Problem running sts-sample

classic Classic list List threaded Threaded
12 messages Options
Ugo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problem running sts-sample

Ugo
I am trying to run the sts-sample client (step 8 in the sts-sample instructions), but I am getting a run-time error:

D:\wso2wsas-2.3\samples\sts-sample>run-client.bat http://192.168.1.100:9762/services/wso2wsas-sts http://192.168.1.100:9762/services/echo
Using WSO2WSAS_HOME: D:\wso2wsas-2.3
Using JAVA_HOME: D:\Java\jdk1.5.0_12
Security token service endpoint address: http://192.168.1.100:9762/services/wso2wsas-sts
Secured Service endpoint address: http://192.168.1.100:9762/services/echo
log4j:WARN No appenders could be found for logger (org.apache.axis2.deployment.FileSystemConfigurator).
log4j:WARN Please initialize the log4j system properly.
org.apache.axis2.AxisFault: Error during encryption
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
...
Caused by: org.apache.ws.security.WSSecurityException: An unsupported token was provided
(An X509 certificate with version 3 must be used for SKI. The presented cert has version: 1)
at org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
...

Any clue of what might be wrong?

Thank you,
Ugo

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Prabath Siriwardena
Hi;

You may find this[1] useful.

Thanks & regards.
-Prabath

[1]:http://blog.facilelogin.com/2008/10/secure-conversation-with-sts.html

Ugo wrote:

> I am trying to run the sts-sample client (step 8 in the sts-sample
> instructions), but I am getting a run-time error:
>
> D:\wso2wsas-2.3\samples\sts-sample>run-client.bat
> http://192.168.1.100:9762/services/wso2wsas-sts
> http://192.168.1.100:9762/services/echo
> Using WSO2WSAS_HOME: D:\wso2wsas-2.3
> Using JAVA_HOME: D:\Java\jdk1.5.0_12
> Security token service endpoint address:
> http://192.168.1.100:9762/services/wso2wsas-sts
> Secured Service endpoint address: http://192.168.1.100:9762/services/echo
> log4j:WARN No appenders could be found for logger
> (org.apache.axis2.deployment.FileSystemConfigurator).
> log4j:WARN Please initialize the log4j system properly.
> org.apache.axis2.AxisFault: Error during encryption
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> ...
> Caused by: org.apache.ws.security.WSSecurityException: An unsupported token
> was provided
> (An X509 certificate with version 3 must be used for SKI. The presented cert
> has version: 1)
> at
> org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
> ...
>
> Any clue of what might be wrong?
>
> Thank you,
> Ugo
>
>
>  
> ------------------------------------------------------------------------
>
>
> Internal Virus Database is out of date.
> Checked by AVG - http://www.avg.com 
> Version: 8.0.176 / Virus Database: 270.10.5/1883 - Release Date: 1/8/2009 6:05 PM
>
>  


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Ugo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Ugo
Thank you, Prabath. I took a look at your article and I replaced the original wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after doing that I cannot login to the WSAS console using admin/admin any more. If I put the original file back, I can login once again.

Should I use a different login account after replacing the original wso2wsas.jks with your file?

Thank you,
Ugo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Afkham Azeez
Hi Ugo,
In order to login to the WSAS Mgt Console please run the
chpasswd.sh/bat script and change the password of the admin user. The
reason why you cannot login to the admin console is that the admin's
password has been encrypted using the key in the old keystore and
saved in the WSAS database. Running chpasswd will replace the pwd
encrypted with the new key. The proper security details may need to be
provided in the WSAS server.xml file.

Azeez

On Sat, Jan 17, 2009 at 10:16 AM, Ugo <[hidden email]> wrote:

>
> Thank you, Prabath. I took a look at your article and I replaced the original
> wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after
> doing that I cannot login to the WSAS console using admin/admin any more. If
> I put the original file back, I can login once again.
>
> Should I use a different login account after replacing the original
> wso2wsas.jks with your file?
>
> Thank you,
> Ugo
>
> --
> View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21513104.html
> Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.
>
>
> _______________________________________________
> Wsas-java-user mailing list
> [hidden email]
> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>



--
Thanks
Afkham Azeez

Blog: http://afkham.org
Developer Portal: http://www.wso2.org
WSAS Blog: http://wso2wsas.blogspot.com
Company: http://wso2.com
GPG Fingerprint: 643F C2AF EB78 F886 40C9  B2A2 4AE2 C887 665E 0760

_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Prabath Siriwardena
In reply to this post by Ugo
Hi;

Please have a look at [1] - will help you resetting the certs in WSAS.

