Skip to main content

Re: Writing a standalone Java client to access a secured WCF webservice

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
8 replies [Last post]
Anonymous

Thanks Jiandong!
My test application is now working (needed to modify the URL's that the
Service class was pointing too as well as add the Security constraint in the
web.xml)

For my original problem of accessing a WCF secure webservice, I have written
a similar client to my test client. However I am seeing security errors.
The SAML assertion from the SAML callback handler is in-correct for now but
I will change that later on once I am able to connect to the service.

For now I am seeing some issue with the certs it looks like...
Can you please guide me as to how to resolve this issue?

javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://abc.com/path/api/TrackMe.svc?wsdl. It failed with:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target.
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:184)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:166)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:131)
at
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:267)
at
com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:230)
at
com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:178)
at
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:106)
at javax.xml.ws.Service.(Service.java:56)
at
org.tempuri.TrackAndTracePublicApi.(TrackAndTracePublicApi.java:42)
at com.client.TnTClientServlet.getApiVersion(TnTClientServlet.java:100)
at com.client.TnTClientServlet.processRequest(TnTClientServlet.java:45)
at com.client.TnTClientServlet.doGet(TnTClientServlet.java:71)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1010)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:837)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:294)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:151)
... 28 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 43 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 49 more

Thank you for your help!
Carl.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Glen Mazza

That error normally means a truststore is missing a public cert; here,
most likely the public cert of the server hosting the WSDL will need to
be placed in the truststore used by the client. See Step #8 here:
http://www.jroller.com/gmazza/entry/ssl_for_web_services

Glen

On 11/03/2012 06:02 AM, carl_3 wrote:
> Thanks Jiandong!
> My test application is now working (needed to modify the URL's that the
> Service class was pointing too as well as add the Security constraint in the
> web.xml)
>
> For my original problem of accessing a WCF secure webservice, I have written
> a similar client to my test client. However I am seeing security errors.
> The SAML assertion from the SAML callback handler is in-correct for now but
> I will change that later on once I am able to connect to the service.
>
> For now I am seeing some issue with the certs it looks like...
> Can you please guide me as to how to resolve this issue?
>
>
> javax.xml.ws.WebServiceException: Failed to access the WSDL at:
> https://abc.com/path/api/TrackMe.svc?wsdl. It failed with:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target.
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:184)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:166)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:131)
> at
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:267)
> at
> com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:230)
> at
> com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:178)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:106)
> at javax.xml.ws.Service.(Service.java:56)
> at
> org.tempuri.TrackAndTracePublicApi.(TrackAndTracePublicApi.java:42)
> at com.client.TnTClientServlet.getApiVersion(TnTClientServlet.java:100)
> at com.client.TnTClientServlet.processRequest(TnTClientServlet.java:45)
> at com.client.TnTClientServlet.doGet(TnTClientServlet.java:71)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1010)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:837)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:294)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:151)
> ... 28 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 43 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 49 more
>
>
> Thank you for your help!
> Carl.
>
>
>

jdg6688
Offline
Joined: 2005-11-02

If the SSL server cert if issued by a CA, you can just import the CA
certificate to the client trust store.

Thanks!

Jiandong

On 11/3/2012 5:35 AM, Glen Mazza wrote:
> That error normally means a truststore is missing a public cert; here,
> most likely the public cert of the server hosting the WSDL will need
> to be placed in the truststore used by the client. See Step #8 here:
> http://www.jroller.com/gmazza/entry/ssl_for_web_services
>
> Glen
>
> On 11/03/2012 06:02 AM, carl_3 wrote:
>> Thanks Jiandong!
>> My test application is now working (needed to modify the URL's that the
>> Service class was pointing too as well as add the Security constraint in the
>> web.xml)
>>
>> For my original problem of accessing a WCF secure webservice, I have written
>> a similar client to my test client. However I am seeing security errors.
>> The SAML assertion from the SAML callback handler is in-correct for now but
>> I will change that later on once I am able to connect to the service.
>>
>> For now I am seeing some issue with the certs it looks like...
>> Can you please guide me as to how to resolve this issue?
>>
>>
>> javax.xml.ws.WebServiceException: Failed to access the WSDL at:
>> https://abc.com/path/api/TrackMe.svc?wsdl. It failed with:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target.
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:184)
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:166)
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:131)
>> at
>> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:267)
>> at
>> com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:230)
>> at
>> com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:178)
>> at
>> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:106)
>> at javax.xml.ws.Service.(Service.java:56)
>> at
>> org.tempuri.TrackAndTracePublicApi.(TrackAndTracePublicApi.java:42)
>> at com.client.TnTClientServlet.getApiVersion(TnTClientServlet.java:100)
>> at com.client.TnTClientServlet.processRequest(TnTClientServlet.java:45)
>> at com.client.TnTClientServlet.doGet(TnTClientServlet.java:71)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
>> at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>> at java.lang.Thread.run(Thread.java:662)
>> Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
>> at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
>> at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
>> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>> at
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
>> at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
>> at java.net.URL.openStream(URL.java:1010)
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:837)
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:294)
>> at
>> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:151)
>> ... 28 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path building
>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
>> to find valid certification path to requested target
>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
>> at
>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
>> at sun.security.validator.Validator.validate(Validator.java:218)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
>> at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
>> ... 43 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>> at
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
>> ... 49 more
>>
>>
>> Thank you for your help!
>> Carl.
>>
>>
>>

