Hi All,
Just to set the context, i am very new to OpenSSO.
I have set up an OpenSSO Enterprise 8.0 on Glassfish
I wanted to set up the server for Certificate based Authentication and also configure client Authentication for a user
Although the Server prompts me for certificates, when one is selected (This cert has been added to a user created as part of the userCertificate;binary attribute in the LDAP), it does not authenticate the user and instead redirects me to "Username/Password" login page. (This is because of how i have configured the Authentication Module)
The Coresystem and Authentication logs are as below
Authentication Logs
amAuthCert:05/26/2010 12:56:03:873 PM UTC: Thread[http-thread-pool-8181-(1),10,Grizzly]
ERROR: X509Certificate: getRegCertificate is null
CoreSystem Logs
amSecurity:05/26/2010 12:54:58:512 PM UTC: Thread[http-thread-pool-8181-(2),10,Grizzly]
ERROR: AMCertStore.getConnection: Exception in connection to LDAP server
netscape.ldap.LDAPException: error result (49)
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4866)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1764)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1262)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1271)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1238)
at com.sun.identity.security.cert.AMCertStore.getConnection(AMCertStore.java:126)
at com.sun.identity.security.cert.AMCertStore.getCertificate(AMCertStore.java:220)
at com.sun.identity.security.cert.AMCertStore.getCertificate(AMCertStore.java:467)
at com.sun.identity.security.cert.AMCertStore.getRegisteredCertificate(AMCertStore.java:434)
at com.sun.identity.authentication.modules.cert.Cert.process(Cert.java:433)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:835)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:895)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)
at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:120)
at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:440)
at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:406)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:435)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:388)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:277)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:209)
at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:824)
at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:774)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:451)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
at java.lang.Thread.run(Thread.java:619)
amSecurity:05/26/2010 12:54:58:579 PM UTC: Thread[http-thread-pool-8181-(2),10,Grizzly]
ERROR: AMCertStore.getSearchResults : Error in ldap search for (CN=ClientAuth User)
amSecurity:05/26/2010 12:54:58:579 PM UTC: Thread[http-thread-pool-8181-(2),10,Grizzly]
ERROR: AMCertStore.getSearchResults :
netscape.ldap.LDAPException: error result (53); Rejecting the requested operation because the connection has not been authenticated
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4866)
at netscape.ldap.LDAPConnection.checkSearchMsg(LDAPConnection.java:2640)
at netscape.ldap.LDAPConnection.search(LDAPConnection.java:2612)
at netscape.ldap.LDAPConnection.search(LDAPConnection.java:2434)
at com.sun.identity.security.cert.AMCertStore.getSearchResults(AMCertStore.java:150)
at com.sun.identity.security.cert.AMCertStore.getCertificate(AMCertStore.java:223)
at com.sun.identity.security.cert.AMCertStore.getCertificate(AMCertStore.java:467)
at com.sun.identity.security.cert.AMCertStore.getRegisteredCertificate(AMCertStore.java:434)
at com.sun.identity.authentication.modules.cert.Cert.process(Cert.java:433)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:835)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:895)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)
at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:120)
at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:440)
at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:406)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:435)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:388)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:277)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:209)
at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:824)
at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:774)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:451)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
at java.lang.Thread.run(Thread.java:619)
Any help related to the above will be appreciated
Thanks,
Rahul
[Message sent by forum member 'rahuld3581']
http://forums.java.net/jive/thread.jspa?messageID=471471