Home » Archived » Higgins » No suitable endpoints found for the IdP!
| No suitable endpoints found for the IdP! [message #6617] |
Thu, 20 March 2008 16:20  |
Eclipse User |
|
|
|
Originally posted by: olivier.laborie.atosorigin.com
Hello,
I've a problem when I try to deploy the demos "STS IdP Solution" with the
"Extensible Protocol RP Website Solution" using Cardspace.
I generate a card on the IdP, but when I want to use it on the RP, after I
select the card in Cardspace, and it tries to get the personal
informations on the IdP...
Here comes this problem in the Windows Event Viewer :
"There was a failure making a WS-Trust exchange with an external
application. No suitable endpoints were found for the identity provider."
I have an internal exception saying there's a problem with the
https://localhost/TokenService/services/MetadataUsernameToke n url and SSL
(remote certificate not correct)...
I use the same keystore (localhost.jks) for signing cards and for ssl in
tomcat as provided in the demo.
I have not changed the ManagedConfiguration.xml of the IdP; also the
icard.properties and web.xml of the RP seem good about keystores.
I have installed certficates in IE, everything's ok on the IdP and RP web
sites, and the
https://localhost/TokenService/services/MetadataUsernameToke n url reponds
in IE.
Can you please help me?!!
|
|
|
| Re: No suitable endpoints found for the IdP! [message #6635 is a reply to message #6617] |
Mon, 24 March 2008 19:35  |
| Eclipse User |
|
|
|
Originally posted by: Mary.socialphysics.org
The file localhost.jks contains the root cert so you should be able to
install the certs including the trusted root properly in the browser
without needing any other files.
This is only for testing purposes. You should create your own certificates
for anything other than test.
>>>>>>>>
Possible that the root certificate (alias: ibmroot, Serial number:
456507a5) of the SSL certificate was not installed properly in Trusted
Root Certification Authority. Please see the output of localhost.jks
below. Im not sure where to get this root certificate as it seems not
available in svn
( https://dev.eclipse.org/svnroot/technology/org.eclipse.higgi ns/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.serv ice/WebContent/ConfigurationFiles/).
All my local STS installations I generated my own keystore using java
keytool or openSSL. You can get step by step instructions to generate your
own keystore using java keytool at
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keyst ore or using
openSSL at http://www.openssl.org/docs/HOWTO/.
$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
*******************************************
*******************************************
Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
Hope this helps
|
|
|
| Re: No suitable endpoints found for the IdP! [message #7997 is a reply to message #6635] |
Thu, 03 April 2008 09:38 |
| Eclipse User |
|
|
|
Originally posted by: olivierlaborie.hotmail.com
Mary,
I've generated my own self-signed certificates with keytool to see what
happens (instead of using those provided). I've got the same error.
I've forgotten to tell you that I also have another error in the event
viewer at the same time than the url error :
Event ID: 259
An incoming identity could not be validated. The identity of the site
could not be validated. Contact the administrator of the site. For more
information, see the event log.
Inner Exception: The X.509 certificate is both not chain trusted and peer
trusted. Chain trust error(s): The X.509 certificate CN=W20129, OU=test,
O=test, L=test, S=test, C=fr; B032AE17C7A84AF563548E6F9D9AE88D28D3D3B
chain building failed. The certificate that was used has a trust chain
that cannot be verified. Unknown error. Peer trust error(s): The X.509
certificate CN=W20129, OU=test, O=test, L=test, S=test, C=fr;
B032AE17C7A84AF563548E6F9D9AE88D28D3D3B is not in the trusted people store.
Any idea ?
|
|
|
| Re: No suitable endpoints found for the IdP! [message #562633 is a reply to message #6617] |
Mon, 24 March 2008 19:35 |
 Mary
Messages: 4
Registered: July 2009 |
Junior Member |
|
|
The file localhost.jks contains the root cert so you should be able to
install the certs including the trusted root properly in the browser
without needing any other files.
This is only for testing purposes. You should create your own certificates
for anything other than test.
>>>>>>>>
Possible that the root certificate (alias: ibmroot, Serial number:
456507a5) of the SSL certificate was not installed properly in Trusted
Root Certification Authority. Please see the output of localhost.jks
below. Im not sure where to get this root certificate as it seems not
available in svn
( https://dev.eclipse.org/svnroot/technology/org.eclipse.higgi ns/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.serv ice/WebContent/ConfigurationFiles/).
All my local STS installations I generated my own keystore using java
keytool or openSSL. You can get step by step instructions to generate your
own keystore using java keytool at
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keyst ore or using
openSSL at http://www.openssl.org/docs/HOWTO/
$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
*******************************************
*******************************************
Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0
Hope this helps
|
|
|
| Re: No suitable endpoints found for the IdP! [message #562730 is a reply to message #6635] |
Thu, 03 April 2008 09:38 |
Olivier
Messages: 24
Registered: July 2009 |
Junior Member |
|
|
Mary,
I've generated my own self-signed certificates with keytool to see what
happens (instead of using those provided). I've got the same error.
I've forgotten to tell you that I also have another error in the event
viewer at the same time than the url error :
Event ID: 259
An incoming identity could not be validated. The identity of the site
could not be validated. Contact the administrator of the site. For more
information, see the event log.
Inner Exception: The X.509 certificate is both not chain trusted and peer
trusted. Chain trust error(s): The X.509 certificate CN=W20129, OU=test,
O=test, L=test, S=test, C=fr; B032AE17C7A84AF563548E6F9D9AE88D28D3D3B
chain building failed. The certificate that was used has a trust chain
that cannot be verified. Unknown error. Peer trust error(s): The X.509
certificate CN=W20129, OU=test, O=test, L=test, S=test, C=fr;
B032AE17C7A84AF563548E6F9D9AE88D28D3D3B is not in the trusted people store.
Any idea ?
|
|
|
Goto Forum:
Current Time: Wed Apr 24 19:12:04 GMT 2024
Powered by FUDForum. Page generated in 0.03588 seconds |
] 
Search
Help
Register
Login
Home
