Hi Jonathan,
When did you change the certificate ? Was it after first run ?
thanks,
nandana
On Tue, Jan 20, 2009 at 7:55 AM, Jonathan Gershater
<[email protected]>wrote:
> hi
> I am using the product as an STS, i configured it for option #1:
> 1. UsernameToken with Timestamp over HTTPS Provides Authentication.
> Clients have Username Tokens
>
>
> I generated a new .jks file with self signed certs using this command:
> #keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks
> -storepass wso2wsas
>
> I tried to add a new endpoint, to do this I click on:< wsas-sts > SerTS
> Configuration
>
> I get an error, "Could not read certificates from keystore file. Keystore
> was tampered with, or password was incorrect"
>
>
>
> INFO [2009-01-19 18:11:54,852] Administrator 'admin' logged in at
> [2009-01-19 18:11:54,0793] from IP address 127.0.0.1
> ERROR [2009-01-19 18:12:01,573] Could not read certificates from keystore
> file.
> java.io.IOException: Keystore was tampered with, or password was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
> at java.security.KeyStore.load(KeyStore.java:1150)
> at org.wso2.wsas.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:156)
> at
> org.wso2.wsas.admin.service.STSAdmin.getCertAliasOfPrimaryKeyStore(STSAdmin.java:184)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:165)
> at
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
> < n" style="white-space:pre"> at
> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
> at
> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.se rvice(HttpServlet.java:802)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:142)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
> an class="Apple-tab-span" style="white-space:pre"> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
> at
> org.apache.coyote.htttp11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
> at java.lang.Thread.run(Thread.java:613)
>
>
> On Jan 16, 2009, at 11:08 PM, Nandana Mihindukulasooriya wrote:
>
> Hi Ugo,
> Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml
> file with one that is attached in this mail. The only change
> sp:RequireThumbprintReference/> assertion with the <sp:X509Token/>
> assertion. This is required as we are using version 1 - X.509 certificates.
>
> And the documentation seems to be a bit outdated. In step 6, it should be
> scenario #17 and not scenario #12. In step 8, make sure the
> <echo-service-http-address> you enter is the exact one you used in step 5,
> STS configuration.
> I was able to run it successfully with above steps.
>
> thanks,
> nandana
>
> On Sat, Jan 17, 2009 at 1:37 AM, Ugo <[email protected]> wrote:
>
>>
>> I am trying to run the sts-sample client (step 8 in the sts-sample
>> instructions), but I am getting a run-time error:
>>
>> D:\wso2wsas-2.3\samples\sts-sample>run-client.bat
>> http://192.168.1.100:9762/services/wso2wsas-sts<http://192.168.1.100%0Ats>
>> http://192.168.1.100:9762/services/echo
>> Using WSO2WSAS_HOME: D:\wso2wsas-2.3
>> Using JAVA_HOME: D:\Java\jdk1.5.0_12
>> Security token service endpoint address:
>> http://192.168.1.100:9762/services/wso2wsas-sts
>> Secured Service endpoint address: http://192.168.1.100:9762/services/echo
>> log4j:WARN <http://192.168.1.100:9762/services/echolog4j:WARN> No
>> appenders could be found for logger
>> (org.apache.axis2.deployment.FileSystemConfigurator).
>> log4j:WARN Please initialize the log4j system properly.
>> org.apache.axis2.AxisFault: Error during encryption
>> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
>> ...
>> Caused by: org.apache.ws.security.WSSecurityException: An unsupported
>> token
>> 9 certificate with version 3 must be used for SKI. The presented cert
>> has version: 1)
>> at
>>
>> org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
>> ...
>>
>> Any clue of what might be wrong?
>>
>> Thank you,
>> Ugo
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html
>> Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.
>>
>>
>> _______________________________________________
>> Wsas-java-user mailing list
>> [email protected]
>> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>>
> <sts.policy.xml>____________________________________ user mailing list
> [email protected]
> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>
>
> Jonathan Gershater
> [email protected]
> Desk Cell: +1 (650) 303 1092
>
>
>
>
>
> _______________________________________________
> Wsas-java-user mailing list
> [email protected]
> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>
>
_______________________________________________
Wsas-java-user mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
