YadisException: 0x704: I/O transport error: peer not authenticated

SureshAtt

unread,

Apr 26, 2012, 10:57:21 AM4/26/12

to OpenID4Java

Hi all,

I have an OpenID client webapp which works fine with an OpenID
Provider server over SSL, but my app throws the $subject exception
when I try to use Google OpenID. I have successfully installed the
public key certificate of Google but still I get this error. I did
some Google search and I found this issue has been there in many cases
but I could not find a proper solution. Please help me with this,

My environment :
OpenID4Java 0.9.6
Oracle Java 1.6.0_26 (64-bit)
Ubuntu 11.10

Apr 26, 2012 7:54:43 PM org.openid4java.server.RealmVerifier
setEnforceRpId
WARNING: RP discovery / realm validation disabled;
Apr 26, 2012 7:54:43 PM org.openid4java.discovery.Discovery discover
INFO: Starting discovery on URL identifier: https://profiles.google.com/suresh.attanayake
org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport
error: peer not authenticated
at
org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:
478)
at
org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:
248)
at
org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:
232)
at
org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:
166)
at org.openid4java.discovery.Discovery.discover(Discovery.java:147)
at org.openid4java.discovery.Discovery.discover(Discovery.java:129)
at
org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:
542)
at
org.wso2.carbon.identity.openid.openidclient.OpenIDRelyingPartyServlet.doPost(OpenIDRelyingPartyServlet.java:
148)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
859)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:
489)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:
352)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
128)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
339)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
123)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
147)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
101)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
381)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
641)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
576)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
554)
at org.openid4java.util.HttpCache.head(HttpCache.java:335)
at
org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:
400)
... 21 more

Thanks & Regards,
-Suresh

Nick Duan

unread,

Apr 28, 2012, 9:20:53 PM4/28/12

to openi...@googlegroups.com

This looks like a SSL error, not really an openid4java problem. What JavaEE container are you using? Have you configured SSL properly?

ND

--
You received this message because you are subscribed to the Google Groups "OpenID4Java" group.
To post to this group, send email to openi...@googlegroups.com.
To unsubscribe from this group, send email to openid4java...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openid4java?hl=en.

Suresh Attanayake

unread,

Apr 17, 2013, 1:35:36 PM4/17/13

to openi...@googlegroups.com

Hi,

I installed the certificate in the keystore I used in my application.

Thanks,

-Suresh

On Wed, Apr 17, 2013 at 1:25 PM, Acojako Chces <acojak...@gmail.com> wrote:

How did you installed Google certificate and where? I'm confused, is it necessary to install certificates for openid4java?

--

You received this message because you are subscribed to the Google Groups "OpenID4Java" group.

To unsubscribe from this group and stop receiving emails from it, send an email to openid4java...@googlegroups.com.

To post to this group, send email to openi...@googlegroups.com.

Visit this group at http://groups.google.com/group/openid4java?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
Suresh Attanayake

Blog : http://sureshatt.blogspot.com/

Web : http://www.ssoarcade.com/
LinkedIn : http://www.linkedin.com/pub/suresh-attanayake/16/165/181
Twitter : http://twitter.com/sureshatt

Facebook : https://www.facebook.com/IdentityWorld

ShengChe Hsiao

unread,

Apr 17, 2013, 6:42:49 PM4/17/13

to openi...@googlegroups.com

Dear

Try google discovery url https://www.google.com/accounts/o8/id instead your personal identifier

ShengChe Hsiao

請多使用免費壓縮軟體7-ZIP
http://www.7-zip.org/zh-tw/
http://toget.pchome.com.tw/intro/utility_file/utility_file_compression/17306.html

Shengche Hsiao

unread,

Apr 17, 2013, 10:25:33 PM4/17/13

to openi...@googlegroups.com

Do you export certificate chain?

-- 

----------------------------------------------------------------------->
We do this not because it is easy. We do this because it is hard.
----------------------------------------------------------------------->
ShengChe Hsiao
----------------------------------------------------------------------->
fron...@gmail.com
fron...@tc.edu.tw
----------------------------------------------------------------------->

rajendra

unread,

Apr 18, 2013, 4:42:33 AM4/18/13

to openi...@googlegroups.com

HI Suresh,

I also got same kind of error in OpenID authentication in some other scenario.

I solved this by changing java security providers configuration order in <JRE>\lib\security\java.security file.

Make sure that java security provider is "sun.security.provider.Sun".

Hope this helps in solving this problem.

Rajendra.

Reply all

Reply to author

Forward