Difference between revisions of "Common Security Troubleshooting"
(→Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error) |
Andreaturli (Talk | contribs) (→Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/your_ip_number" target but received "/O=Grid/CN=host/your_hostname")) |
||
Line 26: | Line 26: | ||
==Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/your_ip_number" target but received "/O=Grid/CN=host/your_hostname")== | ==Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/your_ip_number" target but received "/O=Grid/CN=host/your_hostname")== | ||
It is thrown when the hostname cannot be resolved asking the reverse DNS server. Usually this problem disappear as soon as the reverse DNS is updated. | It is thrown when the hostname cannot be resolved asking the reverse DNS server. Usually this problem disappear as soon as the reverse DNS is updated. | ||
+ | |||
+ | |||
+ | ==Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/hostname" target but received "/O=Grid/CN=your_personal_certificate")== | ||
+ | It could be thrown for a misconfiguration of the host certificates. | ||
+ | Please doublecheck [http://ddwiki.di.uoa.gr/mediawiki/index.php/How_To_Configure_DHN_Security#Install_host_credentials Install host credentials]. | ||
==Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error== | ==Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error== |
Revision as of 11:36, 25 October 2007
This page contains exceptions that commonly occurs in security configurations for DILIGENT services. Exception should be clearly reported in sections using keywords as the Axis fault obtained, the error code returned by commands and so on (see already existing exceptions). For any exception a list of reasons can be reported as separate subsections. For each reason a solution should be also provided (if already discovered). To properly configure security for DILIGENT services please follows the How To Enable Security page.
Contents
- 1 GSI Secure Conversation authentication required for "{http://www...." operation
- 2 GSISecureConveration not set in service stubs
- 3 org.globus.wsrf.security.SecurityException: [SEC]Operation name could not be determined
- 4 voms-proxy-init error stream:Error: VERR_NOSOCKET
- 5 Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/your_ip_number" target but received "/O=Grid/CN=host/your_hostname")
- 6 Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/hostname" target but received "/O=Grid/CN=your_personal_certificate")
- 7 Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error
GSI Secure Conversation authentication required for "{http://www...." operation
This exception tells the clients that the GSISecureConversation mechanism is required to acces the service client-config.wsdd must be correctly placed in your Apache Tomcat container. If you want to force axis to pick up your client-config.wsdd, you will have to place the client-config.wsdd in the tomcat-home/common/classes directory.
GSISecureConveration not set in service stubs
To access the service operation the GSISecureconversation must be set on client, please be sure to follows this documentation to set it correctly.
org.globus.wsrf.security.SecurityException: [SEC]Operation name could not be determined
This exception is thrown when operations in the WSDL interface does not match with methods in the service implementation class.
voms-proxy-init error stream:Error: VERR_NOSOCKET
Exception related to authentication of clients to the VOMS server (ie. grids13.eng.it in this case) Contacting grids13.eng.it:15001 [/C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids13.eng.it] "diligent" Failed. Failed to contact servers for diligent.
Please doublecheck these settings:
- The clock on your computer could be not in sync with VOMS server. Use with ntp server Configure DHN security
- The CRLs has to be updated using /usr/sbin/fetch-crl -o /etc/grid-security/certificates
- Some CA certificates in /etc/grid-security/certificates could be expired, please update them.
- Your firewall or VOMS Server firewall blocks the client
Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/your_ip_number" target but received "/O=Grid/CN=host/your_hostname")
It is thrown when the hostname cannot be resolved asking the reverse DNS server. Usually this problem disappear as soon as the reverse DNS is updated.
Operation unauthorized (Mechanism level: Authorization failed. Expected "/CN=host/hostname" target but received "/O=Grid/CN=your_personal_certificate")
It could be thrown for a misconfiguration of the host certificates. Please doublecheck Install host credentials.
Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error
This Excption is thrown when certificate and private key used to perform a secure communication do not match.