Are you sure that the private key is in "truststore_dev.jks"? It seems
unusual to store a private key in a file called "truststore". If you do a
keytool -list -keystore truststore_dev.jks -v, compare the issuer + serial
no. to the X509Data structure received in the message from the IdP.
Colm.
On Fri, Mar 13, 2015 at 1:19 AM, Vishnu Radhakrishnan <vis...@10point1.com>
wrote:
> Hey Guys,
>
> The IDP team was not very helpful they are microsoft shop and don¹t even
> know how things work. All they pretty much have to do is check boxes and
> everything magically works. I am kind of stuck without progress.
>
> I am trying to log the soap messages the logging is also not working. The
> certificate fingerprints match but for some reason it still errors out.
> The IDP team is able to consume the same token from their end.
>
> If I can get working fediz.xml file it would be great I could compare it
> with mine and learn from it.
>
> log4j config
>
> <appender name="WS_LOG_FILE"
> class="ch.qos.logback.core.rolling.RollingFileAppender">
> <param name="file" value="ws.log"/>
> <rollingPolicy
> class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
> <param name="fileNamePattern" value="ws.log.%d{yyyy-MM-dd}.log"/>
>
> </rollingPolicy>
>
> </appender>
>
> <!-- LOGGERS -->
> <logger name="info.source4code.soap.http.cxf">
> <level value="DEBUG"/>
> </logger>
>
> <logger name="org.springframework">
> <level value="DEBUG"/>
> </logger>
> <logger name="org.apache.cxf">
> <level value="DEBUG"/>
> </logger>
> <!-- level INFO needed to log SOAP messages -->
> <logger name="org.apache.cxf.services"
> additivity="false">
> <level value="DEBUG"/>
> <!-- specify a dedicated appender for the SOAP messages -->
> <appender-ref ref="WS_LOG_FILE"/>
> </logger>
>
>
> ----------------------
> I tried an interceptor doesn¹t seem to help either.
> public class CustomSoapMessageLogger extends AbstractSoapInterceptor {
>
>
>
>
> private static final Log LOG =
> LogFactory.getLog(CustomSoapMessageLogger.class);
>
>
> public CustomSoapMessageLogger(){
>
> // set phase here
> //super(Phase.PRE_PROTOCOL);
> super(Phase.RECEIVE);
> }
> @Override
> public void handleMessage(SoapMessage message) throws Fault {
> Fault fault = null;
> String soapMessage = null;
>
> StringBuilder strMessage = null;
> HttpServletRequest httpRequest = (HttpServletRequest)
> message.get(AbstractHTTPDestination.HTTP_REQUEST);
> if (httpRequest != null) {
>
>
> InputStream ist = message.getContent(InputStream.class);
> if (ist != null) {
> CachedOutputStream bos = new CachedOutputStream();
> try {
> IOUtils.copy(ist, bos);
>
> bos.flush();
> ist.close();
> message.setContent(InputStream.class,
> bos.getInputStream());
> soapMessage = new String(bos.getBytes());//this
> soap message is what you want
> bos.close();
>
> LOG.debug("Soap Message: ---------->" +
> soapMessage==null?"null":soapMessage);
> LOG.debug("String Request: ---------->" +
> soapMessage);
>
>
> } catch (IOException e) {
> throw new Fault(e);
> }
> }
>
>
>
> }
> }
>
> }
>
>
>
> ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹
> Error log
>
>
> 20:58:56,264 DEBUG
> [org.springframework.security.authentication.ProviderManager]
> (http--0.0.0.0-8080-1) Authentication attempt using
> com.w1.auth.sso.FedizAuthenticationProvider
> 20:58:56,267 DEBUG [org.apache.cxf.fediz.spring.FederationConfigImpl]
> (http--0.0.0.0-8080-1) Reading federation configuration for context
> '/instreamdev'
> 20:58:56,271 DEBUG [org.apache.cxf.fediz.core.FederationProcessorImpl]
> (http--0.0.0.0-8080-1) RST: [xenc:EncryptedData: null]
> 20:58:56,273 DEBUG [org.apache.cxf.fediz.core.FederationProcessorImpl]
> (http--0.0.0.0-8080-1) Lifetime: [trust:Lifetime: null]
> 20:58:56,275 DEBUG [org.apache.cxf.fediz.core.FederationProcessorImpl]
> (http--0.0.0.0-8080-1) Tokentype: urn:oasis:names:tc:SAML:1.0:assertion
> 20:58:56,284 DEBUG [org.apache.ws.security.util.Loader]
> (http--0.0.0.0-8080-1) Trying to find [truststore_dev.jks] using
> ModuleClassLoader for Module "deployment.instreamdev.war:main" from
> Service Module Loader class loader.
