Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> E-Mail, Calendar, & Collaboration >> Sun Java System Instant Messaging

IMLaunch.jsp + SSO + SSL = server not responding.

SSO works perfectly when the IM MUX is not configured for SSL.

I can not get SSO to work with SSL enabled IM.

1. Log in to access manager

2. Navigate to https://server:443/im/IMLaunch.jsp?usessl=yes&type=plugin

3. What pops up is a Java Dialog box saying "Server not responding".

4. The java console for the browser contains the following stacktrace, before clicking OK to close the dialog:

com.sun.im.service.CertificateRejectedException: org.netbeans.lib.collab.CertificateRejectedException

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

at java.lang.reflect.Constructor.newInstance(Unknown Source)

at com.sun.im.service.util.ReflectUtil.getDelegatorObject(ReflectUtil.java:27)

at com.sun.im.service.xmpp.XMPPSessionProvider.getSession(XMPPSessionProvider.java :114)

at com.sun.im.service.CollaborationSessionFactory.getSession(CollaborationSessionF actory.java:117)

at com.iplanet.im.client.manager.Manager.login(Manager.java:1233)

at com.iplanet.im.client.swing.login.DefaultLoginDialog.login(DefaultLoginDialog.j ava:550)

at com.iplanet.im.client.swing.login.DefaultLoginDialog.connect(DefaultLoginDialog .java:540)

at com.iplanet.im.client.iIM.startLogon(iIM.java:464)

at com.iplanet.im.client.iIM.init(iIM.java:203)

at com.iplanet.im.client.iIMApplet.init(iIMApplet.java:46)

at sun.applet.AppletPanel.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: org.netbeans.lib.collab.CertificateRejectedException

at org.netbeans.lib.collab.xmpp.SecureStreamSourceCreator.createStreamSource(Secur eStreamSourceCreator.java:106)

at org.netbeans.lib.collab.xmpp.XMPPSession.connect(XMPPSession.java:742)

at org.netbeans.lib.collab.xmpp.XMPPSession._connectAndAuthenticate(XMPPSession.ja va:547)

at org.netbeans.lib.collab.xmpp.XMPPSession.<init>(XMPPSession.java:539)

at org.netbeans.lib.collab.xmpp.XMPPSecureSessionProvider.createSession(XMPPSecure SessionProvider.java:39)

at org.netbeans.lib.collab.xmpp.XMPPSessionProvider.getSession(XMPPSessionProvider .java:221)

at org.netbeans.lib.collab.xmpp.XMPPSessionProvider.getSession(XMPPSessionProvider .java:158)

at com.sun.im.service.xmpp.XMPPSessionProvider.getSession(XMPPSessionProvider.java :112)

... 9 more

5. the login window appears after clicking OK in the "Server not responding" dialog. If you log in with a password, you get a certificate warning dialog.

6. If you accept the certificate, IM works.

7. if you don't accept the certificate, the same stacktrace gets dumped to the java console again.

I've tried adding both our CA cert and the IM server cert to every certificate store I can find on the client system. I've tried both Windows and Solaris clients. I've combed through 100 of megabytes of truss output looking for every keystore that the browser and the javaws attempts to access and manually added our certificates to these stores.

Has anyone had any luck getting the client to work without any certificate warnings when using internally generated CA and server certificates?

Message was edited by:

deanmichaels

[3429 byte] By [deanmichaels] at [2007-11-26 10:01:01]
«« disconnect keywords
»» How to call PL-SQL/stored procedure in Creator
# 1

Firstly, Thanks for providing the detailed problem description.

If your multiplexor is in SSL mode & you login using this url:

https://<server>:443/im/IMLaunch.jsp?usessl=yes&type=jnlp

It will pop up a Certificate Accept/Reject Dialog , if you accept the certificate then you will be able to successfully login & if you don't accept the cert then you will have the exception you have mentioned below.

Currently there is noway you can disable the client-cert warning dialog window. Even when your login through SSO & mux is in SSL then you have to accept this certificate dialog,then only you will be able to login successfully.

I used the same steps & scenario mentioned by you, it works a charm for me after i accepted the certificate.

Kindly let me know if this helps or if you need more information.

Amit_Bakhru at 2007-7-7 1:30:50 > top of Java-index,E-Mail, Calendar, & Collaboration,Sun Java System Instant Messaging...
# 2

The problem is that the first thing that is displayed is a Java Dialog box saying "Server not responding".

If the first thing displayed was a certificate acceptance dialog box then everything would be good.

However, the stacktrace confirms that the server certificate is being rejected before any notification is given.

This is true for both the plugin and the jnlp.

Message was edited by:

deanmichaels

deanmichaels at 2007-7-7 1:30:50 > top of Java-index,E-Mail, Calendar, & Collaboration,Sun Java System Instant Messaging...
# 3

Hi,

If you have not solved this problem yet , I suspect this is because of the webstart configuration on the client machine.

It might be configured to not trust self signed/untrusted certificates.

Two ways of verifying this -

a) Use a trusted certificate at the multiplexor.

b) You could check out your javaws configuration (in windows : control panel -> java , in solaris/linux execute "javaws") to ensure that either - particularly , security and advanced -> security.

Hope this helps,

Regards,

Mridul

MridulM at 2007-7-7 1:30:50 > top of Java-index,E-Mail, Calendar, & Collaboration,Sun Java System Instant Messaging...
E-Mail, Calendar, & Collaboration
Sun Java System Instant Messaging

E-Mail, Calendar, & Collaboration New Topic

E-Mail, Calendar, & Collaboration Hot Topic

E-Mail, Calendar, & Collaboration

All Classified