Hi André,
We had problems also when we changed the voms server certificate for a SHA512 certificate, here the link of ggus ticket
https://ggus.eu/?mode=ticket_info&ticket_id=104768
Best regards,
Vanessa
On May 7, 2014, at 3:20 PM, André Gemünd wrote:
> Hi list,
>
> we are having problems with one VO on our CREAM since we upgraded to EMI3 and replaced the VOMS certificate due to heartbleed. While other VOs work like before, this one produces error messages upon delegation:
>
> LSC signature validation failed: matching AA cert ... fails signature verification.
> AC signature verification failure: no valid VOMS server credential found.
>
> Other VOs work on the same CREAM. The error only appears in regard to this VO. The VOMS of this VO has also been upgraded to EMI3 and uses a SHA512 certificate, maybe that is the problem?
> I didn't change the LSC or vomses entries and the VO worked before the (certificate and server) upgrade.
> CREAM reports the following error:
>
> 07 May 2014 14:55:33,440 INFO org.glite.ce.commonj.authz.gjaf.ServiceAuthorizationChain - User CN=Andre Gemuend, OU=Fraunhofer SCAI, O=GermanGrid not authorized for {http://www.gridsite.org/namespaces/delegation-2}getProxyReq
> 07 May 2014 14:55:33,441 INFO org.glite.ce.commonj.authz.axis2.AuthorizationHandler - request for OPERATION={http://www.gridsite.org/namespaces/delegation-2}getProxyReq; REMOTE_REQUEST_ADDRESS=193.175.165.71; USER_DN=CN=Andre Gemuend,OU=Fraunhofer SCAI,O=GermanGrid; NOT AUTHORIZED
> 07 May 2014 14:55:33,441 ERROR org.apache.axis2.engine.AxisEngine - Authorization error
> org.apache.axis2.AxisFault: Authorization error
> at org.glite.ce.cream.authz.axis2.AuthorizationHandler.getAuthorizationFault(AuthorizationHandler.java:155)
> at org.glite.ce.commonj.authz.axis2.AuthorizationHandler.invoke(AuthorizationHandler.java:162)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
> at java.lang.Thread.run(Thread.java:701)
>
> Does someone have any hints on what could be going on?
>
> Thanks in advance
> Andre
>
> --
> André Gemünd
> Fraunhofer-Institute for Algorithms and Scientific Computing
> [log in to unmask]
> Tel: +49 2241 14-2193
> /C=DE/O=Fraunhofer/OU=SCAI/OU=People/CN=Andre Gemuend
Vanessa Hamar
[log in to unmask]
|