[mitreid-connect] Help needed running the simple client.

Lachezar Dobrev l.dobrev at paladin.bulgarpress.com
Mon Feb 16 12:23:28 EST 2015 

  No, not HTTPS, I'm trying the following:
  * user at mitreid.org
  * http://localhost:8080/openid-connect-server-webapp/
  * http://localhost:8080/my-openid-connect-provider/

  I also tried:
  * https://demo.c2id.com/c2id

  Same error.

  This is my local development environment, not production.

  For the http URLs I get a warning in the logs about https being
required (apologies, I did not save that message), but it seems to
continue forward and get the same result. Which is why I'm doubly puzzled.

На 16.02.2015 в 19:07, Justin Richer написа:
> From the error logs below, it looks like you’re pointing to an HTTPS server
> URL that your client isn’t able to read. This appears to be happening from
> the Webfinger Issuer Service trying to do its lookup, which is what’s causing
> the “No issuer found” message. What URL are you entering in to the client
> application?
> 
> If it’s a real deployment, you’ll need to have your server set up with a
> valid certificate that the client will trust. Without that, you’ll get SSL
> errors like the below as the client tries to connect. Note that simply
> having the cert trusted in your browser isn’t enough, as the client makes
> its own HTTPS connections directly to the server as well. It looks like
> you’re configuring the keystore/truststore below but you’ve got the wrong
> password or the file is corrupted. Can you open up the truststore with
> ‘keytool’ on the command line? Do the parameters there match what you’re
> passing to Glassfish’s configuration? (Apologies, I’m not immediately
> familiar with Glassfish enough to know how it’s put together).
> 
> If it’s a test deployment or a development setup, we recommend deploying
> on plain HTTP and using HTTPS for production services. This side-steps
> the issues around SSL certificates that can be problematic in development.
> You’ll need to solve those for production, of course, but by then you’ll
> probably have a commercial certificate that’s already trusted in the trust
> store.
> 
>  — Justin
> 
> 
>> On Feb 16, 2015, at 11:55 AM, Lachezar Dobrev <l.dobrev at paladin.bulgarpress.com> wrote:
>>
>>  Hello all.
>>
>>  I am (trying to) developing an OpenID-Connect provider.
>>
>>  To try it I decided to use the MitreID-Connect example simple-web-app
>> client. The platform is a Glassfish-4 with OpenJDK 7.
>>
>>  I fail in using it. No matter what I try I get a:
>>
>>> HTTP Status 401 - Authentication Failed: No issuer found.
>>
>>  And the following stack trace:
>>
>>> 2015-02-16T18:53:22.462+0200|INFO: WARN : org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - Issue fetching issuer for user input: user at mitreid.org
>>> com.google.common.util.concurrent.UncheckedExecutionException: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context
>>> 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2258)
>>> 	at com.google.common.cache.LocalCache.get(LocalCache.java:3990)
>>> 	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3994)
>>> 	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4878)
>>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService.getIssuer(WebfingerIssuerService.java:89)
>>> 	at org.mitre.openid.connect.client.service.impl.HybridIssuerService.getIssuer(HybridIssuerService.java:48)
>>> 	at org.mitre.openid.connect.client.OIDCAuthenticationFilter.handleAuthorizationRequest(OIDCAuthenticationFilter.java:197)
>>> 	at org.mitre.openid.connect.client.OIDCAuthenticationFilter.attemptAuthentication(OIDCAuthenticationFilter.java:176)
>>> 	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
>>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> 	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> 	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>>> 	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> 	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>>> 	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>>> 	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>> 	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>>> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
>>> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>>> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316)
>>> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
>>> 	at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
>>> 	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
>>> 	at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
>>> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
>>> 	at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415)
>>> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282)
>>> 	at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
>>> 	at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
>>> 	at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201)
>>> 	at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175)
>>> 	at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
>>> 	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
>>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
>>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
>>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
>>> 	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
>>> 	at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
>>> 	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
>>> 	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
>>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
>>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
>>> 	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
>>> 	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
>>> 	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
>>> 	at java.lang.Thread.run(Thread.java:745)
>>> Caused by: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context
>>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
>>> 	at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
>>> 	at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
>>> 	at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
>>> 	at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
>>> 	at org.apache.http.impl.client.AbstractHttpClient.createHttpContext(AbstractHttpClient.java:286)
>>> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:851)
>>> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
>>> 	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:88)
>>> 	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46)
>>> 	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:49)
>>> 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:488)
>>> 	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:465)
>>> 	at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:236)
>>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService$WebfingerIssuerFetcher.load(WebfingerIssuerService.java:207)
>>> 	at org.mitre.openid.connect.client.service.impl.WebfingerIssuerService$WebfingerIssuerFetcher.load(WebfingerIssuerService.java:174)
>>> 	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3589)
>>> 	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2374)
>>> 	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2337)
>>> 	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2252)
>>> 	... 46 more
>>> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
>>> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>>> 	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>>> 	at java.security.KeyStore.load(KeyStore.java:1214)
>>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
>>> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
>>> 	... 65 more
>>> Caused by: java.security.UnrecoverableKeyException: Password verification failed
>>> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>>> 	... 69 more
>>> 2015-02-16T18:53:22.462+0200|INFO: ERROR: org.mitre.openid.connect.client.OIDCAuthenticationFilter - Null issuer response returned from service.

More information about the mitreid-connect mailing list