[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] TokenService Deployment problem - Unable toinitialize TrustBindingSkeleton
|
I am not sure where that wiki page came from - I use OpenLDAP ansd this is
my higginsperson.schema file:
attributetype (
1.3.6.1.4.1.8888.1.123
NAME 'cardKeyHash'.
DESC 'base64.encode(sha1(base64.decode(ppid+modulus+exponent)))'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
objectclass (
2.16.840.1.113719.1.1.4.1.666.777
NAME 'higginsPerson'
SUP top
AUXILIARY
MAY cardKeyHash
)
Regards,
Mike
From: "Noymn / Thindael" <noymn.the.archangel@xxxxxxxxx>
To: "Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>
Date: 06/16/2008 06:37 AM
Subject: Re: [higgins-dev] TokenService Deployment problem - Unable toinitialize TrustBindingSkeleton
After solve the UN/PW Managed cards issue and make the STS work perfectly
with Cardspace I have been trying to make x509 certificate authentication
to work but I found some issues that I can't manage to solve.
First of them its a exception related with LDAP finding of the CardKeyHash.
STS log shows that its searching the hash 4n9H1fk0uhDioNsCLFMYFz7t8Uw= with
the following exception:
12:21:07,957 DEBUG JNDIContext._setupContext (575): Attempting to create
initial context: ldap://akane.safelayer.lan:389
12:21:07,957 DEBUG JNDIContext.open (493): Context opened:
urn:Higgins-LDAP-Server, as:
org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e
12:21:07,957 DEBUG JNDIContext.getEntities (1443):
org.eclipse.higgins.idas.spi.BasicFilter@1f796d0 as:
org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e in
context: urn:Higgins-LDAP-Server,
12:21:07,957 DEBUG JNDIContext.getEntities (1455): LDAP String Filter:
(cardKeyHash=4n9H1fk0uhDioNsCLFMYFz7t8Uw=)
A request failed with the exception AuthN materials produced no Entity
ID: org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e.
12:21:07,973 ERROR LogHelper.error (119): A request failed with the
exception AuthN materials produced no Entity ID:
org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e.
12:21:07,973 ERROR LogHelper.error (119):
org.eclipse.higgins.idas.api.IdASException: AuthN materials produced no
Entity ID:
org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e
But seems that its not able to find the right entry on the LDAP and returns
a failure:
12:21:08,035 DEBUG Servlet.processAxisFault (384): AxisFault:
AxisFault
faultCode: {
http://schemas.xmlsoap.org/ws/2005/02/trust}FailedAuthentication
faultSubcode:
faultString: Authentication failed
faultActor:
faultNode:
faultDetail:
{}Explanation:AuthN materials produced no Entity ID:
org.eclipse.higgins.idas.common.AuthNX509CertificateMaterials@2585e
Authentication failed
at
org.eclipse.higgins.sts.binding.common.BindingHelper.FaultToAxisFault
(BindingHelper.java:1011)
at
org.eclipse.higgins.sts.binding.axis1x.SecurityTokenServiceServerBinding.requestSecurityToken
(SecurityTokenServiceServerBinding.java:139)
at
org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingImpl.requestSecurityToken
(TrustBindingImpl.java:41)
at
org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton.requestSecurityToken
(TrustBindingSkeleton.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis.providers.java.RPCProvider.invokeMethod
(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage
(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke
(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
I'm not sure if that its a problem related with the OID defined in
higginsPerson.schema that the LDAP server have loaded. There is a bit of
confused info in the wiki where one points to
http://wiki.eclipse.org/Object_Identifier_1.3.6.1.4.1.28392.1.1.2.1. that
its different from the definition inside higginsPerson.schema from
config_windows.zip found on shangrilla server
attributetype (
1.3.6.1.4.1.8888.1.123
NAME 'cardKeyHash'
DESC 'base64.encode(sha1(base64.decode(ppid+modulus+exponent)))'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
objectclass (
2.16.840.1.113719.1.1.4.1.666.777
NAME 'higginsPerson'
SUP top
AUXILIARY
MAY cardKeyHash
)
Could someone give me some light about this issue? Thank you :)
David Campos
Safelayer Secure Communications S.A.
On Thu, Jun 12, 2008 at 10:12 AM, Noymn / Thindael <
noymn.the.archangel@xxxxxxxxx> wrote:
I have tryed the solution that Cristopher said and worked.
Exactly the libraries that where missing from
dependencies.redistributable are the following (at least the subset with
that all work):
dom4j-1.6.1
openxdas-0.5.256
wsdl4j-1.5.1
xalan-2.6.0
xercesImpl
Maybe the last 3 can be reduced, I have not tryed them alone but the
first 2 and at least one of the last 3 are needed for make it work.
Michael, If you want we can try to modify the Wiki for help the
comunity :)
About stax-api-1.0.1 for Tomcat6 its related not to the tomcat itself,
the implementation changed on Java 6.0 and that's why its needed to place
that library on endorsed folder for override the original Java 6.0
implementation (the one that have changed). Using Java 5.0 does not
require to move that library to endorsed folder.