carl_3

Thanks Guys!

The cert is a self-signed cert and I imported the same into my JRE cacerts
(JRE_HOME/lib/security/cacerts).

This made the problem of the certificate go away.

I then saw a Hostname resolver error which I fixed by adding a
HostnameVerifier to return "true" for my particular host.

However I then saw the following issue:

Nov 5, 2012 6:12:06 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet TnTClientServ2 threw exception
java.lang.NoSuchMethodError:
javax.xml.ws.WebFault.messageName()Ljava/lang/String;
at
com.sun.xml.ws.model.RuntimeModeler.processExceptions(RuntimeModeler.java:1162)
at
com.sun.xml.ws.model.RuntimeModeler.processDocWrappedMethod(RuntimeModeler.java:898)
at
com.sun.xml.ws.model.RuntimeModeler.processMethod(RuntimeModeler.java:666)
at
com.sun.xml.ws.model.RuntimeModeler.processClass(RuntimeModeler.java:420)
at
com.sun.xml.ws.model.RuntimeModeler.buildRuntimeModel(RuntimeModeler.java:254)
at
com.sun.xml.ws.client.WSServiceDelegate.createSEIPortInfo(WSServiceDelegate.java:661)
at
com.sun.xml.ws.client.WSServiceDelegate.addSEI(WSServiceDelegate.java:649)
at
com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:343)
at
com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
at
com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:308)
at javax.xml.ws.Service.getPort(Service.java:92)
at org.tempuri.TrackMeApi.getCustomBindingITrackMe(TrackMeApi.java:56)
at com.client.TnTClientServ2.getApi(TnTClientServ2.java:172)
at com.client.TnTClientServ2.processRequest(TnTClientServ2.java:72)
at com.client.TnTClientServ2.doGet(TnTClientServ2.java:102)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)

I have read up a bit about it and it seems to be a conflict between the
METRO 2.0 API and the Java 1.6 (1.6u30 is what I am using) rt.jar libs?

Can you guys confirm this and suggest a workaround, Please?

TIA,
Carl.

Glen Mazza

If you're just hitting localhost right now, creating the key with a
"cn=localhost" should remove your need for a HostnameVerifier hardcoded
to "true" (See Step #1 of here:
http://www.jroller.com/gmazza/entry/ssl_for_web_services). Googling the
main part of your error message ("java.lang.NoSuchMethodError:
javax.xml.ws.WebFault.messageName()Ljava/lang/String; ") leads to a
solution, mainly to update your JDK endorsed folder if you're using Java
6 (http://www.jroller.com/gmazza/entry/metro_usernametoken_profile, Step
#2).

