I need to call a webservice from a Java stand-alone application. The webservice requires client-auth access and it has a https:// url.
The user of the application should provide a p12 certificate and a pin code in order to gain access to the webservice.
The customer provided me an example certificate to test the webservice, but I actually have no idea how to implement it.
In the real application the certificate is stored in a smartcard (pkcs#11).
Where should I have to see to find a howto or some examples? Thanks...
Related
I've generated classes from wsdl with wsimport, wsdl location: https://somehost/wsdl. There was no problem with generation.
But when I tried to send soap request, I've received exception:
com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 403: Client certificate required
I find out, surfing the internet, that I have to add certificate in my keystore. I've done it, but this doesn't help.
And I have no idea what to do or even what to google.
Can anybody help me?(
It sounds like a mutual authentication problem.
The server is requiring that your client use a known digital certificate to sign your messages and send that information within the request. It is like a user/password mechanism, but you and the server agree to use a known key-pair for identification.
This situation usually means that the web service server administrator will generate a key-pair and send the private part of the certificate to you.
But you can send the public certificate for him as well if you created it yourself. The server must have access to the public certificate, and it maybe you will have to publish it to a Certification Authority. In some cases it has to be a commercial certificate (you will have to buy it).
You will then use the private key to digitally sign your messages.
I've found some links that may help:
Authentication Mechanisms
Java client for the X.509 secured web-service
Java HTTPS client certificate authentication
If you already did those steps, then something is wrong with your implementation or the certificate/keys provided are invalid.
I recommend you to use a mock server to make sure you are implementing the client authentication properly before you try to connect to the real service. Making it to work locally will set the knowledge you need to call the real functions. You can also ask the web service administrator to send you debug information.
I have a Java web application. And I want to implement SAML SSO login for my application.
What I am trying to do is,
Need one sample identity provider certificate
Create a separate JSP application which will sign certificate and create assertion for my app.
Upload the public key of the certificate and save in keystore.
Whenever a user tries to login, the assertion from JSP application will be created and send to my web app.
Validate the public key with the key in keystore and proceed further.
Please correct me if I am wrong in this.
Also where can I find a sample identity provider certificate? Or may be how to create one?
Also is there any sample JSP application that can create assertion and send to my application?
Thanks.
You can get free account at PingOne from Ping Identity.
After that you will be provided with certificate and meta information to use PingOne as identity provider.
Also you can try TestShib or OpenIdP.
You can use keytool command to manage certificates at your local system.
If you use JBoss AS/Wildfly then I suggest using Picketlink, you can find documentation here.
I'm trying to write a java code to authenticate the graph API by the Azure Access Control Service (ACS) using OAuth 2.0.
Based on what I've read, They are four steps to this
Generate an assertion which includes the Service Principal’s X.509 Certificate (alternatively, a symmetric key can also be used).
Present the assertion to the Azure ACS Security Token Service (STS).
ACS accepts the assertion and authenticates the Service Principal, returning a minted OAuth access token (i.e. JWT token).
Subsequent API call submissions include the access token.
Can anyone tell me, where do I begin this from? For example, where can I find the java api, how do I generate a symmetric key or an assertion with X.509 cert. I want to create an java app which will create users in the office 365 and authenticating is the initial step. Thanks for the help
I think you would need to start from here:
How to Authenticate Web Users with Windows Azure Access Control Service Using Eclipse - This example uses Windows Live ID for the identity provider, a similar technique could be used for other identity providers as applicable.
Once you have your Java based code is authenticating users successfully you can go ahead and implement further to connect with other providers.
I'm interested if Google App Engine provides a way to use a X.509 Certificate to create a HTTPS connection (the server where I have to connect provides the public certificate - to encrypt data that I send and the private key to decrypt the data received from that server).
According to this post https://groups.google.com/forum/?fromgroups#!topic/google-appengine-python/C9RSDGeIraE it's not possible but 3 years passed since this answer was posted.
SSL client certificates are not currently supported. The feature request is here.
AppEngine has the ability to work with SSL certificate on your custom domain, that means the you can assign a certificate to a domain that is running on the AppEngine.
You cannot AFAIK make a request and provide a custom certificate per request.
Documentation on AppEngine SSL.
I have a desktop application who access webservice with mutual authentication. The authentication uses System.setProperty and it works.
But I have to create physical file from my certificate and sometimes users change permissions in program's folder and also, is not safe to create physical file. I'm using an A1 certificate.
Is there way to access the webservice putting the certificate in memory or something like this?