On Wed, Jun 11, 2008 at 9:09 PM, Noymn / Thindael <
noymn.the.archangel@xxxxxxxxx> wrote:
I'll try tomorrow on my installation. Thought about it but never tryed
to put all libs :)
On Wed, Jun 11, 2008 at 5:51 PM, Taylor, Christopher <
Christopher.Taylor@xxxxxxxxxxxxxxxxxxx> wrote:
Dear all,
I've managed to setup the Higgins STS on tomcat6, at least for U/P
managed cards. Yesterday, I ran across the exact same issue David
describes below. I believe it was due to tomcat not finding one of the
libs in org.higgins.dependencies.redistributable (although this
doesn't follow from the error messages); in any case, I was able to
fix it by copying *all* the jars from the redistributable project to
$CATALINA_HOME/webapps/<webapp_name>/WEB-INF/lib
In addition I found some issues in
http://wiki.eclipse.org/Deploy_Token_Service which IMHO need to be
corrected/clarified:
- the links to {windows,linux}_config.zip (pointing to
http://shangrila.parityinc.net:8888/TokenServiceDocs/) are dead.
- The download links under
http://wiki.eclipse.org/index.php/Components for the util.* components
are broken.
- the WAR you download from the Higgins website isn't complete. This
is (sort of) mentioned in the dependencies section of the build
instructions, but mentioning it in the deployment instructions
wouldn't hurt ;).
- getting the STS to work with the ManagedConfiguration.xml as
described requires some additional components besides those listed in
the build instructions. These are (at least):
org.eclipse.higgins.sts.server.token.{alf,compound,encrypt,handler,identity,self}
Classloading in Tomcat version 6 has changed. Thus, stax-api-1.0.1.jar
has to be copied (or symlinked) to $CATALINA_HOME/endorsed
(not /common/endorsed). In addition, I got ClassNotFoundExceptions
when libraries weren't inside the webapp's lib-directory.
Anyways, I hope this helps someone. I'll let you know about what steps
are necessary to get Self-signed-SAML- and x509- managed cards to
work.
All the best,
--Chris
> David Campos wrote:
>
>
> I have tested with any of the TokenService wars that where available
> for
> download, even with the Nightly build of yesterday and all gave the
> same
> error. I added all the required jars from SVN and they where
compiled
> without errors. I have no clue about where is the problem.
>
>
> David Campos wrote:
> >
> > I downloaded the war from the release website, I dowloaded Stable
a
> > Release versions and both where missing of some jars (there where
a
> few
> > errors loading the configuration) so I used last jars from SVN.
All
> worked
> > fine except that and the TrustBindingSkeleton.class comes bundled
> with the
> > war.
> >
> > Any idea? Should I build the project and try if there is any
> diference?
> >
> >
> > Michael McIntosh wrote:
> >>
> >> David,
> >>
> >> It looks like all of the correct JARs are not in you WAR file.
> >> Wehre did you get the WAR file? Did you download it, or build it
> >> yourself?
> >>
> >> Regards,
> >> Mike
> >>
> >>
> >>
> >> From:> David Campos <Noymn.the.archangel@xxxxxxxxx>
> >>
> >> To: higgins-dev@xxxxxxxxxxx
> >>
> >> Date: 05/23/2008 02:31 AM
> >>
> >> Subject: [higgins-dev] TokenService Deployment problem -
Unable
> to
> >> initialize TrustBindingSkeleton
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> Hello, I have been playing with Higgins products for about three
> month
> >> and
> >> doing some research about what meta-identity systems and user-
> centric can
> >> offer.
> >>
> >> In these time I have tryed to deploy many of your solutions with
> often a
> >> high grade of satisfaction but now I'm unable to deploy the basic
> >> TokenService STS. Mainly the problem happens when I try to
retrieve
> >> claims
> >> from the managed card generated by STS using the Windows
Cardspace
> >> selector.
> >> When the selector and STS start the token retrieve protocol I
> recieve a
> >> nastly exception in Tomcat console:
> >>
> >> 08:51:46,532 ERROR LogHelper.error (119): Could not initialize
class
> >>
org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton
> >> A request failed with the exception
java.lang.NoClassDefFoundError:
> Could
> >> not initialize class
> >>
org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton.
> >> 08:51:46,532 ERROR LogHelper.error (119): A request failed with
the
> >> exception java.lang.NoClassDefFoundError: Could not initialize
class
> >>
org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton.