HTH,
Glen

On 11/05/2012 07:50 AM, carl_3 wrote:
> Thanks Guys!
>
> The cert is a self-signed cert and I imported the same into my JRE cacerts
> (JRE_HOME/lib/security/cacerts).
>
> This made the problem of the certificate go away.
>
> I then saw a Hostname resolver error which I fixed by adding a
> HostnameVerifier to return "true" for my particular host.
>
> However I then saw the following issue:
>
> Nov 5, 2012 6:12:06 PM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet TnTClientServ2 threw exception
> java.lang.NoSuchMethodError:
> javax.xml.ws.WebFault.messageName()Ljava/lang/String;
> at
> com.sun.xml.ws.model.RuntimeModeler.processExceptions(RuntimeModeler.java:1162)
> at
> com.sun.xml.ws.model.RuntimeModeler.processDocWrappedMethod(RuntimeModeler.java:898)
> at
> com.sun.xml.ws.model.RuntimeModeler.processMethod(RuntimeModeler.java:666)
> at
> com.sun.xml.ws.model.RuntimeModeler.processClass(RuntimeModeler.java:420)
> at
> com.sun.xml.ws.model.RuntimeModeler.buildRuntimeModel(RuntimeModeler.java:254)
> at
> com.sun.xml.ws.client.WSServiceDelegate.createSEIPortInfo(WSServiceDelegate.java:661)
> at
> com.sun.xml.ws.client.WSServiceDelegate.addSEI(WSServiceDelegate.java:649)
> at
> com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:343)
> at
> com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
> at
> com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:308)
> at javax.xml.ws.Service.getPort(Service.java:92)
> at org.tempuri.TrackMeApi.getCustomBindingITrackMe(TrackMeApi.java:56)
> at com.client.TnTClientServ2.getApi(TnTClientServ2.java:172)
> at com.client.TnTClientServ2.processRequest(TnTClientServ2.java:72)
> at com.client.TnTClientServ2.doGet(TnTClientServ2.java:102)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:662)
>
> I have read up a bit about it and it seems to be a conflict between the
> METRO 2.0 API and the Java 1.6 (1.6u30 is what I am using) rt.jar libs?
>
> Can you guys confirm this and suggest a workaround, Please?
>
> TIA,
> Carl.
>
>
>
>
>

carl_3

Thanks Glen!

After ploughing through those errors, I am frustratingly back to my original
error that I am seeing.
My SAML Call Back Handler is not being called (and I don't know from where
its supposed to get called since I don't see any config related data which
points to it like a wsit-client.xml or something)

javax.xml.ws.WebServiceException: WST0029:STS location could not be obtained
from either IssuedToken or from client configuration for accessing the
service https://dev.xyz.com/api/TrackMe.svc.
at
com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:162)
at
com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:136)
at
com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74)
at
com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeTrustPlugin(SecurityClientTube.java:652)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:271)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy133.getApi(Unknown Source)
at com.client.TnTClientServ2.getApi(TnTClientServ2.java:198)
at com.client.TnTClientServ2.processRequest(TnTClientServ2.java:76)
at com.client.TnTClientServ2.doGet(TnTClientServ2.java:106)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
Nov 6, 2012 5:05:26 PM com.sun.xml.ws.security.trust.impl.TrustPluginImpl
process
SEVERE: WST0029:STS location could not be obtained from either IssuedToken
or from client configuration for accessing the service
https://dev.xyz.com/api/TrackMe.svc.
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)

Any pointers as to what I might be missing?

TIA,
Carl.

carl_3

Hi Kumar,

Any idea when Metro will support EncryptedAssertion?

I just tried to get it to work by creating an org.w3c.dom.Element of type
EncryptedAssertion and tried to pass that to the SAMLCallbackHandler but it
refused to insert it into the Soap request.

I tried to use OpenSaml too but it was unable to unmarshall my XML input

Any thoughts on how to progress on this? Unfortunately the WCF provider does
not support non-encrypted Assertions

TIA,
Carl.

Glen Mazza

I don't know, it might be useful to debug the Metro client (
http://www.jroller.com/gmazza/entry/eclipse_debug_web_services) to see
what elements are missing. Incidentally both the STS and the web
service provider are WCF, it's only your SOAP client that's Metro, or?
I'm not sure where the debugging needs to be done if the WSP is also Metro.

Glen

On 11/06/2012 06:45 AM, carl_3 wrote:
> Thanks Glen!
>
> After ploughing through those errors, I am frustratingly back to my original
> error that I am seeing.
> My SAML Call Back Handler is not being called (and I don't know from where
> its supposed to get called since I don't see any config related data which
> points to it like a wsit-client.xml or something)
>
> javax.xml.ws.WebServiceException: WST0029:STS location could not be obtained
> from either IssuedToken or from client configuration for accessing the
> service https://dev.xyz.com/api/TrackMe.svc.
> at
> com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:162)
> at
> com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:136)
> at
> com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74)
> at
> com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
> at
> com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeTrustPlugin(SecurityClientTube.java:652)
> at
> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:271)
> at
> com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
> at com.sun.xml.ws.client.Stub.process(Stub.java:319)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
> at
> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
> at
> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
> at $Proxy133.getApi(Unknown Source)
> at com.client.TnTClientServ2.getApi(TnTClientServ2.java:198)
> at com.client.TnTClientServ2.processRequest(TnTClientServ2.java:76)
> at com.client.TnTClientServ2.doGet(TnTClientServ2.java:106)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> Nov 6, 2012 5:05:26 PM com.sun.xml.ws.security.trust.impl.TrustPluginImpl
> process
> SEVERE: WST0029:STS location could not be obtained from either IssuedToken
> or from client configuration for accessing the service
> https://dev.xyz.com/api/TrackMe.svc.
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:662)
>
> Any pointers as to what I might be missing?
>
> TIA,
> Carl.
>
>
>

carl_3

Thanks Jiandong!

I modified the WSDL to replace the following in my WSDL

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer

with the following:

(I don't know if the WCF service providers will take offense to this! )

Glen,
According to the WCF service providers, they aren't using STS but the
service is .NET and the SAML Assertion is returned via a REST service (the
response is base64 encoded)
My client is on the NetBeans API and is using the Metro 2.0 stack.

My latest error:
The WCF service is expecting an
()

and my SAMLCallBackHandler is written for handling
(com.sun.xml.wss.saml.Assertion)

My code as below:
SAMLAssertionFactory factory =
SAMLAssertionFactory.newInstance(SAMLAssertionFactory.SAML2_0);
com.sun.xml.wss.saml.Assertion assertion =
factory.createAssertion(streamReader);

I am seeing the following exception:
Nov 7, 2012 5:42:34 PM org.apache.catalina.core.StandardContext reload
INFO: Reloading Context with name [/TnTClient4-1] has started
Nov 7, 2012 5:42:38 PM [com.sun.xml.ws.policy.jaxws.PolicyConfigParser]
parse
INFO: WSP5018: Loaded WSIT configuration from file:
file:/E:/Share/TnTClient4-1/build/web/WEB-INF/classes/META-INF/wsit-client.xml.
java.lang.RuntimeException: com.sun.xml.wss.saml.SAMLException:
java.lang.ClassCastException:
com.sun.xml.wss.saml.internal.saml20.jaxb20.EncryptedElementType cannot be
cast to com.sun.xml.wss.saml.internal.saml20.jaxb20.AssertionType
at
com.tnt.samlcb.Saml20SVCallbackHandler.createSVSAMLAssertion20(Saml20SVCallbackHandler.java:158)
at
com.tnt.samlcb.Saml20SVCallbackHandler.handle(Saml20SVCallbackHandler.java:86)
at
com.sun.xml.wss.impl.misc.DefaultCallbackHandler.populateAssertion(DefaultCallbackHandler.java:723)
at
com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:666)
at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.populateSAMLPolicy(DefaultSecurityEnvironmentImpl.java:1391)
at
com.sun.xml.wss.impl.filter.ExportSamlAssertionFilter.process(ExportSamlAssertionFilter.java:117)
at
com.sun.xml.wss.impl.filter.AuthenticationTokenFilter.processSamlToken(AuthenticationTokenFilter.java:125)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:116)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at
com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at
com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy166.getApi(Unknown Source)
at com.tnt.client.TnTServlet41.getApi(TnTServlet41.java:102)
at com.tnt.client.TnTServlet41.processRequest(TnTServlet41.java:45)
at com.tnt.client.TnTServlet41.doGet(TnTServlet41.java:71)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.sun.xml.wss.saml.SAMLException: java.lang.ClassCastException:
com.sun.xml.wss.saml.internal.saml20.jaxb20.EncryptedElementType cannot be
cast to com.sun.xml.wss.saml.internal.saml20.jaxb20.AssertionType
at
com.sun.xml.wss.saml.assertion.saml20.jaxb20.Assertion.fromElement(Assertion.java:538)
at
com.sun.xml.wss.saml.impl.SAMLAssertion2_2FactoryImpl.createAssertion(SAMLAssertion2_2FactoryImpl.java:412)
at
com.tnt.samlcb.Saml20SVCallbackHandler.createSVSAMLAssertion20(Saml20SVCallbackHandler.java:154)
... 44 more
Caused by: java.lang.ClassCastException:
com.sun.xml.wss.saml.internal.saml20.jaxb20.EncryptedElementType cannot be
cast to com.sun.xml.wss.saml.internal.saml20.jaxb20.AssertionType
at
com.sun.xml.wss.saml.assertion.saml20.jaxb20.Assertion.fromElement(Assertion.java:535)
... 46 more

Any idea how to create an "" element?

Much Obliged!
Carl.