> 20:58:56,311 DEBUG [org.apache.ws.security.components.crypto.Merlin]
> (http--0.0.0.0-8080-1) The KeyStore truststore_dev.jks of type JKS has
> been loaded
> 20:58:56,316 DEBUG
> [org.apache.ws.security.processor.EncryptedDataProcessor]
> (http--0.0.0.0-8080-1) Found EncryptedData element
> 20:58:56,322 DEBUG [org.apache.ws.security.processor.X509Util]
> (http--0.0.0.0-8080-1) Sym Enc Algo:
> http://www.w3.org/2001/04/xmlenc#aes256-cbc
> 20:58:56,325 DEBUG
> [org.apache.ws.security.processor.EncryptedKeyProcessor]
> (http--0.0.0.0-8080-1) Found encrypted key element
> 20:58:56,327 DEBUG [org.apache.ws.security.processor.X509Util]
> (http--0.0.0.0-8080-1) Sym Enc Algo:
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
> 20:58:56,330 DEBUG [org.apache.xml.security.algorithms.JCEMapper]
> (http--0.0.0.0-8080-1) Request for URI
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
> 20:58:56,347 DEBUG [org.apache.cxf.fediz.core.FederationProcessorImpl]
> (http--0.0.0.0-8080-1) General security error (No certificates were found
> for decryption (KeyId)): org.apache.ws.security.WSSecurityException:
> General security error (No certificates were found for decryption (KeyId))
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromE
> ncryptedKey(EncryptedKeyProcessor.java:325) [wss4j-1.6.17.jar:1.6.17]
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
> dKeyProcessor.java:127) [wss4j-1.6.17.jar:1.6.17]
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
> dKeyProcessor.java:66) [wss4j-1.6.17.jar:1.6.17]
> at
> org.apache.ws.security.processor.EncryptedDataProcessor.handleToken(Encrypt
> edDataProcessor.java:113) [wss4j-1.6.17.jar:1.6.17]
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.decryptEncryptedRST(Feder
> ationProcessorImpl.java:292) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInRequest(Fede
> rationProcessorImpl.java:188) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Federation
> ProcessorImpl.java:98) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider
> .authenticateNow(FederationAuthenticationProvider.java:121)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider
> .authenticate(FederationAuthenticationProvider.java:109)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> com.w1.auth.sso.FedizAuthenticationProvider.authenticate(FedizAuthenticatio
> nProvider.java:20) [classes:]
> at
> org.springframework.security.authentication.ProviderManager.authenticate(Pr
> oviderManager.java:156)
> [spring-security-core-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter.attemptAuthe
> ntication(FederationAuthenticationFilter.java:62)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> com.w1.auth.sso.InstreamFederationAuthenticationFilter.attemptAuthenticatio
> n(InstreamFederationAuthenticationFilter.java:27) [classes:]
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProce
> ssingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> com.w1.auth.sso.DelegatingAuthenticationProcessingFilter.doFilter(Delegatin
> gAuthenticationProcessingFilter.java:42) [classes:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.d
> oFilter(SecurityContextPersistenceFilter.java:65)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterCh
> ainProxy.java:192) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy
> .java:166) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.doFilter(DebugFilter.
