Spring til login

Digitaliser.dk

Sektioner

Aktuel side

Gruppens profilbillede

OIOSAML

301 medlemmer | Medlemsskab via fri tilmelding (Bliv medlem - kræver login )

Tidligere forum for Brugerstyring SWB. OIOSAML.java - certificate problem

Ansvarlig: Susan Oldenburg Christensen
Publiceret: 17.08.2010 14:25
Type: Dokument

Skrevet af Jochen Lienhard — Gammelt datoformat: 2008 september 25 11:16

Hi,

I try to use oiosaml.java as SP and a Shibboleth 2.0 IdP.

The IdP works fine. When I'm calling the protected side, I'm called to give

my login/password and than back to the SP, I get a SSL error (see at the end).

It seems to me, that the oiosaml can not make a handshake with the IdP.

The certificate in the IdP-medatada.xml is correct. I have no idea, what is missing

or which configuration may be wrong.

Greetings Jochen


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)      at dk.itst.oiosaml.sp.service.util.HttpSOAPClient.wsCall(HttpSOAPClient.java:105)      at dk.itst.oiosaml.sp.service.util.HttpSOAPClient.wsCall(HttpSOAPClient.java:67)      at dk.itst.oiosaml.sp.service.util.ArtifactExtractor.extract(ArtifactExtractor.java:95)      at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleGet(SAMLAssertionConsumerHandler.java:102)      at dk.itst.oiosaml.sp.service.DispatcherServlet.doGet(DispatcherServlet.java:129)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)      at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)      at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)      at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)      at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)      at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)      at java.lang.Thread.run(Thread.java:619)  

Re: certificate problem
Skrevet af Joakim Recht — Gammelt datoformat: 2008 oktober 03 11:03

You need to add the server's ssl certificate to your appserver's truststore. You can override the truststore placement with -Djavax.net.ssl.trustStore=/path/to/keystore

 

Flere oplysninger

Artefakter

Klassifikationer

Indlæg til ressource

Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.

Opret dig som Ny bruger    eller Log ind    

Tilføj fil(er)

En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.

Tags

Tilføj dine egne tags

- (kræver login)

Andre brugeres tags til ressourcen

Der er ikke tilknyttet tags fra andre brugere

Minimér boks
Versioner
Version Dato
Ukendt (valgte) 17.08.2010 14:25 Vis supplerende information ...

Digitaliseringsstyrelsen