SSLPeerUnverifiedException: peer not authenticated ending 5015 ERROR_UNKNOWN
293 views
Skip to first unread message
pavel....@gmail.com
Apr 16, 2015, 12:26:02 PM4/16/15
to pwm-g...@googlegroups.com
Hello,
I am currently trying to connect our AD FS 3.0 with PWM (PWM b0 r758). It's using a reverse proxy, but for the AD FS requirement, i have to use HTTPS. I configured the SSL in tomcat, I think that's fine. However, I get the following message with OAuth enabled:
message={"errorMessage":"5015 ERROR_UNKNOWN (unexpected error processing request: peer not authenticated\njavax.net.ssl.SSLPeerUnverifiedException: peer not authenticated\r\n\tat sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)\r\n\tat org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)\r\n\tat org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)\r\n\tat org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)\r\n\tat org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)\r\n\tat org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)\r\n\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.makeHttpRequest(OAuthConsumerServlet.java:359)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.makeOAuthResolveRequest(OAuthConsumerServlet.java:206)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.processAction(OAuthConsumerServlet.java:119)\r\n\tat password.pwm.http.servlet.PwmServlet.handleRequest(PwmServlet.java:114)\r\n\tat password.pwm.http.servlet.PwmServlet.doGet(PwmServlet.java:61)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:620)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:727)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:100)\r\n\tat password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:69)\r\n\tat password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:62)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:82)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)\r\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\r\n\tat org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)\r\n\tat org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)\r\n\tat org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)\r\n\tat org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\r\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\r\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\r\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\r\n\tat java.lang.Thread.run(Thread.java:745)\r\n)","topic":"password.pwm.http.servlet.PwmServlet","level":"FATAL","source":"","actor":""}
timestamp=2015-04-16T16:08:35Z
guid=56fdd39d-e0dd-423d-a1a0-2ab3c35e93c4
eventCode=FATAL_EVENT
type=SYSTEM
instance=pwmDEVELOPMENT
Is anybody faced issue with this? Or, maybe show the proper "direction"?
Thanks a lot!
Andras
I am currently trying to connect our AD FS 3.0 with PWM (PWM b0 r758). It's using a reverse proxy, but for the AD FS requirement, i have to use HTTPS. I configured the SSL in tomcat, I think that's fine. However, I get the following message with OAuth enabled:
message={"errorMessage":"5015 ERROR_UNKNOWN (unexpected error processing request: peer not authenticated\njavax.net.ssl.SSLPeerUnverifiedException: peer not authenticated\r\n\tat sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)\r\n\tat org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)\r\n\tat org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)\r\n\tat org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)\r\n\tat org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)\r\n\tat org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)\r\n\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)\r\n\tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.makeHttpRequest(OAuthConsumerServlet.java:359)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.makeOAuthResolveRequest(OAuthConsumerServlet.java:206)\r\n\tat password.pwm.http.servlet.OAuthConsumerServlet.processAction(OAuthConsumerServlet.java:119)\r\n\tat password.pwm.http.servlet.PwmServlet.handleRequest(PwmServlet.java:114)\r\n\tat password.pwm.http.servlet.PwmServlet.doGet(PwmServlet.java:61)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:620)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:727)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:100)\r\n\tat password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:69)\r\n\tat password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:62)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:82)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)\r\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\r\n\tat org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)\r\n\tat org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)\r\n\tat org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)\r\n\tat org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\r\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\r\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\r\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\r\n\tat java.lang.Thread.run(Thread.java:745)\r\n)","topic":"password.pwm.http.servlet.PwmServlet","level":"FATAL","source":"","actor":""}
timestamp=2015-04-16T16:08:35Z
guid=56fdd39d-e0dd-423d-a1a0-2ab3c35e93c4
eventCode=FATAL_EVENT
type=SYSTEM
instance=pwmDEVELOPMENT
Is anybody faced issue with this? Or, maybe show the proper "direction"?
Thanks a lot!
Andras
Jason Rivard
Apr 18, 2015, 5:47:55 PM4/18/15
to pwm-g...@googlegroups.com, pavel....@gmail.com
You need to import the OAuth server's certificate into PWM's java keystore.
pavel....@gmail.com
Apr 20, 2015, 3:36:26 PM4/20/15
to pwm-g...@googlegroups.com, pavel....@gmail.com
Thank you for your answer. Today I had time to play with it, but I get the same error after importing the ADFS cert. (The cert chain is also added.)
Maybe, do you any other suggestion?
Thanks a lot!
Andras
Jason Rivard
Apr 29, 2015, 12:03:07 PM4/29/15
to pwm-g...@googlegroups.com, pavel....@gmail.com
You will need to implement the HTTPS certificate of the OAuth webservice, which is probably different then your ADFS cert.
Reply all
Reply to author
Forward
0 new messages