Or else - if you replace the WSAS key store before the first run - then
it'll be simply fine.

Thanks & regards.
-Prabath

[1]:http://wso2.org/library/3002

Ugo wrote:

> Thank you, Prabath. I took a look at your article and I replaced the original
> wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after
> doing that I cannot login to the WSAS console using admin/admin any more. If
> I put the original file back, I can login once again.
>
> Should I use a different login account after replacing the original
> wso2wsas.jks with your file?
>
> Thank you,
> Ugo
>
>  
> ------------------------------------------------------------------------
>
>
> Internal Virus Database is out of date.
> Checked by AVG - http://www.avg.com 
> Version: 8.0.176 / Virus Database: 270.10.5/1883 - Release Date: 1/8/2009 6:05 PM
>
>  


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Afkham Azeez
Yes, replacing the WSAS keystore before running WSAS for the first
time will be the easiest solution. This is because during the first
run, the passwords are encrypted and stored in the database

Azeez

On Sat, Jan 17, 2009 at 10:29 AM, Prabath Siriwardena <[hidden email]> wrote:

> Hi;
>
> Please have a look at [1] - will help you resetting the certs in WSAS.
>
> Or else - if you replace the WSAS key store before the first run - then
> it'll be simply fine.
>
> Thanks & regards.
> -Prabath
>
> [1]:http://wso2.org/library/3002
>
> Ugo wrote:
>> Thank you, Prabath. I took a look at your article and I replaced the original
>> wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after
>> doing that I cannot login to the WSAS console using admin/admin any more. If
>> I put the original file back, I can login once again.
>>
>> Should I use a different login account after replacing the original
>> wso2wsas.jks with your file?
>>
>> Thank you,
>> Ugo
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> Internal Virus Database is out of date.
>> Checked by AVG - http://www.avg.com
>> Version: 8.0.176 / Virus Database: 270.10.5/1883 - Release Date: 1/8/2009 6:05 PM
>>
>>
>
>
> _______________________________________________
> Wsas-java-user mailing list
> [hidden email]
> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>



--
Thanks
Afkham Azeez

Blog: http://afkham.org
Developer Portal: http://www.wso2.org
WSAS Blog: http://wso2wsas.blogspot.com
Company: http://wso2.com
GPG Fingerprint: 643F C2AF EB78 F886 40C9  B2A2 4AE2 C887 665E 0760

_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Nunny
In reply to this post by Ugo
Hi Ugo,
   Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml file with one that is attached in this mail. The only change I did was adding the <sp:RequireThumbprintReference/> assertion with the <sp:X509Token/> assertion. This is required as we are using version 1 - X.509 certificates. 
And the documentation seems to be a bit outdated. In step 6, it should be scenario #17 and not scenario #12. In step 8, make sure the <echo-service-http-address> you enter is the exact one you used in step 5, STS configuration.
   I was able to run it successfully with above steps.

thanks,
nandana

On Sat, Jan 17, 2009 at 1:37 AM, Ugo <[hidden email]> wrote:

I am trying to run the sts-sample client (step 8 in the sts-sample
instructions), but I am getting a run-time error:

D:\wso2wsas-2.3\samples\sts-sample>run-client.bat
http://192.168.1.100:9762/services/wso2wsas-sts
http://192.168.1.100:9762/services/echo
Using WSO2WSAS_HOME: D:\wso2wsas-2.3
Using JAVA_HOME: D:\Java\jdk1.5.0_12
Security token service endpoint address:
http://192.168.1.100:9762/services/wso2wsas-sts
Secured Service endpoint address: http://192.168.1.100:9762/services/echo
log4j:WARN
No appenders could be found for logger
(org.apache.axis2.deployment.FileSystemConfigurator).
log4j:WARN Please initialize the log4j system properly.
org.apache.axis2.AxisFault: Error during encryption
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
...
Caused by: org.apache.ws.security.WSSecurityException: An unsupported token
was provided
(An X509 certificate with version 3 must be used for SKI. The presented cert
has version: 1)
at
org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
...

Any clue of what might be wrong?

Thank you,
Ugo


--
View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html
Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user

_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user

sts.policy.xml (3K) Download Attachment
Ugo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Ugo
Thank you all! I followed your directions and I was able to successfully run the sample.

Ugo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cannot add new endpoint

Jonathan Gershater
In reply to this post by Nunny
hi

I am using the product as an STS, i configured it for option #1:
1. UsernameToken with Timestamp over HTTPS Provides Authentication. Clients have Username Tokens


I generated a new .jks file with self signed certs using this command:
#keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks -storepass wso2wsas

I tried to add a new endpoint, to do this I click on:< wsas-sts > STS Configuration

I get an error, "Could not read certificates from keystore file. Keystore was tampered with, or password was incorrect"



 INFO [2009-01-19 18:11:54,852]  Administrator 'admin' logged in at [2009-01-19 18:11:54,0793] from IP address 127.0.0.1
ERROR [2009-01-19 18:12:01,573]  Could not read certificates from keystore file. 
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.wso2.wsas.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:156)
at org.wso2.wsas.admin.service.STSAdmin.getCertAliasOfPrimaryKeyStore(STSAdmin.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:165)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
< n" style="white-space:pre"> at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.se rvice(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:142)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv an class="Apple-tab-span" style="white-space:pre"> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.ht ttp11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:613)


On Jan 16, 2009, at 11:08 PM, Nandana Mihindukulasooriya wrote:

Hi Ugo,
   Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml file with one that is attached in this mail. The only change sp:RequireThumbprintReference/> assertion with the <sp:X509Token/> assertion. This is required as we are using version 1 - X.509 certificates. 
And the documentation seems to be a bit outdated. In step 6, it should be scenario #17 and not scenario #12. In step 8, make sure the <echo-service-http-address> you enter is the exact one you used in step 5, STS configuration.
   I was able to run it successfully with above steps.

thanks,
nandana

On Sat, Jan 17, 2009 at 1:37 AM, Ugo <[hidden email]> wrote:

I am trying to run the sts-sample client (step 8 in the sts-sample
instructions), but I am getting a run-time error:

D:\wso2wsas-2.3\samples\sts-sample>run-client.bat
<a href="http://192.168.1.100 ts" target="_blank">http://192.168.1.100:9762/services/wso2wsas-sts
http://192.168.1.100:9762/services/echo
Using WSO2WSAS_HOME: D:\wso2wsas-2.3
Using JAVA_HOME: D:\Java\jdk1.5.0_12
Security token service endpoint address:
http://192.168.1.100:9762/services/wso2wsas-sts
Secured Service endpoint address: http://192.168.1.100:9762/services/echo
log4j:WARN
No appenders could be found for logger
(org.apache.axis2.deployment.FileSystemConfigurator).
log4j:WARN Please initialize the log4j system properly.
org.apache.axis2.AxisFault: Error during encryption
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
...
Caused by: org.apache.ws.security.WSSecurityException: An unsupported token
9 certificate with version 3 must be used for SKI. The presented cert
has version: 1)
at
org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
...

Any clue of what might be wrong?

Thank you,
Ugo


--
View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html
Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
<sts.policy.xml>____________________________________ user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user

Jonathan Gershater
Desk
Cell: +1 (650) 303 1092





_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user

Jonathan Gershater.vcf (355 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cannot add new endpoint

Nunny
Hi Jonathan,
      When did you change the certificate ? Was it after first run ?

thanks,
nandana

On Tue, Jan 20, 2009 at 7:55 AM, Jonathan Gershater <[hidden email]> wrote:
hi

I am using the product as an STS, i configured it for option #1:
1. UsernameToken with Timestamp over HTTPS Provides Authentication. Clients have Username Tokens


