java:51) at > > >> com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100) > > >> at > > >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:241) > > >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:253) > > >> ... 127 more > > >> > > > > > > > >
