Skip to main content

STS with wildcard certificates not working (Error occurred while locating PEER Entity)

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
No replies
mstenz
Offline
Joined: 2014-06-04

Hi,

iam a server administrator and a ready application was given to me for STS. This application was only tested with self signed certificates, but I need to run it with a wildcard certificate created by a public CA.

client is running in domain1 and server (STS) is running in domain2 both on the same glassfish server. The Root and Intermediate Certificate from the Public CA are in the cacerts.jks file of both domains, the wildcard certificate itself is in the keystore.jks of both domains. Also both domains are using this wildcard certificated as nickname instead of s1as.

I have configured the Service.xml file and on the server side the STS.wsdl file.

important port of service.xml:



wspp:visibility="private"
location="C:\path\to\glassfish\domains\domain2\config\keystore.jks"
type="JKS"
storepass="changeit"
keypass="changeit"
alias="wildcardcertificate" />
wspp:visibility="private"
location="C:\path\to\glassfish\domains\domain2\config\cacerts.jks"
type="JKS"
storepass="changeit"
peeralias="wildcardcertificate" />


Important part 1 of STS.wsdl:

wildcardcertificate
urn:oasis:names:tc:SAML:2.0:assertion
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey

important part 2 of STS.wsdl:
wspp:visibility="private"
alias="wildcardcertificate"
storepass="changeit"
keypass="changeit"
type="JKS"
location="C:\path\to\glassfish\domains\domain1\config\keystore.jks" />

wspp:visibility="private"
storepass="changeit"
type="JKS"
location="C:\path\to\glassfish\domains\domain1\config\cacerts.jks"
/>

Problem is now, that its not working. In the server.log of domain2 (the server) i get the following error:
[#|2014-06-04T20:58:51.377+0100|SEVERE|glassfish3.1.2|javax.enterprise.resource.xml.webservices.security|_ThreadID=159;_ThreadName=Thread-2;|WSS0217: An Error occurred using CallbackHandler handle() Method.
java.lang.RuntimeException: An Error occurred while locating PEER Entity certificate in TrustStore
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultCertificateFromTrustStore(DefaultCallbackHandler.java:1385)

I already imported the wildcard certificate directly in the oposite cacerts.jsk keystore but that also not fix the problem. Also I think as Iam using valid wildcard certificates the root and intermediate certificates certificate chain should be used to trust the certificate.

Any hints? Iam working already more than 30 hours on a solution for that but don't know what I can do more now.

thank you for your help.
Please note, iam not a java developer and have no eclipse or any other dev IDE installed, I only can adjust this 2 files and configure glassfish itself.