Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [higgins-dev] Problem running STS IdP Solution demo

The file localhost.jks contains the root cert so you should be able to install the certs including the trusted root properly in the browser without needing any other files.

This is only for testing purposes. You should create your own certificates for anything other than test.

Paula


----------------------------------------------------------
Paula K. Austel
Web Services Security
IBM T.J. Watson Research Center
(914)784-5025
Tieline 863-5025


From: Jeesmon Jacob <JJacob@xxxxxxxxxxxxx>
To: "Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>
Date: 03/24/2008 11:05 AM
Subject: RE: [higgins-dev] Problem running STS IdP Solution demo




Possible that the root certificate (alias: ibmroot, Serial number: 456507a5) of the SSL certificate was not installed properly in Trusted Root Certification Authority. Please see the output of localhost.jks below. I’m not sure where to get this root certificate as it seems not available in svn (https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.service/WebContent/ConfigurationFiles/). All my local STS installations I generated my own keystore using java keytool or openSSL. You can get step by step instructions to generate your own keystore using java keytool at http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore or using openSSL at http://www.openssl.org/docs/HOWTO/.
 
$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password:  changeit
 
Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 2 entries
 
Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026
Certificate fingerprints:
         MD5:  71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
         SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026
Certificate fingerprints:
         MD5:  91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
         SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
 
 
*******************************************
*******************************************
 
 
Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry
 
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026
Certificate fingerprints:
         MD5:  91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
         SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
 
 
*******************************************
*******************************************
 
 
 
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Mary Ruddy
Sent: Monday, March 24, 2008 9:26 AM
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem running STS IdP Solution demo
 
The following problem was experienced  trying to run the STS IdP Solution
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Hello,

I've a problem when I try to deploy the demos "STS IdP Solution" with the "Extensible Protocol RP Website Solution" using Cardspace.
I generate a card on the IdP, but when I want to use it on the RP, after I select the card in Cardspace, and it tries to get the personal informations on the IdP... Here comes this problem in the Windows Event Viewer :
"There was a failure making a WS-Trust exchange with an external application. No suitable endpoints were found for the identity provider."
I have an internal exception saying there's a problem with the https://localhost/TokenService/services/MetadataUsernameToken url and SSL (remote certificate not correct)...

I use the same keystore (localhost.jks) for signing cards and for ssl in tomcat as provided in the demo.
I have not changed the ManagedConfiguration.xml of the IdP; also the icard.properties and web.xml of the RP seem good about keystores.
I have installed certficates in IE, everything's ok on the IdP and RP web sites, and the https://localhost/TokenService/services/MetadataUsernameToken url reponds in IE.

Can you please help me?!!_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Back to the top