> java:60) [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegat
> ingFilterProxy.java:237) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFil
> terProxy.java:167) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher
> .java:734) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDi
> spatcher.java:541) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatc
> her.java:479) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatche
> r.java:407) [jbossweb-7.0.10.Final.jar:]
> at
> com.w1.auth.sso.AutenticationResource.federationLogout(AutenticationResourc
> e.java:188) [classes:]
> at
> com.w1.auth.sso.AutenticationResource$Proxy$_$$_WeldClientProxy.federationL
> ogout(AutenticationResource$Proxy$_$$_WeldClientProxy.java) [classes:]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.7.0_71]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
> 7) [rt.jar:1.7.0_71]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> l.java:43) [rt.jar:1.7.0_71]
> at java.lang.reflect.Method.invoke(Method.java:606)
> [rt.jar:1.7.0_71]
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
> 55) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:2
> 57) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
> [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
> [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispat
> cher.java:525) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
> java:502) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
> java:119) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.servic
> e(ServletContainerDispatcher.java:208) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Htt
> pServletDispatcher.java:55) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Htt
> pServletDispatcher.java:50) [resteasy-jaxrs-2.3.1.GA.jar:]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationP
> ropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:330)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor
> .invoke(FilterSecurityInterceptor.java:118)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor
> .doFilter(FilterSecurityInterceptor.java:84)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter
> (ExceptionTranslationFilter.java:113)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(S
> essionManagementFilter.java:103)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
> er.doFilter(AnonymousAuthenticationFilter.java:113)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareReque
> stFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFil
> ter(RequestCacheAwareFilter.java:45)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProce
> ssingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> com.w1.auth.sso.DelegatingAuthenticationProcessingFilter.doFilter(Delegatin
> gAuthenticationProcessingFilter.java:42) [classes:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.d
> oFilter(SecurityContextPersistenceFilter.java:87)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterCh
> ainProxy.java:192) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy
> .java:160) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.invokeWithWrappedRequ
> est(DebugFilter.java:69)
> [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.doFilter(DebugFilter.
> java:58) [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegat
> ingFilterProxy.java:237) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFil
> terProxy.java:167) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:275) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:161) [jbossweb-7.0.10.Final.jar:]
> at
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityCo
> ntextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:15
> 5) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:10
> 2) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:109) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Htt
> p11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> [jbossweb-7.0.10.Final.jar:]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
>
>
> 20:58:56,621 ERROR
> [org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvide
> r] (http--0.0.0.0-8080-1) Failed to validate SignIn request:
> org.apache.cxf.fediz.core.exception.ProcessingException: Security token
> has been revoked
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.decryptEncryptedRST(Feder
> ationProcessorImpl.java:304) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.processSignInRequest(Fede
> rationProcessorImpl.java:188) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.core.FederationProcessorImpl.processRequest(Federation
> ProcessorImpl.java:98) [fediz-core-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider
> .authenticateNow(FederationAuthenticationProvider.java:121)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider
> .authenticate(FederationAuthenticationProvider.java:109)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> com.w1.auth.sso.FedizAuthenticationProvider.authenticate(FedizAuthenticatio
> nProvider.java:20) [classes:]
> at
> org.springframework.security.authentication.ProviderManager.authenticate(Pr
> oviderManager.java:156)
> [spring-security-core-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter.attemptAuthe
> ntication(FederationAuthenticationFilter.java:62)
> [fediz-spring-1.1.2.jar:1.1.2]
> at
> com.w1.auth.sso.InstreamFederationAuthenticationFilter.attemptAuthenticatio
> n(InstreamFederationAuthenticationFilter.java:27) [classes:]
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProce
> ssingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> com.w1.auth.sso.DelegatingAuthenticationProcessingFilter.doFilter(Delegatin
> gAuthenticationProcessingFilter.java:42) [classes:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.d
> oFilter(SecurityContextPersistenceFilter.java:65)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterCh
> ainProxy.java:192) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy
> .java:166) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.doFilter(DebugFilter.
