Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Higgins » No suitable endpoints found for the IdP!
No suitable endpoints found for the IdP! [message #6617] Thu, 20 March 2008 16:20 Go to next message
Eclipse User
Originally posted by: olivier.laborie.atosorigin.com

Hello,

I've a problem when I try to deploy the demos "STS IdP Solution" with the
"Extensible Protocol RP Website Solution" using Cardspace.
I generate a card on the IdP, but when I want to use it on the RP, after I
select the card in Cardspace, and it tries to get the personal
informations on the IdP...
Here comes this problem in the Windows Event Viewer :
"There was a failure making a WS-Trust exchange with an external
application. No suitable endpoints were found for the identity provider."
I have an internal exception saying there's a problem with the
https://localhost/TokenService/services/MetadataUsernameToke n url and SSL
(remote certificate not correct)...

I use the same keystore (localhost.jks) for signing cards and for ssl in
tomcat as provided in the demo.
I have not changed the ManagedConfiguration.xml of the IdP; also the
icard.properties and web.xml of the RP seem good about keystores.
I have installed certficates in IE, everything's ok on the IdP and RP web
sites, and the
https://localhost/TokenService/services/MetadataUsernameToke n url reponds
in IE.

Can you please help me?!!
Re: No suitable endpoints found for the IdP! [message #6635 is a reply to message #6617] Mon, 24 March 2008 19:35 Go to previous messageGo to next message
Eclipse User
Originally posted by: Mary.socialphysics.org

The file localhost.jks contains the root cert so you should be able to
install the certs including the trusted root properly in the browser
without needing any other files.

This is only for testing purposes. You should create your own certificates
for anything other than test.

>>>>>>>>
Possible that the root certificate (alias: ibmroot, Serial number:
456507a5) of the SSL certificate was not installed properly in Trusted
Root Certification Authority. Please see the output of localhost.jks
below. I’m not sure where to get this root certificate as it seems not
available in svn
( https://dev.eclipse.org/svnroot/technology/org.eclipse.higgi ns/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.serv ice/WebContent/ConfigurationFiles/).
All my local STS installations I generated my own keystore using java
keytool or openSSL. You can get step by step instructions to generate your
own keystore using java keytool at
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keyst ore or using
openSSL at http://www.openssl.org/docs/HOWTO/.

$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password: changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0


*******************************************
*******************************************


Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry

Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0



Hope this helps
Re: No suitable endpoints found for the IdP! [message #7997 is a reply to message #6635] Thu, 03 April 2008 09:38 Go to previous message
Eclipse User
Originally posted by: olivierlaborie.hotmail.com

Mary,
I've generated my own self-signed certificates with keytool to see what
happens (instead of using those provided). I've got the same error.
I've forgotten to tell you that I also have another error in the event
viewer at the same time than the url error :

Event ID: 259

An incoming identity could not be validated. The identity of the site
could not be validated. Contact the administrator of the site. For more
information, see the event log.

Inner Exception: The X.509 certificate is both not chain trusted and peer
trusted. Chain trust error(s): The X.509 certificate CN=W20129, OU=test,
O=test, L=test, S=test, C=fr; B032AE17C7A84AF563548E6F9D9AE88D28D3D3B
chain building failed. The certificate that was used has a trust chain
that cannot be verified. Unknown error. Peer trust error(s): The X.509
certificate CN=W20129, OU=test, O=test, L=test, S=test, C=fr;
B032AE17C7A84AF563548E6F9D9AE88D28D3D3B is not in the trusted people store.


Any idea ?
Re: No suitable endpoints found for the IdP! [message #562633 is a reply to message #6617] Mon, 24 March 2008 19:35 Go to previous message
Mary is currently offline Mary
Messages: 4
Registered: July 2009
Junior Member
The file localhost.jks contains the root cert so you should be able to
install the certs including the trusted root properly in the browser
without needing any other files.

This is only for testing purposes. You should create your own certificates
for anything other than test.

>>>>>>>>
Possible that the root certificate (alias: ibmroot, Serial number:
456507a5) of the SSL certificate was not installed properly in Trusted
Root Certification Authority. Please see the output of localhost.jks
below. I’m not sure where to get this root certificate as it seems not
available in svn
( https://dev.eclipse.org/svnroot/technology/org.eclipse.higgi ns/trunk/plugins/org.eclipse.higgins.sts.binding.axis1x.serv ice/WebContent/ConfigurationFiles/).
All my local STS installations I generated my own keystore using java
keytool or openSSL. You can get step by step instructions to generate your
own keystore using java keytool at
http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keyst ore or using
openSSL at http://www.openssl.org/docs/HOWTO/

$ keytool.exe -v -list -keystore localhost.jks
Enter keystore password: changeit

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: leaf
Creation date: Feb 28, 2007
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Higgins, O=Eclipse, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507af
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 71:00:6F:85:5D:50:44:88:FA:47:80:33:19:A8:51:8E
SHA1: 7D:04:95:69:A4:AD:91:ED:8D:07:8E:87:BB:33:62:04:A0:41:BC:F8
Certificate[2]:
Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0


*******************************************
*******************************************


Alias name: ibmroot
Creation date: Feb 28, 2007
Entry type: trustedCertEntry

Owner: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Issuer: CN=Root CA, OU=IBM Research, O=IBM Corporation, C=US
Serial number: 456507a5
Valid from: Wed Nov 22 21:29:57 EST 2006 until: Tue Nov 17 21:29:57 EST
2026
Certificate fingerprints:
MD5: 91:5E:32:E4:94:F9:E7:89:84:B0:F5:C8:2E:04:4D:39
SHA1: 13:BD:DD:E9:6D:C4:3C:BE:84:E3:94:CD:97:6F:BE:59:4A:BF:62:A0



Hope this helps
Re: No suitable endpoints found for the IdP! [message #562730 is a reply to message #6635] Thu, 03 April 2008 09:38 Go to previous message
Olivier is currently offline Olivier
Messages: 24
Registered: July 2009
Junior Member
Mary,
I've generated my own self-signed certificates with keytool to see what
happens (instead of using those provided). I've got the same error.
I've forgotten to tell you that I also have another error in the event
viewer at the same time than the url error :

Event ID: 259

An incoming identity could not be validated. The identity of the site
could not be validated. Contact the administrator of the site. For more
information, see the event log.

Inner Exception: The X.509 certificate is both not chain trusted and peer
trusted. Chain trust error(s): The X.509 certificate CN=W20129, OU=test,
O=test, L=test, S=test, C=fr; B032AE17C7A84AF563548E6F9D9AE88D28D3D3B
chain building failed. The certificate that was used has a trust chain
that cannot be verified. Unknown error. Peer trust error(s): The X.509
certificate CN=W20129, OU=test, O=test, L=test, S=test, C=fr;
B032AE17C7A84AF563548E6F9D9AE88D28D3D3B is not in the trusted people store.


Any idea ?
Previous Topic:Putting together a multiple protocol RP application
Next Topic:idemix
Goto Forum:
  


Current Time: Fri Oct 24 17:12:01 GMT 2014

Powered by FUDForum. Page generated in 0.02359 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software