RE: [higgins-dev] Problem running STS IdP Solution demo

[Jeesmon Jacob <JJacob@xxxxxxxxxxxxx>]

Possible that the root certificate (alias: ibmroot, Serial number: 456507a5) of the SSL certificate was not installed properly in Trusted Root Certification Authority. Please see the output of localhost.jks below. I’m not sure where to get this root certificate as it seems not available in svn (https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.service/WebContent/ConfigurationFiles/). All my local STS installations I generated my own keystore using java keytool or openSSL. You can get step by step instructions to generate your own keystore using java keytool at http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore or using openSSL at http://www.openssl.org/docs/HOWTO/.

 

$ keytool.exe -v -list -keystore localhost.jks

Enter keystore password:  changeit

 

Keystore type: jks

Keystore provider: SUN

 

Your keystore contains 2 entries

 

Alias name: leaf

Creation date: Feb 28, 2007

Entry type: keyEntry

Certificate chain length: 2

Certificate[1]:

Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US

Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US

Serial number: 456507af

Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026

Certificate fingerprints:

         MD5:  71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E

         SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8

Certificate[2]:

Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US

Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US

Serial number: 456507a5

Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026

Certificate fingerprints:

         MD5:  91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39

         SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0

 

 

*******************************************

*******************************************

 

 

Alias name: ibmroot

Creation date: Feb 28, 2007

Entry type: trustedCertEntry

 

Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US

Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US

Serial number: 456507a5

Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST 2026

Certificate fingerprints:

         MD5:  91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39

         SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0

 

 

*******************************************

*******************************************

 

 

 

From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Mary Ruddy
Sent: Monday, March 24, 2008 9:26 AM
To: 'Higgins (Trust Framework) Project developer discussions'
Subject: [higgins-dev] Problem running STS IdP Solution demo

 

The following problem was experienced  trying to run the STS IdP Solution

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

Hello,

I've a problem when I try to deploy the demos "STS IdP Solution" with the "Extensible Protocol RP Website Solution" using Cardspace.
I generate a card on the IdP, but when I want to use it on the RP, after I select the card in Cardspace, and it tries to get the personal informations on the IdP... Here comes this problem in the Windows Event Viewer :
"There was a failure making a WS-Trust exchange with an external application. No suitable endpoints were found for the identity provider."
I have an internal exception saying there's a problem with the https://localhost/TokenService/services/MetadataUsernameToken url and SSL (remote certificate not correct)...

I use the same keystore (localhost.jks) for signing cards and for ssl in tomcat as provided in the demo.
I have not changed the ManagedConfiguration.xml of the IdP; also the icard.properties and web.xml of the RP seem good about keystores.
I have installed certficates in IE, everything's ok on the IdP and RP web sites, and the https://localhost/TokenService/services/MetadataUsernameToken url reponds in IE.

Can you please help me?!!