users@glassfish.java.net

Signature Validation problem with certificates: OpenESB+OpenSSO+WSSAgent+basic authentication

From: Pawel Rubach <pol_at_lukas.eu.org>
Date: Wed, 21 Oct 2009 08:36:51 -0700 (PDT)

I'm trying to setup a simple BPEL application to be invoked with basic
authentication. After reading through lists and tutorials I decided to try
the following setup.
I installed the current stable OpenESB bundle (GlassFish v. 2.1 + Netbeans
6.5.1). I deployed the current OpenSSO Express 8 with the default
configuration and then followed
http://wikis.sun.com/display/OpenSSO/Securing+Web+Services+With+One+Instance+of+OpenSSO+and+Security+Agents
this tutorial to install the WSS Agent (openssowssproviders.zip). Next I
connected my HTTP-BC (sun-http-bc) component to the agent following
http://docs.sun.com/app/docs/doc/821-0015/ghlhy?a=view this tutorial .
(I had to change to point to the config directory where WSSAgent created the
AMConfig.properties file).

To test this deployment I used the following tutorial:
http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBCAccessManagerAuthorization
http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBCAccessManagerAuthorization


It looks that I managed to do the authentication part, that is if I give a
bad login/password I get a 403 Forbidden error, however if it is correct I
still receive an error that is caused by a signature validation problem.

This is the message I receive:
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <S:Body>
    <S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
      <faultcode>S:Server</faultcode>
      <faultstring>Signature validation failed.</faultstring>
    </S:Fault>
  </S:Body>
</S:Envelope>

I understand more or less that I'm doing sth wrong with certificates. I
tried importing v3 certificates to glassfish according to
https://xwss.dev.java.net/servlets/ProjectDocumentList?folderID=6645&expandFolder=6645&folderID=6645
this.

This, however, has not helped.

Should I somehow define what certificates are used by the OpenSSO, or the
sun-http-bc? If so, how?
or maybe I should import some certificates into the JDK from which I invoke
my client?

Maybe there is a simpler way to do basic authentication with OpenESB, any
help would be greatly appreciated.

Thanks


P.S. On the GlassFish console I get the following errors:

Request URI is '/AuthAMService/AuthAMPort'
ReadTask ByteBuffer [java.nio.HeapByteBuffer[pos=546 lim=8192 cap=8192]]
addTask called with Task
[com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask_at_1b0b43f]
doFilter on request R( /AuthAMService/AuthAMPort), asyncProcessorTask
com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask_at_1b0b43f
Got task mapping for request R( /AuthAMService/AuthAMPort),
asyncProcessorTask
com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask_at_1b0b43f
Service async request for: /AuthAMService/AuthAMPort
Initializing servicing objects
Query string encoding: UTF-8
Completed async invoke
Continue synchronously flag set to false
FAMServerAuthModule.validateRequest:Failed in Validating the Request.
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthModule.validateRequest(FAMServerAuthModule.java:242)
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthContext.validateRequest(FAMServerAuthContext.java:98)
        at
com.sun.xml.wss.provider.wsit.ServerSecurityTube.processRequest(ServerSecurityTube.java:121)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:391)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:619)
Caused by: com.sun.identity.wss.security.SecurityException: Signature
validation failed.
        at
com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:283)
        ... 14 more
FAMServerAuthContext validate request failed
javax.security.auth.message.AuthException: Signature validation failed.
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthModule.validateRequest(FAMServerAuthModule.java:261)
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthContext.validateRequest(FAMServerAuthContext.java:98)
        at
com.sun.xml.wss.provider.wsit.ServerSecurityTube.processRequest(ServerSecurityTube.java:121)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:391)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:619)
Caused by: com.sun.identity.wss.security.SecurityException: Signature
validation failed.
        at
com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:283)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthModule.validateRequest(FAMServerAuthModule.java:242)
        ... 9 more
ws.error_validate_request
javax.xml.ws.soap.SOAPFaultException: Signature validation failed.
        at
com.sun.identity.wssagents.common.provider.FAMServerAuthContext.validateRequest(FAMServerAuthContext.java:105)
        at
com.sun.xml.wss.provider.wsit.ServerSecurityTube.processRequest(ServerSecurityTube.java:121)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:391)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:619)
Finish response for asyncProcessorTask
com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask_at_1b0b43f
addTask called with Task
[com.sun.enterprise.web.connector.grizzly.async.AsyncProcessorTask_at_1b0b43f]




-- 
View this message in context: http://www.nabble.com/Signature-Validation-problem-with-certificates%3A-OpenESB%2BOpenSSO%2BWSSAgent%2Bbasic-authentication-tp25994959p25994959.html
Sent from the java.net - glassfish users mailing list archive at Nabble.com.