> java:60) [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegat
> ingFilterProxy.java:237) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFil
> terProxy.java:167) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher
> .java:734) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDi
> spatcher.java:541) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatc
> her.java:479) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatche
> r.java:407) [jbossweb-7.0.10.Final.jar:]
> at
> com.w1.auth.sso.AutenticationResource.federationLogout(AutenticationResourc
> e.java:188) [classes:]
> at
> com.w1.auth.sso.AutenticationResource$Proxy$_$$_WeldClientProxy.federationL
> ogout(AutenticationResource$Proxy$_$$_WeldClientProxy.java) [classes:]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.7.0_71]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
> 7) [rt.jar:1.7.0_71]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> l.java:43) [rt.jar:1.7.0_71]
> at java.lang.reflect.Method.invoke(Method.java:606)
> [rt.jar:1.7.0_71]
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
> 55) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:2
> 57) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
> [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
> [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispat
> cher.java:525) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
> java:502) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
> java:119) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.servic
> e(ServletContainerDispatcher.java:208) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Htt
> pServletDispatcher.java:55) [resteasy-jaxrs-2.3.1.GA.jar:]
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Htt
> pServletDispatcher.java:50) [resteasy-jaxrs-2.3.1.GA.jar:]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationP
> ropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:330)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor
> .invoke(FilterSecurityInterceptor.java:118)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor
> .doFilter(FilterSecurityInterceptor.java:84)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter
> (ExceptionTranslationFilter.java:113)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(S
> essionManagementFilter.java:103)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
> er.doFilter(AnonymousAuthenticationFilter.java:113)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareReque
> stFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFil
> ter(RequestCacheAwareFilter.java:45)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProce
> ssingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> com.w1.auth.sso.DelegatingAuthenticationProcessingFilter.doFilter(Delegatin
> gAuthenticationProcessingFilter.java:42) [classes:]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.d
> oFilter(SecurityContextPersistenceFilter.java:87)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilt
> er(FilterChainProxy.java:342)
> [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterCh
> ainProxy.java:192) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy
> .java:160) [spring-security-web-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.invokeWithWrappedRequ
> est(DebugFilter.java:69)
> [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.security.config.debug.DebugFilter.doFilter(DebugFilter.
> java:58) [spring-security-config-3.1.4.RELEASE.jar:3.1.4.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegat
> ingFilterProxy.java:237) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFil
> terProxy.java:167) [spring-web-3.0.6.RELEASE.jar:3.0.6.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio
> nFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC
> hain.java:248) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:275) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:161) [jbossweb-7.0.10.Final.jar:]
> at
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityCo
> ntextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:15
> 5) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:10
> 2) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:109) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Htt
> p11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> [jbossweb-7.0.10.Final.jar:]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_71]
>
>
> 20:58:56,867 DEBUG
> [org.springframework.beans.factory.support.DefaultListableBeanFactory]
> (http--0.0.0.0-8080-1) Returning cached instance of singleton bean
> 'jaasAuthenticationProvider'
> 20:58:56,871 DEBUG
> [org.springframework.beans.factory.support.DefaultListableBeanFactory]
> (http--0.0.0.0-8080-1) Returning cached instance of singleton bean
> 'recordLoginAuthenticationSuccessHandler'
> 20:58:56,875 DEBUG
> [org.springframework.beans.factory.support.DefaultListableBeanFactory]
> (http--0.0.0.0-8080-1) Returning cached instance of singleton bean 'cxf'
> 20:58:56,878 DEBUG
> [com.w1.auth.sso.InstreamFederationAuthenticationFilter]
> (http--0.0.0.0-8080-1) Authentication request failed:
> org.springframework.security.authentication.BadCredentialsException:
> Security token has been revoked
> 20:58:56,882 DEBUG
> [com.w1.auth.sso.InstreamFederationAuthenticationFilter]
> (http--0.0.0.0-8080-1) Updated SecurityContextHolder to contain null
> Authentication
> 20:58:56,885 DEBUG
> [com.w1.auth.sso.InstreamFederationAuthenticationFilter]
> (http--0.0.0.0-8080-1) Delegating to authentication failure handler
> org.springframework.security.web.authentication.SimpleUrlAuthenticationFail
> ureHandler@11dd736
> 20:58:56,890 DEBUG
> [org.springframework.security.web.authentication.SimpleUrlAuthenticationFai
> lureHandler] (http--0.0.0.0-8080-1) No failure URL set, sending 401
> Unauthorized error
> 20:58:56,893 DEBUG
> [org.springframework.security.web.context.HttpSessionSecurityContextReposit
> ory] (http--0.0.0.0-8080-1) SecurityContext is empty or contents are
> anonymous - context will not be stored in HttpSession.
> 20:58:56,897 DEBUG
> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/instre
> amdev].[javax.ws.rs.core.Application]] (http--0.0.0.0-8080-1) Disabling
> the response for futher output
> 20:58:56,901 DEBUG
> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/instre
> amdev].[javax.ws.rs.core.Application]] (http--0.0.0.0-8080-1) The
> Response is vehiculed using a wrapper:
> org.jboss.weld.servlet.ConversationPropagationFilter$1
> 20:58:56,907 DEBUG
> [org.springframework.security.web.context.HttpSessionSecurityContextReposit
> ory] (http--0.0.0.0-8080-1) SecurityContext is empty or contents are
> anonymous - context will not be stored in HttpSession.
> 20:58:56,912 DEBUG
> [org.springframework.security.web.access.ExceptionTranslationFilter]
> (http--0.0.0.0-8080-1) Chain processed normally
> 20:58:56,914 DEBUG
> [org.springframework.security.web.context.SecurityContextPersistenceFilter]
> (http--0.0.0.0-8080-1) SecurityContextHolder now cleared, as request
> processing completed
> 20:59:11,511 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire
> sessions StandardManager at 1426208351511 sessioncount 0
> 20:59:11,515 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire
> sessions StandardManager processingTime 4 expired sessions: 0
> 20:59:21,519 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire
> sessions StandardManager at 1426208361519 sessioncount 1
> 20:59:21,522 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire
> sessions StandardManager processingTime 3 expired sessions: 0
> 21:00:11,527 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire
> sessions StandardManager at 1426208411527 sessioncount 0
> 21:00:11,530 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire
> sessions StandardManager processingTime 3 expired sessions: 0
> 21:00:21,534 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire
> sessions StandardManager at 1426208421534 sessioncount 1
> 21:00:21,538 DEBUG [org.apache.catalina.session.ManagerBase]
> (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire
> sessions StandardManager processingTime 4 expired sessions: 0
>
>
>
> ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹
> MY fediz config file one more time.
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <FedizConfig>
> <contextConfig name="/${context.name}">
> <audienceUris>
>
> <audienceItem>urn:com:10point1:instream:instreamportal</audienceItem>
> </audienceUris>
> <certificateStores>
> <trustManager>
> <keyStore file="truststore_dev.jks" password="secret"
> type="JKS" />
> </trustManager>
> </certificateStores>
> <signingKey keyPassword="secret">
> <keyStore file="certstore_dev.jks" password="secret"
> type="JKS" />
> </signingKey>
> <tokenDecryptionKey keyPassword="secret">
> <keyStore file="truststore_dev.jks" password="secret"
> type="JKS" />
> </tokenDecryptionKey>
> <trustedIssuers>
> <issuer certificateValidation="PeerTrust" />
> </trustedIssuers>
> <maximumClockSkew>1000</maximumClockSkew>
> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="federationProtocolType" version="1.2">
> <realm
> type="Class">com.w1.auth.sso.InstreamCallbackHandler</realm>
> <!-- realm type="Class"
> value="com.w1.auth.sso.InstreamCallbackHandler" / -->
> <issuer>https://stsinstreamlab.thebamalliance.com/</issuer>
> <reply>/instream/j_spring_fediz_security_check</reply>
> <claimTypesRequested>
> <claimType
> type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
> optional="false" />
> </claimTypesRequested>
> <!--authenticationType type="String"
> value="
> http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/sma
> rtcard" /-->
> <!--tokenValidators>
>
> <validator>org.apache.cxf.fediz.core.CustomValidator</validator>
> </tokenValidators -->
> </protocol>
> </contextConfig>
> </FedizConfig>
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