> >> 08:51:46,532 ERROR LogHelper.error (119):
java.lang.Class::forName0
> >> null:-2
> >> 08:51:46,532 ERROR LogHelper.error (119):
java.lang.Class::forName
> >> null:-1
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.utils.ClassUtils$2::run ClassUtils.java:177
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> java.security.AccessController::doPrivileged null:-2
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.utils.ClassUtils::loadClass ClassUtils.java:160
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.utils.ClassUtils::forName ClassUtils.java:142
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.utils.cache.ClassCache::lookup ClassCache.java:85
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.providers.java.JavaProvider::getServiceClass
> >> JavaProvider.java:428
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.providers.java.JavaProvider::initServiceDesc
> >> JavaProvider.java:461
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >>
org.apache.axis.handlers.soap.SOAPService::getInitializedServiceDesc
> >> SOAPService.java:286
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.deployment.wsdd.WSDDService::makeNewInstance
> >> WSDDService.java:500
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >>
org.apache.axis.deployment.wsdd.WSDDDeployableItem::getNewInstance
> >> WSDDDeployableItem.java:274
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.deployment.wsdd.WSDDDeployableItem::getInstance
> >> WSDDDeployableItem.java:260
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.deployment.wsdd.WSDDDeployment::getService
> >> WSDDDeployment.java:427
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.configuration.FileProvider::getService
> >> FileProvider.java:231
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.AxisEngine::getService AxisEngine.java:311
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.MessageContext::setTargetService
> MessageContext.java:756
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.handlers.http.URLMapper::invoke URLMapper.java:50
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.strategies.InvocationStrategy::visit
> >> InvocationStrategy.java:32
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.SimpleChain::doVisiting SimpleChain.java:118
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.SimpleChain::invoke SimpleChain.java:83
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.server.AxisServer::invoke AxisServer.java:239
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.eclipse.higgins.sts.binding.axis1x.Servlet::doPost
> Servlet.java:826
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> javax.servlet.http.HttpServlet::service HttpServlet.java:710
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.axis.transport.http.AxisServletBase::service
> >> AxisServletBase.java:327
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> javax.servlet.http.HttpServlet::service HttpServlet.java:803
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.ApplicationFilterChain::internalDoFilter
> >> ApplicationFilterChain.java:269
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.ApplicationFilterChain::doFilter
> >> ApplicationFilterChain.java:188
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.StandardWrapperValve::invoke
> >> StandardWrapperValve.java:213
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.StandardContextValve::invoke
> >> StandardContextValve.java:174
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.StandardHostValve::invoke
> >> StandardHostValve.java:127
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.valves.ErrorReportValve::invoke
> >> ErrorReportValve.java:117
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.core.StandardEngineValve::invoke
> >> StandardEngineValve.java:108
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.catalina.connector.CoyoteAdapter::service
> >> CoyoteAdapter.java:174
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.coyote.http11.Http11Processor::process
> >> Http11Processor.java:874
> >> 08:51:46,532 ERROR LogHelper.error (119):
> >> org.apache.coyote.http11.Http11BaseProtocol
> >> $Http11ConnectionHandler::processConnection
> >> Http11BaseProtocol.java:665
> >> 08:51:46,548 ERROR LogHelper.error (119):
> >> org.apache.tomcat.util.net.PoolTcpEndpoint::processSocket
> >> PoolTcpEndpoint.java:528
> >> 08:51:46,548 ERROR LogHelper.error (119):
> >> org.apache.tomcat.util.net.LeaderFollowerWorkerThread::runIt
> >> LeaderFollowerWorkerThread.java:81
> >> 08:51:46,548 ERROR LogHelper.error (119):
> >> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable::run
> >> ThreadPool.java:689
> >> 08:51:46,548 ERROR LogHelper.error (119): java.lang.Thread::run
> null:-1
> >>
> >> Main problem its that the class its on WEB-INF/classes directory
so
> have
> >> to
> >> be visible from the context. Mainly the data flow I use its:
> >> TokenService(cardGeneration) > RelyingPartyDemoApp(login) >
Windows
> >> Cardspace (claim retrieve).
> >>
> >> Any idea?
> >>
> >> Thank you in advance.
> >> --
> >> View this message in context:
> >>
http://www.nabble.com/TokenService-Deployment-problem---Unable-to-
> initialize-TrustBindingSkeleton-tp17399584p17399584.html
> >>
> >> Sent from the Higgins - Dev mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> higgins-dev mailing list
> >> higgins-dev@xxxxxxxxxxx
> >> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >>
> >>
> >>
> >> _______________________________________________
> >> higgins-dev mailing list
> >> higgins-dev@xxxxxxxxxxx
> >> https://dev.eclipse.org/mailman/listinfo/higgins-dev
> >>
> >>
> >
> >
>
> --
> View this message in context: http://www.nabble.com/TokenService-
> Deployment-problem---Unable-to-initialize-TrustBindingSkeleton-
> tp17399584p17532419.html
> Sent from the Higgins - Dev mailing list archive at Nabble.com.
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
--
Christopher Taylor (christopher.taylor@xxxxxxxxxxxxxxxxxxx)
Tel: +49 30 3463 9225
Fraunhofer Institute for Open Communication Systems (FOKUS) CC
eGovernment and Applications (ELAN)
Fraunhofer Institut für Offene Kommunikationssysteme (FOKUS)
Kompetenzzentrum eGovernment und Applikationen (ELAN)
Kaiserin-Augusta-Allee 31
10589 Berlin
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev