Tidligere forum for Brugerstyring SWB. OIOSAML.java - Certificate in the request

Skrevet af Jochen Lienhard — Gammelt datoformat: 2008 oktober 06 10:02


now my next problem.
It seems that oiosaml.java did not send a certificate with the artifact request, so the IdP can not authenticate the issuer.

09:43:18.025 INFO [org.opensaml.ws.transport.http.HttpServletRequestAdapter:129] - Wrapped HTTP servlet request did not contain a client certificate
09:43:18.025 INFO [org.opensaml.ws.security.provider.ClientCertAuthRule:97] - Inbound message transport did not contain a peer credential, skipping client certificate authentication
09:43:18.025 ERROR [org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule:36] - Inbound message issuer was not authenticated.
09:43:18.026 ERROR [edu.internet2.middleware.shibboleth.idp.profile.saml2.ArtifactResolution:182] - Message did not meet security requirements

How can I configure the oiosaml.java SP to send the cert with the request.



P.S. Hmm ... putting the certificate from the IdP in the keystore is not very comfortable.

Re: Certificate in the request
Skrevet af Joakim Recht — Gammelt datoformat: 2008 oktober 13 14:18

Correct, OIOSAML does not send a client certificate on the ssl connection, only http basic auth is supported at the moment.

If you want to implement it yourself, take a look at the HttpSOAPClient class.