Hi,
Il giorno 07/mag/2014, alle ore 16:06, Vanessa Hamar <[log in to unmask]> ha scritto:
> On May 7, 2014, at 3:57 PM, André Gemünd wrote:
>
>> Thanks Vanessa!
>
>
> Welcome
>>
>> So apparently there isn't even a workaround? I just requested a SHA256 certificate, hopefully that will solve the problem. Did you find this issue documented?
>
> If you change voms server certificate will solve the problem. No, we didn't find this issue documented.
the issue was just discovered, and is a problem in the underlying bouncycastle-mail library., as mentioned in this ticket:
https://ggus.eu/?mode=ticket_info&ticket_id=104768
We will add this to the list of know issues for the VOMS Java APIs ASAP.
Cheers,
A.
>
> Best regards,
>
> Vanessa
>
>>
>> Greetings
>> Andre
>>
>> ----- Ursprüngliche Mail -----
>>> Hi André,
>>>
>>> We had problems also when we changed the voms server certificate for
>>> a SHA512 certificate, here the link of ggus ticket
>>>
>>> https://ggus.eu/?mode=ticket_info&ticket_id=104768
>>>
>>> Best regards,
>>>
>>> Vanessa
>>>
>>>
>>> On May 7, 2014, at 3:20 PM, André Gemünd wrote:
>>>
>>>> Hi list,
>>>>
>>>> we are having problems with one VO on our CREAM since we upgraded
>>>> to EMI3 and replaced the VOMS certificate due to heartbleed. While
>>>> other VOs work like before, this one produces error messages upon
>>>> delegation:
>>>>
>>>> LSC signature validation failed: matching AA cert ... fails
>>>> signature verification.
>>>> AC signature verification failure: no valid VOMS server credential
>>>> found.
>>>>
>>>> Other VOs work on the same CREAM. The error only appears in regard
>>>> to this VO. The VOMS of this VO has also been upgraded to EMI3 and
>>>> uses a SHA512 certificate, maybe that is the problem?
>>>> I didn't change the LSC or vomses entries and the VO worked before
>>>> the (certificate and server) upgrade.
>>>> CREAM reports the following error:
>>>>
>>>> 07 May 2014 14:55:33,440 INFO
>>>> org.glite.ce.commonj.authz.gjaf.ServiceAuthorizationChain - User
>>>> CN=Andre Gemuend, OU=Fraunhofer SCAI, O=GermanGrid not authorized
>>>> for {http://www.gridsite.org/namespaces/delegation-2}getProxyReq
>>>> 07 May 2014 14:55:33,441 INFO
>>>> org.glite.ce.commonj.authz.axis2.AuthorizationHandler - request
>>>> for
>>>> OPERATION={http://www.gridsite.org/namespaces/delegation-2}getProxyReq;
>>>> REMOTE_REQUEST_ADDRESS=193.175.165.71; USER_DN=CN=Andre
>>>> Gemuend,OU=Fraunhofer SCAI,O=GermanGrid; NOT AUTHORIZED
>>>> 07 May 2014 14:55:33,441 ERROR org.apache.axis2.engine.AxisEngine -
>>>> Authorization error
>>>> org.apache.axis2.AxisFault: Authorization error
>>>> at
>>>> org.glite.ce.cream.authz.axis2.AuthorizationHandler.getAuthorizationFault(AuthorizationHandler.java:155)
>>>> at
>>>> org.glite.ce.commonj.authz.axis2.AuthorizationHandler.invoke(AuthorizationHandler.java:162)
>>>> at
>>>> org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
>>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
>>>> at
>>>> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
>>>> at
>>>> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
>>>> at
>>>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
>>>> at
>>>> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
>>>> at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>>>> at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>>> at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>>>> at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
>>>> at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>>> at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>>> at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>>> at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>>>> at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
>>>> at
>>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>>> at
>>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>>> at
>>>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>>> at
>>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
>>>> at java.lang.Thread.run(Thread.java:701)
>>>>
>>>> Does someone have any hints on what could be going on?
>>>>
>>>> Thanks in advance
>>>> Andre
>>>>
>>>> --
>>>> André Gemünd
>>>> Fraunhofer-Institute for Algorithms and Scientific Computing
>>>> [log in to unmask]
>>>> Tel: +49 2241 14-2193
>>>> /C=DE/O=Fraunhofer/OU=SCAI/OU=People/CN=Andre Gemuend
>>>
>>> Vanessa Hamar
>>> [log in to unmask]
>>>
>>
>> --
>> André Gemünd
>> Fraunhofer-Institute for Algorithms and Scientific Computing
>> [log in to unmask]
>> Tel: +49 2241 14-2193
>> /C=DE/O=Fraunhofer/OU=SCAI/OU=People/CN=Andre Gemuend
>
> Vanessa Hamar
> [log in to unmask]
|