I generated a new .jks file with self signed certs using this command:
#keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks -storepass wso2wsas

I tried to add a new endpoint, to do this I click on:< wsas-sts > SerTS Configuration

I get an error, "Could not read certificates from keystore file. Keystore was tampered with, or password was incorrect"



 INFO [2009-01-19 18:11:54,852]  Administrator 'admin' logged in at [2009-01-19 18:11:54,0793] from IP address 127.0.0.1
ERROR [2009-01-19 18:12:01,573]  Could not read certificates from keystore file. 
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.wso2.wsas.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:156)
at org.wso2.wsas.admin.service.STSAdmin.getCertAliasOfPrimaryKeyStore(STSAdmin.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:165)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
< n" style="white-space:pre"> at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.se rvice(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:142)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv an class="Apple-tab-span" style="white-space:pre"> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.ht ttp11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:613)


On Jan 16, 2009, at 11:08 PM, Nandana Mihindukulasooriya wrote:

Hi Ugo,
   Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml file with one that is attached in this mail. The only change sp:RequireThumbprintReference/> assertion with the <sp:X509Token/> assertion. This is required as we are using version 1 - X.509 certificates. 
And the documentation seems to be a bit outdated. In step 6, it should be scenario #17 and not scenario #12. In step 8, make sure the <echo-service-http-address> you enter is the exact one you used in step 5, STS configuration.
   I was able to run it successfully with above steps.

thanks,
nandana

On Sat, Jan 17, 2009 at 1:37 AM, Ugo <[hidden email]> wrote:

I am trying to run the sts-sample client (step 8 in the sts-sample
instructions), but I am getting a run-time error:

D:\wso2wsas-2.3\samples\sts-sample>run-client.bat
http://192.168.1.100:9762/services/wso2wsas-sts
http://192.168.1.100:9762/services/echo
Using WSO2WSAS_HOME: D:\wso2wsas-2.3
Using JAVA_HOME: D:\Java\jdk1.5.0_12
Security token service endpoint address:
http://192.168.1.100:9762/services/wso2wsas-sts
Secured Service endpoint address: http://192.168.1.100:9762/services/echo
log4j:WARN
No appenders could be found for logger
(org.apache.axis2.deployment.FileSystemConfigurator).
log4j:WARN Please initialize the log4j system properly.
org.apache.axis2.AxisFault: Error during encryption
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
...
Caused by: org.apache.ws.security.WSSecurityException: An unsupported token
9 certificate with version 3 must be used for SKI. The presented cert
has version: 1)
at
org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272)
...

Any clue of what might be wrong?

Thank you,
Ugo


--
View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html
Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
<sts.policy.xml>____________________________________ user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user

Jonathan Gershater
Desk
Cell: +1 (650) 303 1092





_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user


_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

SanjayGupta
In reply to this post by Afkham Azeez
Hi,
I am using wso2wsas 3.0.1 and trying sts-sample but getting this error. Any idea what would cause this error. I did follow all the instructions.

[2009-03-17 19:09:05,374] ERROR -  org.apache.rahas.TrustException: Expected parameter missing : "saml-issuer-config"  {org.apache.rahas.STSMessageReceiver}
[2009-03-17 19:09:05,374] ERROR -  org.apache.rahas.TrustException: Expected parameter missing : "saml-issuer-config"  {org.apache.rahas.STSMessageReceiver}
[2009-03-17 19:09:05,374] ERROR -  Expected parameter missing : "saml-issuer-config"  {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: Expected parameter missing : "saml-issuer-config"
        at org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.java:66)
        at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
        at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
        at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:116)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:619)



Afkham Azeez wrote
Hi Ugo,
In order to login to the WSAS Mgt Console please run the
chpasswd.sh/bat script and change the password of the admin user. The
reason why you cannot login to the admin console is that the admin's
password has been encrypted using the key in the old keystore and
saved in the WSAS database. Running chpasswd will replace the pwd
encrypted with the new key. The proper security details may need to be
provided in the WSAS server.xml file.

Azeez

On Sat, Jan 17, 2009 at 10:16 AM, Ugo <ugo.corda@ntc.com> wrote:
>
> Thank you, Prabath. I took a look at your article and I replaced the original
> wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after
> doing that I cannot login to the WSAS console using admin/admin any more. If
> I put the original file back, I can login once again.
>
> Should I use a different login account after replacing the original
> wso2wsas.jks with your file?
>
> Thank you,
> Ugo
>
> --
> View this message in context: http://www.nabble.com/Problem-running-sts-sample-tp21507516p21513104.html
> Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.
>
>
> _______________________________________________
> Wsas-java-user mailing list
> Wsas-java-user@wso2.org
> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>



--
Thanks
Afkham Azeez

Blog: http://afkham.org
Developer Portal: http://www.wso2.org
WSAS Blog: http://wso2wsas.blogspot.com
Company: http://wso2.com
GPG Fingerprint: 643F C2AF EB78 F886 40C9  B2A2 4AE2 C887 665E 0760

_______________________________________________
Wsas-java-user mailing list
Wsas-java-user@wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem running sts-sample

Prabath Siriwardena
Hi;

Can you please go through this [1].

Thanks & regards.
-Prabath

[1]:http://blog.facilelogin.com/2009/02/secure-token-service-with-wso2-wsas-30.html

skgupta3000 wrote:

> Hi,
> I am using wso2wsas 3.0.1 and trying sts-sample but getting this error. Any
> idea what would cause this error. I did follow all the instructions.
>
> [2009-03-17 19:09:05,374] ERROR -  org.apache.rahas.TrustException: Expected
> parameter missing : "saml-issuer-config"
> {org.apache.rahas.STSMessageReceiver}
> [2009-03-17 19:09:05,374] ERROR -  org.apache.rahas.TrustException: Expected
> parameter missing : "saml-issuer-config"
> {org.apache.rahas.STSMessageReceiver}
> [2009-03-17 19:09:05,374] ERROR -  Expected parameter missing :
> "saml-issuer-config"  {org.apache.axis2.engine.AxisEngine}
> org.apache.axis2.AxisFault: Expected parameter missing :
> "saml-issuer-config"
> at
> org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.java:66)
> at
> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
> at
> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
> at java.lang.Thread.run(Thread.java:619)
>
>
>
>
> Afkham Azeez wrote:
>  
>> Hi Ugo,
>> In order to login to the WSAS Mgt Console please run the
>> chpasswd.sh/bat script and change the password of the admin user. The
>> reason why you cannot login to the admin console is that the admin's
>> password has been encrypted using the key in the old keystore and
>> saved in the WSAS database. Running chpasswd will replace the pwd
>> encrypted with the new key. The proper security details may need to be
>> provided in the WSAS server.xml file.
>>
>> Azeez
>>
>> On Sat, Jan 17, 2009 at 10:16 AM, Ugo <[hidden email]> wrote:
>>    
>>> Thank you, Prabath. I took a look at your article and I replaced the
>>> original
>>> wso2wsas.jks from WSAS 2.3 with the one you mention. Unfortunately after
>>> doing that I cannot login to the WSAS console using admin/admin any more.
>>> If
>>> I put the original file back, I can login once again.
>>>
>>> Should I use a different login account after replacing the original
>>> wso2wsas.jks with your file?
>>>
>>> Thank you,
>>> Ugo
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Problem-running-sts-sample-tp21507516p21513104.html
>>> Sent from the WSO2 WSAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> _______________________________________________
>>> Wsas-java-user mailing list
>>> [hidden email]
>>> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>>>
>>>      
>>
>> --
>> Thanks
>> Afkham Azeez
>>
>> Blog: http://afkham.org
>> Developer Portal: http://www.wso2.org
>> WSAS Blog: http://wso2wsas.blogspot.com
>> Company: http://wso2.com
>> GPG Fingerprint: 643F C2AF EB78 F886 40C9  B2A2 4AE2 C887 665E 0760
>>
>> _______________________________________________
>> Wsas-java-user mailing list
>> [hidden email]
>> https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
>>
>>
>>    
>
>  
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.238 / Virus Database: 270.11.18/2009 - Release Date: 03/18/09 07:17:00
>
>  



_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Loading...