[wsas-java-user] cannot add new endpoint

[Jonathan Gershater]

hi I am using the product as an STS, i configured it for option #1: 1. UsernameToken with Timestamp over HTTPS Provides Authentication. Clients have Username Tokens I generated a new .jks file with self signed certs using this command: #keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks -storepass wso2wsas I tried to add a new endpoint, to do this I click on:< wsas-sts > STS Configuration I get an error, "Could not read certificates from keystore file. Keystore was tampered with, or password was incorrect"  INFO [2009-01-19 18:11:54,852]  Administrator 'admin' logged in at [2009-01-19 18:11:54,0793] from IP address 127.0.0.1 ERROR [2009-01-19 18:12:01,573]  Could not read certificates from keystore file.  java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768) at java.security.KeyStore.load(KeyStore.java:1150) at org.wso2.wsas.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:156) at org.wso2.wsas.admin.service.STSAdmin.getCertAliasOfPrimaryKeyStore(STSAdmin.java:184) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:165) at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102) < n" style="white-space:pre"> at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40) at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.se rvice(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:142) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv an class="Apple-tab-span" style="white-space:pre"> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.ht ttp11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:613) On Jan 16, 2009, at 11:08 PM, Nandana Mihindukulasooriya wrote: Hi Ugo,    Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml file with one that is attached in this mail. The only change sp:RequireThumbprintReference/> assertion with the <sp:X509Token/> assertion. This is required as we are using version 1 - X.509 certificates.  And the documentation seems to be a bit outdated. In step 6, it should be scenario #17 and not scenario #12. In step 8, make sure the <echo-service-http-address> you enter is the exact one you used in step 5, STS configuration.    I was able to run it successfully with above steps. thanks, nandana On Sat, Jan 17, 2009 at 1:37 AM, Ugo <ugo.co...@ntc.com> wrote: I am trying to run the sts-sample client (step 8 in the sts-sample instructions), but I am getting a run-time error: D:\wso2wsas-2.3\samples\sts-sample>run-client.bat http://192.168.1.100:9762/services/wso2wsas-sts http://192.168.1.100:9762/services/echo Using WSO2WSAS_HOME: D:\wso2wsas-2.3 Using JAVA_HOME: D:\Java\jdk1.5.0_12 Security token service endpoint address: http://192.168.1.100:9762/services/wso2wsas-sts Secured Service endpoint address: http://192.168.1.100:9762/services/echo log4j:WARN No appenders could be found for logger (org.apache.axis2.deployment.FileSystemConfigurator). log4j:WARN Please initialize the log4j system properly. org.apache.axis2.AxisFault: Error during encryption at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) ... Caused by: org.apache.ws.security.WSSecurityException: An unsupported token 9 certificate with version 3 must be used for SKI. The presented cert has version: 1) at org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272) ... Any clue of what might be wrong? Thank you, Ugo -- View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html Sent from the WSO2 WSAS Users mailing list archive at Nabble.com. _______________________________________________ Wsas-java-user mailing list Wsas-java-user@wso2.org https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user <sts.policy.xml>____________________________________ user mailing list Wsas-java-user@wso2.org https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user Jonathan Gershater jgersha...@layer7tech.com Desk Cell: +1 (650) 303 1092

BEGIN:VCARD
VERSION:3.0
N:Gershater;Jonathan;;;
FN:Jonathan Gershater
ORG:Layer 7 Technologies;
EMAIL;type=INTERNET;type=WORK;type=pref:jgersha...@layer7tech.com
TEL;type=WORK;type=pref:650 3209712
TEL;type=CELL:650 3031092
item1.TEL:Senior Sales Engineer
item1.X-ABLabel:Title
X-ABUID:330D39D9-578E-4FBE-8DD3-00DFD66283FF\:ABPerson
END:VCARD

_______________________________________________
Wsas-java-user mailing list
Wsas-java-user@wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user