Hello,

I am setting up a SOAP 4.0.0.3 driver to call a webservice over HTTPS. I
am running IdM 4.5.0.1.

I have it working in SOAPUI, pointing to the .p12 file directly under
WS-Security -> keystores and providing the password for the
certificate.

Now, from the driver, I would like to call the webservice and have it
return information, and as far as I understand, I will be using the
publisher channel for this. But it looks like the configuration of the
connection is under the Subscriber options.

Setup:

The driver runs on the IDV with no remote loader. Meaning the driver
talks directly with the webservice over HTTPS.

In the driver configuration I have the following:

Subscriber options:

URL of the SOAP server or Web Service: http://tinyurl.com/of7p5q8

Authentication ID: Blank since no user/password is used
Authentication password: Blank since no user/password is used
Truststore file: /opt/novell/certs/keystore.keystore

The rest I have not provided.

Now I find it a bit weird that I should not provide a password for the
keystore anywhere?

I created the keystore like this:


Code:
--------------------

/root/idm/jre/bin/keytool -genkey -alias keystore -keystore keystore.keystore
/root/idm/jre/bin/keytool -v -importkeystore -srckeystore cert.p12 -srcstoretype PKCS12 -destkeystore keystore.keystore -deststoretype JKS

--------------------


I have the same password for the keystore as the certificate itself.

And when starting the driver I see it capturing my heartbeat which I
listent for on the publisher channel which tells my driver to send the
SOAP request, which it does:


Code:
--------------------

<nds dtdversion="4.0" ndsversion="8.x">
<input>
<soapenv:Envelope event-id="0" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="
urnio:medarbejder:1.0.0" xmlns:urn1="urnio:sagdok:3.0.0" xmlns:uuid="http://www.novell.com/nxsl/java
/java.util.UUID">
<soapenv:Header/>
<soapenv:Body>
<urn:ListInput>
<urn1:AfsenderRef>
<urn1:UUIDIdentifikator/>
<urn1:URNIdentifikator/>
</urn1:AfsenderRef>
<urn1:ModtagerRef>
<urn1:UUIDIdentifikator/>
<urn1:URNIdentifikator>urnio:kmd:lpe:modtager:480</urn1:URNIdentifikator>
</urn1:ModtagerRef>
<urn1:MedarbejderRef>
<urn1:UUIDIdentifikator/>
<urn1:URNIdentifikator>urnio:kmd:lpe:medarbejder:9325</urn1:URNIdentifikator>
</urn1:MedarbejderRef>
<urn1:VirkningFraFilter>
</urn:ListInput>
</soapenv:Body>
</soapenv:Envelope>
</input>
</nds>

--------------------


And then just underneath that:


Code:
--------------------

[05/04/15 18:16:43.066]:soapOPUS01 PT: soapOPUS01: Value of boolean flag 'remove-existing' is : false
[05/04/15 18:16:43.067]:soapOPUS01 PT: soapOPUS01: HTTPSubscriberTransport.send()
[05/04/15 18:16:43.067]:soapOPUS01 PT: soapOPUS01: Preparing HTTP POST connection to https://customer.dk/XISOAPAdapter/Me...:stuffgoeshere
[05/04/15 18:16:43.068]:soapOPUS01 PT: soapOPUS01: Setting up SSL connection..........
[05/04/15 18:16:43.070]:soapOPUS01 PT: soapOPUS01: Setting the following HTTP request properties:
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: Authorization: <credentials suppressed>
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: SOAPAction: #batchRequest
[05/04/15 18:16:43.071]:soapOPUS01 PT: soapOPUS01: Content-Type: text/xml; charset=utf-8
[05/04/15 18:16:43.095]:soapOPUS01 PT: soapOPUS01: IOExecption : sun.security.validator.ValidatorExcept
ion: No trusted certificate found
[05/04/15 18:16:43.096]:soapOPUS01 PT: soapOPUS01: Restored operation-data
[05/04/15 18:16:43.097]:soapOPUS01 PT:
<nds dtdversion="2.0">
<source>
<product build="20141121_0927" instance="soapOPUS01" version="4.0.0.3">Identity Manager Driver for S
OAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error" type="app-general" value1="IOException">
<description>sun.security.validator.ValidatorExcep tion: No trusted certificate found</description>
</status>
</output>
</nds>
[05/04/15 18:16:43.099]:soapOPUS01 PT: soapOPUS01: Response Doc #document,null,null

--------------------


So it seems like there is something wrong with my setup.

My thoughts:

1. I somehow created the keystore incorrectly.
2. I am not setting up the driver correctly.
3. The publisher settings might be needed somehow?

I have tried many different things, but I thought this would work, since
we have a 3.5.7 driver set up like this where it works. But maybe
something changed in the 4.0.0.3 version.

Any suggestions?

Thanks in advance,

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=53427