Need help with troubleshooting an issue.

We have a web service deployed in RedHat Fuse ESB application server and
use Apache CXF. We do NOT want to expose this server to the internet and
hence is placed behind an Access Gateway i.e., this server type web
service is protected by NAG. We have another web service which acts like
a client proxy i.e., this web service call the previously mentioned
server type web service. The server type web service is protected using
X509 class based authentication contract.

The authentication is working fine if I access the wsdl URL of the
protected web service through browser. The authentication is failing
when protected web service call is made through client web service. The
required Java Key Store files on the client have been populated with
user certificate and trusted-root certificates. Also if I replace X509
based authentication with basic authentication it works fine.

I have used default settings while creating X509 authentication class,
method and contract.

There are no log entries in NIDP even when I set the debug level. Below
is the error reported on the client proxy web service.

================================================== ===================================
19:33:47,443 | ERROR | ault-workqueue-1 | DefaultErrorHandler
| 139 - org.apache.camel.camel-core - 2.9.0.fuse-70-097 | Failed
delivery for (MessageId: ID-L-156046805-63255-1382514054338-18-3 on
ExchangeId: ID-L-156046805-63255-1382514054338-18-2). Exhausted after
delivery attempt: 1 caught: org.apache.cxf.interceptor.Fault: Response
was of unexpected text/html ContentType. Incoming portion of HTML
stream: (none)
org.apache.cxf.interceptor.Fault: Response was of unexpected text/html
ContentType. Incoming portion of HTML stream: (none)
org.apache.cxf.interceptor.StaxInInterceptor.handl eMessage(StaxInInterceptor.java:79)[167rg.apache.cxf.bundle:2.5.0.fuse-70-097]

================================================== ===================================

Below is the conduit that we defined. Let me know if I'm missing any
configuration setting in this scenario. Also it will help a lot if you
can share any article for similar scenario i.e., client web service
calling a Novell Access Gateway protected web service URL.

<http-conf:client Connection="Keep-Alive" MaxRetransmits="1"
AllowChunking="false" />
<http-conf:tlsClientParameters secureSocketProtocol="SSL"
<sec:keyManagers keyPassword="changeit">
<sec:keyStore type="JKS" password="changeit"
resource="certs/ebonduserstore.jks" />
<sec:keyStore type="JKS" password="changeit"
resource="certs/ebondtruststore.jks" />

Thanks in Advance!!

taranjitk's Profile: https://forums.netiq.com/member.php?userid=1492
View this thread: https://forums.netiq.com/showthread.php?t=49079