[mitreid-connect] Help needed running the simple client.

Justin Richer jricher at mit.edu
Mon Feb 16 12:07:34 EST 2015 

>From the error logs below, it looks like you’re pointing to an HTTPS server URL that your client isn’t able to read. This appears to be happening from the Webfinger Issuer Service trying to do its lookup, which is what’s causing the “No issuer found” message. What URL are you entering in to the client application?

If it’s a real deployment, you’ll need to have your server set up with a valid certificate that the client will trust. Without that, you’ll get SSL errors like the below as the client tries to connect. Note that simply having the cert trusted in your browser isn’t enough, as the client makes its own HTTPS connections directly to the server as well. It looks like you’re configuring the keystore/truststore below but you’ve got the wrong password or the file is corrupted. Can you open up the truststore with ‘keytool’ on the command line? Do the parameters there match what you’re passing to Glassfish’s configuration? (Apologies, I’m not immediately familiar with Glassfish enough to know how it’s put together).

If it’s a test deployment or a development setup, we recommend deploying on plain HTTP and using HTTPS for production services. This side-steps the issues around SSL certificates that can be problematic in development. You’ll need to solve those for production, of course, but by then you’ll probably have a commercial certificate that’s already trusted in the trust store.

 — Justin


> On Feb 16, 2015, at 11:55 AM, Lachezar Dobrev <l.dobrev at paladin.bulgarpress.com> wrote:
> 
>  Hello all.
> 
>  I am (trying to) developing an OpenID-Connect provider.
> 
>  To try it I decided to use the MitreID-Connect example simple-web-app
> client. The platform is a Glassfish-4 with OpenJDK 7.
> 
>  I fail in using it. No matter what I try I get a:
> 
>> HTTP Status 401 - Authentication Failed: No issuer found.
> 
>  And the following stack trace:
> 
>> 2015-02-16T18:53:22.462+0200|INFO: WARN : org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - Issue fetching issuer for user input: user at mitreid.org
>> com.google.common.util.concurrent.UncheckedExecutionException: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context
>> 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2258)
>> 	at com.google.common.cache.LocalCache.get(LocalCache.java:3990)
>> 	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3994)
>> 	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4878)
>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService.getIssuer(WebfingerIssuerService.java:89)
>> 	at org.mitre.openid.connect.client.service.impl.HybridIssuerService.getIssuer(HybridIssuerService.java:48)
>> 	at org.mitre.openid.connect.client.OIDCAuthenticationFilter.handleAuthorizationRequest(OIDCAuthenticationFilter.java:197)
>> 	at org.mitre.openid.connect.client.OIDCAuthenticationFilter.attemptAuthentication(OIDCAuthenticationFilter.java:176)
>> 	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> 	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> 	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> 	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>> 	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>> 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>> 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
>> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316)
>> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
>> 	at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
>> 	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
>> 	at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
>> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
>> 	at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415)
>> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282)
>> 	at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
>> 	at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
>> 	at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201)
>> 	at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175)
>> 	at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
>> 	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
>> 	at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
>> 	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
>> 	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
>> 	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
>> 	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
>> 	at java.lang.Thread.run(Thread.java:745)
>> Caused by: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context
>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
>> 	at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
>> 	at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
>> 	at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
>> 	at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
>> 	at org.apache.http.impl.client.AbstractHttpClient.createHttpContext(AbstractHttpClient.java:286)
>> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:851)
>> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
>> 	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:88)
>> 	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
>> 	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:49)
>> 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:488)
>> 	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:465)
>> 	at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:236)
>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService$WebfingerIssuerFetcher.load(WebfingerIssuerService.java:207)
>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService$WebfingerIssuerFetcher.load(WebfingerIssuerService.java:174)
>> 	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3589)
>> 	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2374)
>> 	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2337)
>> 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2252)
>> 	... 46 more
>> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
>> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>> 	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>> 	at java.security.KeyStore.load(KeyStore.java:1214)
>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
>> 	... 65 more
>> Caused by: java.security.UnrecoverableKeyException: Password verification failed
>> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>> 	... 69 more
>> 2015-02-16T18:53:22.462+0200|INFO: ERROR: org.mitre.openid.connect.client.OIDCAuthenticationFilter - Null issuer response returned from service.
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

More information about the mitreid-connect mailing list